VIRY.CZ

Ahoj, v úterý se mi stala taková nemilá věc. Přes Skype mi přišel virus. Bohužel jsem ho spustil a skype začal zprávy odesílat dál. Zbytek toho všeho, co následovalo, jsem bodově rozepsal níže.

ÚTERÝ

1)Spuštění viru
2)Odebrání viru z nastavení Skypu (několikrát - vždycky se vrátil).
3)Aktualizace Skypu.
4)Pomocí programu Avira jsem oskenoval složku AppData - žádný nález.
5)Restartoval jsem počítač a obnovil systém z data 15.5.
6)Oskenoval jsem AppData pomocí Malwarebytes.

Skype poté už nic neodesílal

STŘEDA

1)Oskenování celého disku pomocí Malwarebytes.
2)Odstranění všech nálezů.
3)Restart počítače.
Po restartu se zobrazilo jen logo Windows a černá obrazovka s nepohyblivou myší. Mohl jsem se ale dostat do nouzového režimu, kde jsem v Malwarebytes odstranil obsah karantény, odpojil internet a oskenoval celý počítač pomocí prog. Spyhunter. Bohužel, jak jsem zjistil Spyhunter byla moje chyba a potom, co jsem zjistil, že free verze nic neodstraní a že stejně nenašel nic kloudného, jsem opět restartoval PC. Přes černotu jsem se dostal, ale trvalo to dlouho, během té doby jsem viděl jen načítání Ad-Awaru.

ČTVRTEK

1)Zapnu PC a vidím jen černou obrazovku a načítání Ad-Awaru.
2)Přes Správce úloh jsem vypnul a znovu zapnul explorer.exe
3)Podle návodu Microsoftu jsem se podíval do registru, ale ten byl v pořádku.
4)Píšu sem.

Chtěl bych teď mít prostě jistotu, že už tam ta havěť není, proto vás prosím o kontrolu.

Přikládám log RSIT z posledního měsíce:

Logfile of random's system information tool 1.09 (written by random/random)
Run by oem at 2013-05-23 15:05:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 683 GB (72%) free of 954 GB
Total RAM: 4078 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:24, on 23.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\oem.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.7.5:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10116 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe"
"C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE"
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~2\AD-AWA~1\AdAware.exe --run-from-service
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-85daf096-ecf0-4df1-880e-5ee705101913 -SystemEventPortName:HostProcess-8bfa7f53-7d56-47b5-ad0a-2cc3fb4744d4 -IoCancelEventPortName:HostProcess-a697d4ca-167f-4ab2-b926-d56b9935e096 -NonStateChangingEventPortName:HostProcess-ab704d8b-d293-47e2-9168-5b9b0dced478 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:659395a9-f84a-427f-a9aa-1fba61a8b9e7 -DeviceGroupId:WpdFsGroup
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4764.0.797853907\1331263500" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x1245 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/18/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="4764.2.1288944298\1496422334" /prefetch:673131151
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4764.4.1879842018\1998066811" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/18/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="4764.6.609172091\1820848565" /prefetch:673131151
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/18/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="4764.7.1102644599\1107010517" /prefetch:673131151
"C:\Users\oem\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/18/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_80/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="4764.8.1670166423\1493239285" /prefetch:673131151
taskeng.exe {68B01C2C-B10A-41B4-83C1-242B76BF86E5}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\oem\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001UA.job
C:\Windows\tasks\ROC_REG_JAN_DELETE.job

