VIRY.CZ

Kopíruji z PC poradny:
Dobrý den,
včera se mi z ničeho nic začal sekat počítač, zkontroloval jsem teda teploty a vidím, že jsou neobvykle dost velké (vklidu kolem 60-70C) tak jsem teda vzal grafiku, pořádně jsem jí vyčistil žebrování a snížil jsem teplotu asi o 5 stupňů. Po dlouhém a úmorném čištění všech koutů PC jsem si uvědomil, že využití gradické karty je furt 99%, a to i na ploše v klidovém stavu. Spustil jsem tedy Malware antibites, ten nenašel skoro nic, dále následovalo čištění antivirákem a různými cleanery. Smazal jsem ovladače GK a nainstaloval nejnovější, po nainstalování ovladačů byl výkon chvíli na 1%, poté se opět vyšvihl na 99%. Dokonce jsem vyměňoval mojí GT 545 a dal místo ní starou 9800, ale furt stejný problém. Tipuju, že je chyba někde v registrech nebo je způsobena nějákým virem? Předevčírem jsem neměl žádný problém, teploty byly v pořádku a využití GK také... žádné ovladače a nic podobného jsem neinstaloval. PS: Procesy a využití procesoru jsou normální

Grafika: Nvidia GT 545, Intel core i5-2500 3,3GHz, 8GB ram, zdroj od HP (600W)

Tipuju, že problém je virový nebo je způsobený jinou havětí, proto zde vkládám svůj log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Srbino at 2013-06-25 18:39:30
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 918 GB (48%) free of 1894 GB
Total RAM: 8172 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:40, on 25.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16618)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\Srbino\AppData\Roaming\mow\mow.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Magic Tune\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\trend micro\Srbino.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAStorIcon] c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\program files (x86)\hp\hp software update\hpwuschd2.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Srbino\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [C:\Users\Srbino\AppData\Roaming\mow\mow.exe] C:\Users\Srbino\AppData\Roaming\mow\mow.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: GammaTray.exe.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - (no file)
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager (mitsijm2013) - - C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13268 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe"
"C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
taskeng.exe {4C56513D-4AB9-42F3-AB2E-F07AD1AE8BBE}
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe" -Embedding
taskeng.exe {C31F681D-5FFA-4832-911B-C9045DAD5C3B}
"C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\IDT\WDM\beats64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Users\Srbino\AppData\Roaming\mow\mow.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files\Magic Tune\MagicTune Premium\GammaTray.exe"
"C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 3864
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k HPService
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#hp psc 1310 series#1325527819" -Startup
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5280.14d2f700.1560584396 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 5280 "\\.\pipe\gecko-crash-server-pipe.5280" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" --proxy-stub-channel=Flash5624.643FBDE0.22554 --host-broker-channel=Flash5624.643FBDE0.6808 --host-pid=5624 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe" --channel=5664.003FF550.987915898 --proxy-stub-channel=Flash5624.643FBDE0.22554 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Srbino\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000UA.job
C:\Windows\tasks\HPCeeScheduleForSrbino.job
C:\Windows\tasks\HPCeeScheduleForSUPERMACHINE$.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\RegCure Pro.job
C:\Windows\tasks\SlimDrivers Startup.job
C:\Windows\tasks\SmartDefrag_Startup.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.3]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
websitelogon@truesuite.com