=========Mozilla firefox=========

ProfilePath - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://securesearch.lavasoft.com/?sourc ... 5120AFDA7D"
prefs.js - "keyword.URL" - "http://dts.search-results.com/sr?src=ff ... 10&sr=0&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.168 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
adawaretb.xml
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
Search_Results.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\extensions\
jid1-yZwVFzbsyfMrqQ@jetpack
{87934c42-161d-45bc-8cef-ef18abe2a30c}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\searchplugins\
firmycz.xml
mapycz.xml
Search_Results.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 68976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
DataMngr - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL [2012-06-06 103864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-03-19 6305912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-06 75656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
Ad-Aware Security Add-on - C:\Program Files (x86)\adawaretb\adawareDx.dll [2013-02-11 87464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-15 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [2012-02-27 88976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-15 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{6c97a91e-4524-4019-86af-2aa2d567bf5c} - Ad-Aware Security Add-on - C:\Program Files (x86)\adawaretb\adawareDx.dll [2013-02-11 87464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2013-02-12 2777736]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2013-04-03 3684488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [2013-01-31 542632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16 499608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-05-17 395144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-01 379552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-01 615584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [2012-06-06 1823160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2011-06-24 5199984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyP]
C:\Users\oem\Downloads\hotkeyp\HotkeyP.exe 0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-10-21 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-10-21 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-10-21 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_ROC_JULY_P1]
C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtection]
C:\ProgramData\Search Protection\_run.bat [2013-02-17 168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-05-04 1635752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files (x86)\AVG Secure Search\vprot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2002-09-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
"Ad-Aware Antivirus"=C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-10-21 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"midi6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-05-23 14:57:35 ----D---- C:\Program Files\trend micro
2013-05-23 14:57:34 ----D---- C:\rsit
2013-05-22 16:40:10 ----A---- C:\autoexec.bat
2013-05-22 16:08:14 ----D---- C:\Program Files\Enigma Software Group
2013-05-22 16:07:24 ----D---- C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-21 22:18:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-05-21 22:18:52 ----A---- C:\Windows\system32\mshtml.dll
2013-05-21 22:18:06 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-05-21 22:18:06 ----A---- C:\Windows\system32\mshtmled.dll
2013-05-21 22:18:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-05-21 22:18:05 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-05-21 22:18:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-05-21 22:18:05 ----A---- C:\Windows\system32\iertutil.dll
2013-05-21 22:18:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-05-21 22:18:04 ----A---- C:\Windows\SYSWOW64\url.dll
2013-05-21 22:18:04 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-05-21 22:18:04 ----A---- C:\Windows\system32\urlmon.dll
2013-05-21 22:18:04 ----A---- C:\Windows\system32\url.dll
2013-05-21 22:18:04 ----A---- C:\Windows\system32\jscript9.dll
2013-05-21 22:18:04 ----A---- C:\Windows\system32\ieUnatt.exe
2013-05-21 22:18:04 ----A---- C:\Windows\system32\ieui.dll
2013-05-21 22:18:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-05-21 22:18:03 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-05-21 22:18:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-05-21 22:18:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-05-21 22:18:03 ----A---- C:\Windows\system32\wininet.dll
2013-05-21 22:18:03 ----A---- C:\Windows\system32\vbscript.dll
2013-05-21 22:18:03 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-21 22:18:03 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-21 22:18:03 ----A---- C:\Windows\system32\jscript.dll
2013-05-21 22:18:02 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-05-21 22:18:01 ----A---- C:\Windows\system32\ieframe.dll
2013-05-21 22:18:00 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-05-21 21:51:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-05-21 21:51:33 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-21 21:51:33 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-21 21:51:33 ----A---- C:\Windows\system32\cdd.dll
2013-05-21 21:51:13 ----A---- C:\Windows\system32\shell32.dll
2013-05-21 21:51:09 ----A---- C:\Windows\system32\authui.dll
2013-05-21 21:51:08 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-05-21 21:51:08 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-05-21 21:51:08 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-21 21:51:08 ----A---- C:\Windows\system32\consent.exe
2013-05-21 21:51:07 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-21 21:51:07 ----A---- C:\Windows\system32\appinfo.dll
2013-05-21 21:50:16 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-21 21:50:16 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-21 21:49:02 ----A---- C:\Windows\system32\win32k.sys
2013-05-21 21:22:06 ----D---- C:\Users\oem\AppData\Roaming\Malwarebytes
2013-05-21 21:21:54 ----D---- C:\ProgramData\Malwarebytes
2013-05-21 21:21:53 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 21:10:20 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-05-21 21:09:49 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-21 20:38:07 ----D---- C:\Program Files (x86)\ESET
2013-05-21 20:23:56 ----D---- C:\Users\oem\AppData\Roaming\Avira
2013-05-21 20:20:48 ----D---- C:\ProgramData\Avira
2013-05-21 20:20:48 ----D---- C:\Program Files (x86)\Avira
2013-05-15 16:09:18 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-05-15 16:09:14 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-05-15 16:09:14 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-05-15 16:09:14 ----A---- C:\Windows\SYSWOW64\java.exe
2013-05-15 16:07:37 ----D---- C:\ProgramData\tmp
2013-05-15 16:07:37 ----D---- C:\ProgramData\hps
2013-05-15 15:54:53 ----D---- C:\Program Files (x86)\Fotolab
2013-05-14 18:39:20 ----D---- C:\Program Files (x86)\AMD
2013-05-14 18:39:13 ----D---- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2013-05-14 18:38:56 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-05-14 18:38:56 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-05-14 18:38:54 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-05-09 17:51:36 ----D---- C:\Users\oem\AppData\Roaming\.ftb
2013-05-09 17:51:13 ----D---- C:\Users\oem\AppData\Roaming\ftblauncher
2013-05-05 20:49:38 ----D---- C:\Users\oem\AppData\Roaming\3909 LLC
2013-04-24 14:41:00 ----A---- C:\Windows\system32\drivers\ntfs.sys

======List of files/folders modified in the last 1 month======

2013-05-23 15:03:44 ----D---- C:\Windows\Temp
2013-05-23 14:57:35 ----RD---- C:\Program Files
2013-05-23 14:49:11 ----D---- C:\Windows\system32\config
2013-05-23 14:45:21 ----D---- C:\Windows\inf
2013-05-23 14:42:46 ----D---- C:\ProgramData\Spyware Terminator
2013-05-23 14:38:14 ----D---- C:\Windows
2013-05-22 20:40:06 ----D---- C:\Windows\SysWOW64
2013-05-22 20:38:36 ----D---- C:\Windows\system32\drivers
2013-05-22 20:30:28 ----D---- C:\Users\oem\AppData\Roaming\Skype
2013-05-22 20:27:36 ----D---- C:\Windows\System32
2013-05-22 20:16:03 ----D---- C:\Users\oem\AppData\Roaming\vlc
2013-05-22 20:16:01 ----D---- C:\Windows\Microsoft.NET
2013-05-22 20:15:05 ----RSD---- C:\Windows\assembly
2013-05-22 19:54:38 ----D---- C:\ENgateman
2013-05-22 18:59:27 ----SHD---- C:\Windows\Installer
2013-05-22 18:59:18 ----SHD---- C:\Config.Msi
2013-05-22 18:57:41 ----SHD---- C:\System Volume Information
2013-05-22 18:56:00 ----D---- C:\ProgramData
2013-05-22 18:55:57 ----D---- C:\Program Files\MAXON
2013-05-22 18:52:35 ----D---- C:\Program Files (x86)\Steam
2013-05-22 18:52:34 ----D---- C:\ProgramData\VSO
2013-05-22 18:52:04 ----D---- C:\Windows\Logs
2013-05-22 18:52:04 ----D---- C:\Windows\debug
2013-05-22 18:49:11 ----D---- C:\Program Files\CCleaner
2013-05-22 16:06:04 ----D---- C:\Windows\system32\catroot2
2013-05-22 14:23:08 ----D---- C:\Windows\winsxs
2013-05-22 14:21:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-05-22 14:21:10 ----D---- C:\Windows\system32\cs-CZ
2013-05-22 14:21:10 ----D---- C:\Windows\AppPatch
2013-05-22 14:21:09 ----D---- C:\Program Files (x86)\Internet Explorer
2013-05-22 14:21:07 ----D---- C:\Windows\SYSWOW64\migration
2013-05-22 14:21:07 ----D---- C:\Windows\system32\migration
2013-05-22 14:21:06 ----D---- C:\Program Files\Internet Explorer
2013-05-21 22:36:30 ----D---- C:\Windows\Tasks
2013-05-21 22:36:30 ----D---- C:\Windows\system32\wfp
2013-05-21 22:36:30 ----D---- C:\Windows\system32\DriverStore
2013-05-21 22:36:29 ----D---- C:\Windows\system32\wbem
2013-05-21 22:36:29 ----D---- C:\Windows\system32\CodeIntegrity
2013-05-21 22:36:27 ----D---- C:\Users\oem\AppData\Roaming\PSpad
2013-05-21 22:36:27 ----D---- C:\Users\oem\AppData\Roaming\dvdcss
2013-05-21 22:36:27 ----D---- C:\Users\oem\AppData\Roaming\.minecraft
2013-05-21 22:36:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-05-21 22:36:27 ----D---- C:\Program Files (x86)\Ad-Aware Antivirus
2013-05-21 22:36:10 ----D---- C:\Windows\registration
2013-05-21 22:35:29 ----D---- C:\ProgramData\Microsoft
2013-05-21 22:35:22 ----RD---- C:\Program Files (x86)
2013-05-21 22:35:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-05-21 22:19:15 ----A---- C:\Windows\system32\MRT.exe
2013-05-21 22:19:01 ----D---- C:\Windows\system32\catroot
2013-05-21 22:09:21 ----D---- C:\ProgramData\Skype
2013-05-21 22:09:19 ----RD---- C:\Program Files (x86)\Skype
2013-05-21 22:09:19 ----D---- C:\Program Files (x86)\Common Files
2013-05-16 15:21:53 ----D---- C:\Users\oem\AppData\Roaming\.technicraft
2013-05-15 20:42:30 ----D---- C:\Users\oem\AppData\Roaming\SoftGrid Client
2013-05-15 20:03:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-15 16:08:58 ----A---- C:\Windows\SYSWOW64\npdeployJava1.dll
2013-05-15 16:08:58 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-05-14 19:38:29 ----D---- C:\Windows\Prefetch
2013-05-13 21:02:37 ----D---- C:\Users\oem\AppData\Roaming\Audacity
2013-05-11 18:11:08 ----D---- C:\Program Files (x86)\JDownloader
2013-04-29 20:01:09 ----D---- C:\minecraft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gfibto;gfibto; C:\Windows\system32\drivers\gfibto.sys [2013-04-18 14456]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-21 283200]
R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2013-03-06 51496]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\l1c51x64.sys [2010-10-21 72816]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2011-06-14 2159728]
S3 ALSysIO;ALSysIO; \??\C:\Users\oem\AppData\Local\Temp\ALSysIO64.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-01 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 DIRECTIO;DIRECTIO; \??\C:\Program Files (x86)\BurnInTest\DirectIo.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 esgiguard;esgiguard; \??\C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\esgiguard.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 61808]
S3 gfiark;gfiark; C:\Windows\system32\drivers\gfiark.sys [2013-04-11 39504]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-10-21 12310112]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 X6va005;X6va005; \??\C:\Users\oem\AppData\Local\Temp\0056BA1.tmp []
S3 X6va007;X6va007; \??\C:\Users\oem\AppData\Local\Temp\007429F.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
R2 AtherosSvc;AtherosSvc; C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE [2011-03-01 76448]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 SBAMSvc;Ad-Aware; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2013-02-12 1149104]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-23 115608]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-05-04 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 251248]
S4 Apache2.4;Apache2.4; C:\xampp\apache\bin\httpd.exe [2012-08-18 22016]
S4 FileZillaServer;FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [2012-05-11 632320]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 mysql;mysql; C:\xampp\mysql\bin\mysqld.exe [2012-07-20 8186368]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2011-06-14 27760]

-----------------EOF-----------------

Zdravim

Tam toho je

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Měl bych dotaz. Mám je sem vložit jako text nebo jako soubory?

EDIT:// Aha .txt jsou zakázány. To jsem bohužel nevěděl.

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by oem on źt 23.05.2013 at 15:49:26,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchqumediabartb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylontoolbarsrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\search protection"
Successfully deleted: [Folder] "C:\Users\oem\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\oem\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\oem\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchqu toolbar"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\user.js
Successfully deleted: [File] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\searchplugins\search_results.xml
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Failed to delete: [Folder] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Successfully deleted: [Folder] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted: [Folder] C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted the following from C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "SecureSearch");
user_pref("browser.startup.homepage", "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=8404438A9D1B836B0FC7A15120AFDA7D");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109989");
user_pref("extensions.BabylonToolbar_i.hardId", "084b861e0000000000008c89a56ad3b9");
user_pref("extensions.BabylonToolbar_i.id", "084b861e0000000000008c89a56ad3b9");
user_pref("extensions.BabylonToolbar_i.instlDay", "15410");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109989&babsrc=NT_ss&mntrId=084b861e0000000000008c89a56ad3b9");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:08:03");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.foxcub.config.encodedConfig", "{\"core\":{\"configUrl\":\"hxxp://download.seznam.cz/software/conf/\",\"updateUrl\":\"hxxp://download.seznam.cz/software/c
user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
Emptied folder: C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\2g67xkmm.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 23.05.2013 at 15:53:42,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RKreport[1]_S_05232013_02d1557.txt

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : oem [Práva správce]
Mód : Kontrola -- Datum : 05/23/2013 15:57:04
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> NALEZENO
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> NALEZENO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.7.5:3128) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 9c5ee33a4d79b1b4087257bcc8e57435
[BSP] 07d02a30a94b488e1f14148d4a410a34 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_05232013_02d1557.txt >>
RKreport[1]_S_05232013_02d1557.txt