C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\extensions\
ascsurfingprotection@iobit.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-02-14 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09 1747272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-02-14 191368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-01 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09 1598792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL [2013-01-15 656704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-01 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-20 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-20 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-20 439064]
"hpsysdrv"=c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe [2008-11-20 62768]
"SysTrayApp"=c:\program files\idt\wdm\sttray64.exe [2011-06-10 1128448]
"BeatsOSDApp"=c:\program files\idt\wdm\beats64.exe [2010-10-22 37888]
"AmIcoSinglun64"=c:\program files (x86)\amicosinglun\amicosinglun64.exe [2000-01-01 324096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"=C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [2013-01-15 491840]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Facebook Update"=C:\Users\Srbino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-30 138096]
"C:\Users\Srbino\AppData\Roaming\mow\mow.exe"=C:\Users\Srbino\AppData\Roaming\mow\mow.exe [2013-06-24 392036]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
c:\program files\autodesk\autodesk sync\adsync.exe [2012-02-05 415680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeatsOSDApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicTuneEngine]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
c:\program files (x86)\pdf complete\pdfsty.exe [2011-05-06 658424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\common files\java\java update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
[]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IAStorIcon"=c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe [2000-01-01 284480]
"HP Software Update"=c:\program files (x86)\hp\hp software update\hpwuschd2.exe [2008-12-09 54576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
GammaTray.exe.lnk - C:\Program Files\Magic Tune\MagicTune Premium\GammaTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.RTV1"=rtvcvfw64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-06-25 18:39:30 ----D---- C:\rsit
2013-06-25 18:39:30 ----D---- C:\Program Files\trend micro
2013-06-25 18:15:11 ----D---- C:\Users\Srbino\AppData\Roaming\NVIDIA
2013-06-25 18:11:50 ----A---- C:\Windows\system32\nvvsvc.exe
2013-06-25 18:11:50 ----A---- C:\Windows\system32\nvsvc64.dll
2013-06-25 18:11:50 ----A---- C:\Windows\system32\nvshext.dll
2013-06-25 18:11:50 ----A---- C:\Windows\system32\nvmctray.dll
2013-06-25 18:11:50 ----A---- C:\Windows\system32\nvcpl.dll
2013-06-25 18:11:39 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2013-06-25 18:11:39 ----A---- C:\Windows\system32\OpenCL.dll
2013-06-25 18:11:36 ----D---- C:\ProgramData\NVIDIA Corporation
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-06-25 18:11:09 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvopencl.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvoglv64.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\NvIFR64.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\NvFBC64.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvdispgenco6432018.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvdispco6432018.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvcuvid.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvcuda.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvcompiler.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\nvapi64.dll
2013-06-25 18:11:09 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-06-25 17:55:22 ----D---- C:\Users\Srbino\AppData\Roaming\ParetoLogic
2013-06-25 17:55:22 ----D---- C:\Users\Srbino\AppData\Roaming\DriverCure
2013-06-25 17:55:14 ----D---- C:\ProgramData\ParetoLogic
2013-06-25 17:55:14 ----D---- C:\Program Files (x86)\ParetoLogic
2013-06-25 13:48:28 ----A---- C:\Windows\system32\nvhdap64.dll
2013-06-25 13:48:28 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2013-06-25 00:12:53 ----D---- C:\Program Files (x86)\SlimDrivers
2013-06-24 22:18:16 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-06-24 22:18:16 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-24 22:18:16 ----A---- C:\Windows\system32\elshyph.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\url.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-06-24 22:18:15 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-06-24 22:18:14 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-06-24 22:18:14 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-06-24 22:18:14 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-06-24 22:18:14 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\wininet.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\wextract.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\webcheck.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\vbscript.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\urlmon.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\url.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\pngfilt.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\occache.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\msrating.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\msls31.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\mshtmler.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\mshtml.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\mshta.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\msfeedssync.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\licmgr10.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\jscript9.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\jscript.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\inseng.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\imgutil.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iexpress.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iesetup.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iertutil.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iernonce.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iepeers.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\iedkcs32.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\ieapfltr.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\ieapfltr.dat
2013-06-24 22:18:14 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-24 22:18:14 ----A---- C:\Windows\system32\icardie.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\dxtrans.dll
2013-06-24 22:18:14 ----A---- C:\Windows\system32\dxtmsft.dll
2013-06-24 22:18:13 ----A---- C:\Windows\system32\ieui.dll
2013-06-24 22:18:13 ----A---- C:\Windows\system32\ieframe.dll
2013-06-24 20:08:53 ----D---- C:\Users\Srbino\AppData\Roaming\mow
2013-06-24 19:58:11 ----D---- C:\Program Files (x86)\1C Company
2013-06-23 14:13:06 ----D---- C:\Games
2013-06-23 14:06:36 ----D---- C:\Program Files (x86)\Skyrim
2013-06-16 16:46:36 ----D---- C:\Users\Srbino\AppData\Roaming\BANDISOFT
2013-06-16 16:46:22 ----D---- C:\Program Files (x86)\Bandicam
2013-06-16 16:46:20 ----D---- C:\Program Files (x86)\BandiMPEG1
2013-06-16 16:30:42 ----D---- C:\Program Files (x86)\HELP
2013-06-15 23:44:18 ----D---- C:\Users\Srbino\AppData\Roaming\Ultima Online Forever (Razor)
2013-06-14 00:32:16 ----D---- C:\ProgramData\Recovery
2013-06-13 14:46:09 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2013-06-12 10:52:33 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2013-06-12 10:52:33 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-12 10:52:32 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2013-06-12 10:52:32 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-06-12 10:52:32 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-12 10:52:32 ----A---- C:\Windows\system32\win32spl.dll
2013-06-12 10:52:32 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-12 10:52:30 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-06-12 10:52:30 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-06-12 10:52:30 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-06-12 10:52:30 ----A---- C:\Windows\SYSWOW64\certutil.exe
2013-06-12 10:52:30 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-12 10:52:30 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-12 10:52:30 ----A---- C:\Windows\system32\crypt32.dll
2013-06-12 10:52:30 ----A---- C:\Windows\system32\certutil.exe
2013-06-12 10:52:30 ----A---- C:\Windows\system32\certenc.dll
2013-06-12 10:52:29 ----A---- C:\Windows\SYSWOW64\certenc.dll
2013-06-12 10:52:27 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2013-06-12 10:52:27 ----A---- C:\Windows\system32\d3d11.dll
2013-06-01 21:28:45 ----D---- C:\Program Files (x86)\StarCraft II