AdwCleaner[R1].txt

# AdwCleaner v2.301 - Log vytvooen 23/05/2013 v 15:59:34
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : oem - OEM-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\oem\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Ask.com
Složka Nalezeno : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Složka Nalezeno : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\adawaretb
Složka Nalezeno : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Složka Nalezeno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Nalezeno : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Nalezeno : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Klíe Nalezeno : HKCU\Software\APN
Klíe Nalezeno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\Ask.com
Klíe Nalezeno : HKCU\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\InstallCore
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\Software\adawaretb
Klíe Nalezeno : HKLM\Software\APN
Klíe Nalezeno : HKLM\Software\AskToolbar
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v18.0.1 (cs)

Soubor : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v27.0.1453.93

Soubor : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [11820 octets] - [23/05/2013 15:59:34]

########## EOF - C:\AdwCleaner[R1].txt - [11881 octets] ##########

Vsechny logy vkladejte tak jako ted, normalne obsah prispevku

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
• Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Tady jsou.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : oem [Práva správce]
Mód : Odebrat -- Datum : 05/23/2013 21:01:38
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> VYMAZÁNO
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> VYMAZÁNO
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.7.5:3128) -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 9c5ee33a4d79b1b4087257bcc8e57435
[BSP] 07d02a30a94b488e1f14148d4a410a34 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[3]_D_05232013_02d2101.txt >>
RKreport[1]_S_05232013_02d1557.txt ; RKreport[2]_S_05232013_02d2101.txt ; RKreport[3]_D_05232013_02d2101.txt



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : oem [Práva správce]
Mód : Oprava HOSTS -- Datum : 05/23/2013 21:02:18
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[4]_H_05232013_02d2102.txt >>
RKreport[1]_S_05232013_02d1557.txt ; RKreport[2]_S_05232013_02d2101.txt ; RKreport[3]_D_05232013_02d2101.txt ; RKreport[4]_H_05232013_02d2102.txt



# AdwCleaner v2.301 - Log vytvooen 23/05/2013 v 21:05:48
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : oem - OEM-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\oem\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Ask.com
Složka Vymazáno : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\adawaretb
Složka Vymazáno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Vymazáno poi restartu : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Vymazáno poi restartu : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}

***** [Registry] *****

Data Vymazáno : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Vymazáno : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Klíe Vymazáno : HKCU\Software\APN
Klíe Vymazáno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\Ask.com
Klíe Vymazáno : HKCU\Software\AskToolbar
Klíe Vymazáno : HKCU\Software\InstallCore
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\Software\adawaretb
Klíe Vymazáno : HKLM\Software\APN
Klíe Vymazáno : HKLM\Software\AskToolbar
Klíe Vymazáno : HKLM\Software\AVG Secure Search
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Vymazáno : HKLM\SOFTWARE\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v18.0.1 (cs)

Soubor : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v27.0.1453.93

Soubor : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [11887 octets] - [23/05/2013 15:59:34]
AdwCleaner[R2].txt - [11949 octets] - [23/05/2013 21:05:32]
AdwCleaner[S1].txt - [11953 octets] - [23/05/2013 21:05:48]

########## EOF - C:\AdwCleaner[S1].txt - [12014 octets] ##########

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill 2.4.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/24/2013 06:24:27 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\oem\Desktop\rkill\rkill-05-24-2013-06-24-30.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!
* HKCU\SOFTWARE\Classes\.bat has been deleted!
* HKCU\SOFTWARE\Classes\.com "@" exists and is set to comfile!
* HKCU\SOFTWARE\Classes\.com has been deleted!

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 05/24/2013 06:24:39 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

ComboFix 13-05-23.02 - oem 24.05.2013 6:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2839 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\oem\AppData\Roaming\inst.exe
c:\users\oem\AppData\Roaming\Love
c:\users\oem\AppData\Roaming\Love\mari0\options.txt
c:\windows\IsUn0405.exe
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-24 do 2013-05-24 )))))))))))))))))))))))))))))))
.
.
2013-05-24 04:38 . 2013-05-24 04:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-23 19:05 . 2013-05-23 19:05 292 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-23 17:16 . 2013-05-23 17:16 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 13:49 . 2013-05-23 13:49 -------- d-----w- c:\windows\ERUNT
2013-05-23 13:49 . 2013-05-23 13:49 -------- d-----w- C:\JRT
2013-05-23 12:57 . 2013-05-23 13:05 -------- d-----w- c:\program files\trend micro
2013-05-23 12:57 . 2013-05-23 12:58 -------- d-----w- C:\rsit
2013-05-22 14:08 . 2013-05-22 14:08 -------- d-----w- c:\program files\Enigma Software Group
2013-05-22 14:07 . 2013-05-22 16:59 -------- d-----w- c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-21 20:09 . 2013-05-21 20:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-21 19:51 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-21 19:51 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-21 19:51 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-21 19:51 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-21 19:51 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-21 19:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-21 19:51 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-21 19:51 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-21 19:51 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-21 19:51 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-21 19:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-21 19:50 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 19:49 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 19:22 . 2013-05-21 19:22 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2013-05-21 19:21 . 2013-05-21 19:21 -------- d-----w- c:\programdata\Malwarebytes
2013-05-21 19:21 . 2013-05-21 19:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-21 19:10 . 2013-05-21 19:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-21 19:09 . 2013-05-21 20:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-21 18:38 . 2013-05-21 18:38 -------- d-----w- c:\program files (x86)\ESET
2013-05-21 18:23 . 2013-05-21 18:23 -------- d-----w- c:\users\oem\AppData\Roaming\Avira
2013-05-21 18:20 . 2013-05-21 18:20 -------- d-----w- c:\programdata\Avira
2013-05-21 18:20 . 2013-05-21 18:20 -------- d-----w- c:\program files (x86)\Avira
2013-05-15 14:09 . 2013-05-15 14:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 14:07 . 2013-05-15 14:07 -------- d-----w- c:\programdata\tmp
2013-05-15 14:07 . 2013-05-15 14:07 -------- d-----w- c:\programdata\hps
2013-05-15 13:54 . 2013-05-15 13:54 -------- d-----w- c:\program files (x86)\Fotolab
2013-05-14 16:39 . 2013-05-14 16:39 -------- d-----w- c:\program files (x86)\AMD
2013-05-14 16:39 . 2013-05-14 16:39 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2013-05-14 16:38 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-05-14 16:38 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-05-14 16:38 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-05-09 15:51 . 2013-05-16 14:05 -------- d-----w- c:\users\oem\AppData\Roaming\.ftb
2013-05-09 15:51 . 2013-05-09 15:54 -------- d-----w- c:\users\oem\AppData\Roaming\ftblauncher
2013-05-05 18:49 . 2013-05-05 18:49 -------- d-----w- c:\users\oem\AppData\Roaming\3909 LLC
2013-04-24 12:41 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 20:19 . 2011-04-18 10:42 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 14:08 . 2012-07-07 13:47 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-15 14:08 . 2012-02-03 14:12 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-18 16:24 . 2013-02-04 10:55 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-13 05:49 . 2013-05-21 19:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-21 19:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-21 19:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-21 19:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-21 19:51 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-21 19:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-11 09:06 . 2013-03-18 15:49 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-03-19 06:04 . 2013-04-10 12:28 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:28 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:28 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:28 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:28 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:28 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-06 17:51 . 2013-03-06 17:51 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2011-11-30 05:19 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-25 20:05 . 2013-02-24 15:13 1066368 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-02-25 13:30 . 2012-03-31 17:35 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-25 13:30 . 2012-01-19 13:38 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 ALSysIO;ALSysIO;c:\users\oem\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-01 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\BurnInTest\DirectIo.sys [x]
R3 esgiguard;esgiguard;c:\program files\ENIGMA SOFTWARE GROUP\SPYHUNTER\esgiguard.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-11 39504]
R3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
R3 X6va005;X6va005;c:\users\oem\AppData\Local\Temp\0056BA1.tmp [x]
R3 X6va007;X6va007;c:\users\oem\AppData\Local\Temp\007429F.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
R4 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [2012-08-18 22016]
R4 FileZillaServer;FileZillaServer;c:\xampp\filezillaftp\filezillaserver.exe [2012-05-11 632320]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-06-14 27760]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-18 14456]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-21 283200]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\BLUETOOTH SUITE\ADMINSERVICE.EXE [2011-03-01 76448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2013-03-06 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2013-02-12 1149104]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [2010-10-21 72816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-06-14 2159728]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:30]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 14:01]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 14:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-02-12 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.7.5:3128
TCP: DhcpNameServer = 212.96.161.6 212.96.160.1
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\
FF - ExtSQL: !HIDDEN! 2012-06-12 18:00; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\oem\AppData\Local\Temp\0056BA1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\oem\AppData\Local\Temp\007429F.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-122519983-3596732956-242831837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i**«Ç9\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-24 06:42:37
ComboFix-quarantined-files.txt 2013-05-24 04:42
.
Před spuštěním: Volných bajtů: 717 465 231 360
Po spuštění: Volných bajtů: 716 902 404 096
.
- - End Of File - - 5C5C737D883EBE522D0EA6C0EC93B0E5


K restartu PC nedošlo.

Odinstalujte Lavasoft Ad-Aware - toto neni kvalitni antimalware nastroj

Odinstalujte Spyware Terminator - uz ma nejlepsi za sebou

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Ulozte nejlepe na Plochu
• Spustte tradicne dvouklikem a postupujte dle pokynu utility
• Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Tady je.