======List of files/folders modified in the last 1 month======

2013-06-25 18:39:30 ----RD---- C:\Program Files
2013-06-25 18:39:29 ----D---- C:\Windows\Temp
2013-06-25 18:37:51 ----A---- C:\Windows\SYSWOW64\log.txt
2013-06-25 18:35:51 ----D---- C:\Windows\system32\config
2013-06-25 18:35:45 ----D---- C:\ProgramData\PDFC
2013-06-25 18:34:48 ----D---- C:\ProgramData\NVIDIA
2013-06-25 18:30:07 ----SHD---- C:\System Volume Information
2013-06-25 18:26:43 ----D---- C:\Program Files (x86)\MSI Afterburner
2013-06-25 18:13:56 ----D---- C:\Windows\inf
2013-06-25 18:13:47 ----D---- C:\Windows\debug
2013-06-25 18:12:34 ----D---- C:\Windows\system32\DriverStore
2013-06-25 18:12:34 ----D---- C:\Windows\system32\catroot
2013-06-25 18:12:33 ----RD---- C:\Users
2013-06-25 18:12:31 ----D---- C:\Program Files\NVIDIA Corporation
2013-06-25 18:12:31 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-06-25 18:12:07 ----D---- C:\Windows\SysWOW64
2013-06-25 18:11:50 ----D---- C:\Windows\System32
2013-06-25 18:11:36 ----HD---- C:\ProgramData
2013-06-25 18:11:32 ----D---- C:\Windows\system32\drivers
2013-06-25 18:11:14 ----D---- C:\Windows\system32\catroot2
2013-06-25 18:10:59 ----D---- C:\Windows
2013-06-25 17:55:29 ----D---- C:\Windows\Tasks
2013-06-25 17:55:29 ----D---- C:\Windows\system32\Tasks
2013-06-25 17:55:17 ----D---- C:\Program Files (x86)\Common Files
2013-06-25 17:55:14 ----D---- C:\Program Files (x86)
2013-06-25 16:07:28 ----D---- C:\Windows\SoftwareDistribution
2013-06-25 16:02:47 ----RSD---- C:\Windows\assembly
2013-06-25 13:39:49 ----D---- C:\Users\Srbino\AppData\Roaming\uTorrent
2013-06-25 00:12:53 ----SHD---- C:\Windows\Installer
2013-06-25 00:12:53 ----HD---- C:\Config.Msi
2013-06-25 00:11:01 ----D---- C:\Windows\Panther
2013-06-25 00:11:01 ----D---- C:\Windows\Logs
2013-06-25 00:09:58 ----D---- C:\Program Files (x86)\Razor
2013-06-25 00:02:46 ----D---- C:\ProgramData\truesuite
2013-06-24 23:44:36 ----D---- C:\Users\Srbino\AppData\Roaming\Skype
2013-06-24 22:49:16 ----D---- C:\Program Files (x86)\Origin
2013-06-24 22:23:35 ----D---- C:\Windows\winsxs
2013-06-24 22:22:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-24 22:22:23 ----D---- C:\Windows\system32\cs-CZ
2013-06-24 22:22:23 ----D---- C:\Program Files\Internet Explorer
2013-06-24 22:22:23 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-24 22:22:22 ----D---- C:\Windows\SYSWOW64\wbem
2013-06-24 22:22:22 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-06-24 22:22:22 ----D---- C:\Windows\SYSWOW64\migration
2013-06-24 22:22:21 ----D---- C:\Windows\SYSWOW64\en-US
2013-06-24 22:22:20 ----D---- C:\Windows\PolicyDefinitions
2013-06-24 22:22:19 ----D---- C:\Windows\system32\wbem
2013-06-24 22:22:19 ----D---- C:\Windows\system32\sk-SK
2013-06-24 22:22:19 ----D---- C:\Windows\system32\migration
2013-06-24 22:22:19 ----D---- C:\Windows\system32\en-US
2013-06-24 20:08:54 ----D---- C:\Windows\Prefetch
2013-06-24 20:08:53 ----D---- C:\ProgramData\RELOADED
2013-06-24 15:06:16 ----D---- C:\Users\Srbino\AppData\Roaming\SoftGrid Client
2013-06-23 14:11:46 ----D---- C:\Program Files\Nexus Mod Manager
2013-06-16 15:44:22 ----D---- C:\ProgramData\PMB Files
2013-06-15 15:49:22 ----D---- C:\Windows\rescache
2013-06-13 19:30:53 ----D---- C:\Windows\Microsoft.NET
2013-06-13 15:58:48 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-13 15:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-13 14:47:31 ----D---- C:\ProgramData\Microsoft Help
2013-06-13 14:46:40 ----RSD---- C:\Windows\Fonts
2013-06-13 14:46:31 ----D---- C:\Program Files (x86)\Microsoft Works
2013-06-13 14:46:20 ----D---- C:\Program Files (x86)\MSBuild
2013-06-13 14:46:07 ----D---- C:\Windows\ShellNew
2013-06-13 14:43:42 ----A---- C:\Windows\win.ini
2013-06-12 21:32:45 ----A