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware verze 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Poprosim o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by oem at 21:09:26 on 2013-05-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2875 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRAM FILES (X86)\BLUETOOTH SUITE\ADMINSERVICE.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = 192.168.7.5:3128
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 212.96.161.6 212.96.160.1
TCP: Interfaces\{A2BA9D87-00FE-4888-AAAB-5754C407BC4D} : DHCPNameServer = 212.96.161.6 212.96.160.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\
FF - ExtSQL: !HIDDEN! 2012-06-12 18:00; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-25 189936]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-4 14456]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-25 378432]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-21 283200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-25 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-25 80816]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-25 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-21 701512]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-21 418376]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\l1c51x64.sys [2011-9-8 72816]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-21 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-11-30 2159728]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-25 65336]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-25 1025808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-1 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-18 61808]
S3 fsssvc;Windows Live Zabezpečení rodiny;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-2-6 533360]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-3-18 39504]
S3 RTL8167;Ovladač Realtek 8167 NT;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
S4 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-8-18 22016]
S4 FileZillaServer;FileZillaServer;C:\xampp\FileZillaFTP\FileZillaServer.exe [2012-5-11 632320]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-30 8704]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2011-11-30 27760]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-25 07:15:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 07:15:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 07:15:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 07:15:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 07:15:04 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 07:12:05 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-25 07:12:04 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-25 06:37:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D5E083A-5FB3-4C68-B60E-361A00B9DF9A}\offreg.dll
2013-05-25 06:24:30 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-25 06:24:25 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-25 06:24:23 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-25 06:24:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-25 06:24:15 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-25 06:23:45 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-25 06:23:32 -------- d-----w- C:\Program Files\AVAST Software
2013-05-25 06:22:43 -------- d-----w- C:\ProgramData\AVAST Software
2013-05-24 11:56:34 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-24 04:26:44 98816 ----a-w- C:\Windows\sed.exe
2013-05-24 04:26:44 256000 ----a-w- C:\Windows\PEV.exe
2013-05-24 04:26:44 208896 ----a-w- C:\Windows\MBR.exe
2013-05-23 19:05:55 292 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-05-23 17:16:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 13:49:24 -------- d-----w- C:\Windows\ERUNT
2013-05-23 13:49:05 -------- d-----w- C:\JRT
2013-05-23 12:57:35 -------- d-----w- C:\Program Files\trend micro
2013-05-22 14:08:14 -------- d-----w- C:\Program Files\Enigma Software Group
2013-05-22 14:07:24 -------- d-----w- C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-21 19:51:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-21 19:51:33 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-21 19:51:33 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-21 19:51:33 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-21 19:51:09 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-21 19:51:08 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-21 19:51:08 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-21 19:51:07 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-21 19:50:16 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-21 19:50:16 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-21 19:49:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-21 19:22:06 -------- d-----w- C:\Users\oem\AppData\Roaming\Malwarebytes
2013-05-21 19:21:54 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-21 19:21:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 19:10:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-21 19:09:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-21 18:38:07 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-21 18:23:56 -------- d-----w- C:\Users\oem\AppData\Roaming\Avira
2013-05-21 18:20:48 -------- d-----w- C:\ProgramData\Avira
2013-05-21 18:20:48 -------- d-----w- C:\Program Files (x86)\Avira
2013-05-15 14:09:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 14:07:37 -------- d-----w- C:\ProgramData\tmp
2013-05-15 14:07:37 -------- d-----w- C:\ProgramData\hps
2013-05-15 13:54:53 -------- d-----w- C:\Program Files (x86)\Fotolab
2013-05-14 16:39:20 -------- d-----w- C:\Program Files (x86)\AMD
2013-05-14 16:39:13 -------- d-----w- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2013-05-14 16:38:56 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2013-05-14 16:38:56 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2013-05-14 16:38:54 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2013-05-09 15:51:36 -------- d-----w- C:\Users\oem\AppData\Roaming\.ftb
2013-05-09 15:51:13 -------- d-----w- C:\Users\oem\AppData\Roaming\ftblauncher
2013-05-05 18:49:38 -------- d-----w- C:\Users\oem\AppData\Roaming\3909 LLC
2013-05-01 01:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2013-05-25 06:55:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-25 06:55:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-23 17:16:33 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 14:08:58 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-05-15 14:08:58 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-18 16:24:14 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-11 09:06:54 39504 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-06 17:51:19 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
.
============= FINISH: 21:11:12,03 ===============

Pokud je to tedy všechno, tak Vám mockrát děkuji. Počítač zase běží, tak jak má. Mám dokonce dojem, že se startuje rychleji. Až jednou budu mít čím, tak Vás určitě rád podpořím.

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  C:\ProgramData\Spybot - Search & Destroy
  C:\Program Files (x86)\Spybot - Search & Destroy 2
  C:\Program Files (x86)\ESET
  C:\Users\oem\AppData\Roaming\Avira
  C:\ProgramData\Avira
  C:\Program Files\Enigma Software Group
  C:\Program Files (x86)\Avira
  
  Driver::
  X6va005
  X6va007
  X6va008
  
  RegLock::
  [HKEY_USERS\S-1-5-21-122519983-3596732956-242831837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i**«Ç9\OpenWithList]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  RegNull::
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  
  Registry:
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Tady je, měl jsem ale menší problém s avastem, který na mě alespoň dvacetkrát vyskočil. Doufám, že to vyšlo tak, jak mělo. Měl jsem si přečíst jeden z těch předchozích příspěvků, přišel bych na to, že jsem ho měl vypnout.

ComboFix 13-05-28.02 - oem 28.05.2013 20:30:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4078.2801 [GMT 2:00]
Spuštěný z: c:\users\oem\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\oem\Desktop\CFScript.TXT
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Avira
c:\program files (x86)\Avira\AntiVir Desktop\about.htm
c:\program files (x86)\Avira\AntiVir Desktop\aelidb.dat
c:\program files (x86)\Avira\AntiVir Desktop\aeset.dat
c:\program files (x86)\Avira\AntiVir Desktop\aevdf.dat
c:\program files (x86)\Avira\AntiVir Desktop\alert_level.gif
c:\program files (x86)\Avira\AntiVir Desktop\alertcat.htm
c:\program files (x86)\Avira\AntiVir Desktop\alerttyp.htm
c:\program files (x86)\Avira\AntiVir Desktop\alertvir.htm
c:\program files (x86)\Avira\AntiVir Desktop\alldiscs.avp
c:\program files (x86)\Avira\AntiVir Desktop\alldrives.avp
c:\program files (x86)\Avira\AntiVir Desktop\android.html
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_bl.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_br.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_ml.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_mr.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_tl.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_bg_tr.jpg
c:\program files (x86)\Avira\AntiVir Desktop\android_btn_gray_hover.gif
c:\program files (x86)\Avira\AntiVir Desktop\android_btn_gray_normal.gif
c:\program files (x86)\Avira\AntiVir Desktop\android_phone.gif
c:\program files (x86)\Avira\AntiVir Desktop\android_red_arrow.gif
c:\program files (x86)\Avira\AntiVir Desktop\android_video.gif
c:\program files (x86)\Avira\AntiVir Desktop\antivir.oem
c:\program files (x86)\Avira\AntiVir Desktop\antivir0.rdf
c:\program files (x86)\Avira\AntiVir Desktop\avconfig.xml
c:\program files (x86)\Avira\AntiVir Desktop\avguard.xml
c:\program files (x86)\Avira\AntiVir Desktop\avlode.rdf
c:\program files (x86)\Avira\AntiVir Desktop\avreg.yml
c:\program files (x86)\Avira\AntiVir Desktop\avscan.dat
c:\program files (x86)\Avira\AntiVir Desktop\avwin.chm
c:\program files (x86)\Avira\AntiVir Desktop\bg_b.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_bl.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_br.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_m.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_ml.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_mr.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_t.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_tl.jpg
c:\program files (x86)\Avira\AntiVir Desktop\bg_tr.jpg
c:\program files (x86)\Avira\AntiVir Desktop\btn_gray_hover.gif
c:\program files (x86)\Avira\AntiVir Desktop\btn_gray_normal.gif
c:\program files (x86)\Avira\AntiVir Desktop\build.dat
c:\program files (x86)\Avira\AntiVir Desktop\cacert.crt
c:\program files (x86)\Avira\AntiVir Desktop\ccplg.xml
c:\program files (x86)\Avira\AntiVir Desktop\default.wav
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aelidb.dat
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeset.dat
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\aevdf.dat
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase000.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase001.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase002.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase003.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase004.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase005.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase006.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase007.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase008.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase009.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase010.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase011.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase012.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase013.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase014.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase015.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase016.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase017.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase018.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase019.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase020.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase021.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase022.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase023.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase024.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase025.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase026.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase027.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase028.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase029.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase030.vdf
c:\program files (x86)\Avira\AntiVir Desktop\FAILSAFE\vbase031.vdf
c:\program files (x86)\Avira\AntiVir Desktop\gavid.xsl
c:\program files (x86)\Avira\AntiVir Desktop\hbedv.key
c:\program files (x86)\Avira\AntiVir Desktop\inetset.bin
c:\program files (x86)\Avira\AntiVir Desktop\mydocs.avp
c:\program files (x86)\Avira\AntiVir Desktop\prefix_msg.avr
c:\program files (x86)\Avira\AntiVir Desktop\process.avp
c:\program files (x86)\Avira\AntiVir Desktop\prodinfo.dat
c:\program files (x86)\Avira\AntiVir Desktop\quicksysscan.avp
c:\program files (x86)\Avira\AntiVir Desktop\readme.txt
c:\program files (x86)\Avira\AntiVir Desktop\red_arrow.gif
c:\program files (x86)\Avira\AntiVir Desktop\rmdiscs.avp
c:\program files (x86)\Avira\AntiVir Desktop\sched.xml
c:\program files (x86)\Avira\AntiVir Desktop\socialshield.html
c:\program files (x86)\Avira\AntiVir Desktop\sweb.zip
c:\program files (x86)\Avira\AntiVir Desktop\sysdir.avp
c:\program files (x86)\Avira\AntiVir Desktop\sysscan.avp
c:\program files (x86)\Avira\AntiVir Desktop\toolbar_eula.txt
c:\program files (x86)\Avira\AntiVir Desktop\updatemsg.avr
c:\program files (x86)\Avira\AntiVir Desktop\vbase000.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase001.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase002.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase003.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase004.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase005.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase006.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase007.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase008.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase009.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase010.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase011.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase012.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase013.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase014.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase015.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase016.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase017.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase018.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase019.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase020.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase021.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase022.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase023.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase024.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase025.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase026.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase027.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase028.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase029.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase030.vdf
c:\program files (x86)\Avira\AntiVir Desktop\vbase031.vdf
c:\program files (x86)\Avira\AntiVir Desktop\video.gif
c:\program files (x86)\Avira\AntiVir Desktop\weblink.url
c:\program files (x86)\ESET
c:\program files (x86)\ESET\ESET Online Scanner\log.txt
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod01A9.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0663.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0992.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod09A4.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0E7B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod17A8.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod209D.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2473.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod24A2.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod25F9.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod29B3.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2D70.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2E72.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2EFE.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod36AA.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4A8F.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5410.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod54B4.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod55E4.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5D53.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5E95.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod6444.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod6C81.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod6CE6.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod795A.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em028_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em028_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\snlBase150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\vcl150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\vclimg150.bpl
c:\program files (x86)\Spybot - Search & Destroy 2\vclx150.bpl
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\cos.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130522_160836.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130522_164009.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
c:\programdata\Avira
c:\programdata\Avira\AntiVir Desktop\addr_file.html
c:\programdata\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe
c:\programdata\Avira\AntiVir Desktop\EVENTDB\avguard_tchk.dbe
c:\programdata\Avira\AntiVir Desktop\IPM\IpmMessages.xml
c:\programdata\Avira\AntiVir Desktop\IPM\IpmTemplate.xml
c:\programdata\Avira\AntiVir Desktop\JOBS\produpd.avj
c:\programdata\Avira\AntiVir Desktop\JOBS\scanjob.avj
c:\programdata\Avira\AntiVir Desktop\JOBS\startupd.avj
c:\programdata\Avira\AntiVir Desktop\JOBS\updjob.avj
c:\programdata\Avira\AntiVir Desktop\LOGFILES\avesvc.log
c:\programdata\Avira\AntiVir Desktop\LOGFILES\avguard.log
c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20130521-202131-95BFFE62.LOG
c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20130521-202429-B5E011BE.LOG
c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20130521-202940-EDDC8684.LOG
c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20130521-204323-820A0BEB.LOG
c:\programdata\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20130521-210320-598E7831.LOG
c:\programdata\Avira\AntiVir Desktop\LOGFILES\setup.log
c:\programdata\Avira\AntiVir Desktop\LOGFILES\sched.log
c:\programdata\Avira\AntiVir Desktop\PROFILES\folder.avp
c:\programdata\Avira\AntiVir Desktop\PROFILES\rootkit.avp
c:\programdata\Avira\AntiVir Desktop\REPORTS\31dd938a.avl
c:\programdata\Avira\AntiVir Desktop\REPORTS\33131d39.avl
c:\programdata\Avira\AntiVir Desktop\REPORTS\55a5d454.avl
c:\programdata\Avira\AntiVir Desktop\REPORTS\60864ac8.avl
c:\programdata\Avira\AntiVir Desktop\REPORTS\6d468285.avl
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\130521-211603.xml
c:\programdata\Spybot - Search & Destroy\Cleaning\130521-211940.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.130521-2116.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.130521-2119.txt
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\users\oem\AppData\Roaming\Avira
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA007
-------\Legacy_X6VA008
-------\Service_X6va005
-------\Service_X6va007
-------\Service_X6va008
-------\Legacy_esgiguard
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 18:44 . 2013-05-28 18:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-28 18:44 . 2013-05-28 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-28 08:03 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2D897AB-0602-4D67-A613-2D48692477A8}\mpengine.dll
2013-05-25 07:15 . 2013-05-25 07:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 07:15 . 2013-05-25 07:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 07:15 . 2013-05-25 07:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 07:15 . 2013-05-25 07:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 07:15 . 2013-05-25 07:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 07:14 . 2013-05-25 07:15 -------- d-----w- c:\program files (x86)\QuickTime
2013-05-25 07:14 . 2013-05-25 07:14 -------- d-----w- c:\programdata\Apple Computer
2013-05-25 07:12 . 2013-05-11 22:27 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-25 07:12 . 2013-05-11 22:26 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-25 06:24 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-25 06:24 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-25 06:24 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-25 06:24 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-25 06:24 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-25 06:24 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-25 06:24 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-25 06:24 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-25 06:24 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-25 06:23 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-25 06:23 . 2013-05-25 06:23 -------- d-----w- c:\program files\AVAST Software
2013-05-25 06:22 . 2013-05-25 06:23 -------- d-----w- c:\programdata\AVAST Software
2013-05-23 19:05 . 2013-05-23 19:05 292 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-23 17:16 . 2013-05-23 17:16 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 13:49 . 2013-05-23 13:49 -------- d-----w- c:\windows\ERUNT
2013-05-23 13:49 . 2013-05-23 13:49 -------- d-----w- C:\JRT
2013-05-23 12:57 . 2013-05-23 13:05 -------- d-----w- c:\program files\trend micro
2013-05-23 12:57 . 2013-05-23 12:58 -------- d-----w- C:\rsit
2013-05-22 14:07 . 2013-05-22 16:59 -------- d-----w- c:\windows\E63D89610BA94CF39E94407ACA42846C.TMP
2013-05-21 20:09 . 2013-05-21 20:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-21 19:51 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-21 19:51 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-21 19:51 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-21 19:51 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-21 19:51 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-21 19:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-21 19:51 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-21 19:51 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-21 19:51 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-21 19:51 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-21 19:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-21 19:50 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-21 19:49 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 19:22 . 2013-05-21 19:22 -------- d-----w- c:\users\oem\AppData\Roaming\Malwarebytes
2013-05-21 19:21 . 2013-05-21 19:21 -------- d-----w- c:\programdata\Malwarebytes
2013-05-21 19:21 . 2013-05-21 19:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 14:09 . 2013-05-15 14:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 14:07 . 2013-05-15 14:07 -------- d-----w- c:\programdata\tmp
2013-05-15 14:07 . 2013-05-15 14:07 -------- d-----w- c:\programdata\hps
2013-05-15 13:54 . 2013-05-15 13:54 -------- d-----w- c:\program files (x86)\Fotolab
2013-05-14 16:39 . 2013-05-14 16:39 -------- d-----w- c:\program files (x86)\AMD
2013-05-14 16:39 . 2013-05-14 16:39 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2013-05-14 16:38 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-05-14 16:38 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-05-14 16:38 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-05-09 15:51 . 2013-05-16 14:05 -------- d-----w- c:\users\oem\AppData\Roaming\.ftb
2013-05-09 15:51 . 2013-05-09 15:54 -------- d-----w- c:\users\oem\AppData\Roaming\ftblauncher
2013-05-05 18:49 . 2013-05-05 18:49 -------- d-----w- c:\users\oem\AppData\Roaming\3909 LLC
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-25 06:55 . 2012-03-31 17:35 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-25 06:55 . 2012-01-19 13:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 20:19 . 2011-04-18 10:42 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 14:08 . 2012-07-07 13:47 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-15 14:08 . 2012-02-03 14:12 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 16:24 . 2013-02-04 10:55 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-13 05:49 . 2013-05-21 19:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-21 19:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-21 19:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-21 19:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-21 19:51 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-21 19:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:41 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 09:06 . 2013-03-18 15:49 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-03-19 06:04 . 2013-04-10 12:28 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:28 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:28 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:28 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:28 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:28 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-06 17:51 . 2013-03-06 17:51 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 ALSysIO;ALSysIO;c:\users\oem\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-01 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-01 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-01 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-01 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-01 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-01 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-01 280224]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\BurnInTest\DirectIo.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-11 39504]
R3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
R4 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe [2012-08-18 22016]
R4 FileZillaServer;FileZillaServer;c:\xampp\filezillaftp\filezillaserver.exe [2012-05-11 632320]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-06-14 27760]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-18 14456]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-21 283200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\BLUETOOTH SUITE\ADMINSERVICE.EXE [2011-03-01 76448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-01 28832]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [2010-10-21 72816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-06-14 2159728]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 06:55]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001Core.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 14:01]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-122519983-3596732956-242831837-1001UA.job
- c:\users\oem\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 14:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.7.5:3128
TCP: DhcpNameServer = 212.96.161.6 212.96.160.1
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\2g67xkmm.default\
FF - ExtSQL: 2013-04-01 17:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-05-25 08:24; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2013-04-01 17:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-122519983-3596732956-242831837-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i**«Ç9\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2013-05-28 20:51:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-28 18:51
ComboFix2.txt 2013-05-24 04:42
.
Před spuštěním: Volných bajtů: 705 059 008 512
Po spuštění: Volných bajtů: 704 530 444 288
.
- - End Of File - - 2A743D71F81CEFE5441CF93951BD22A5

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse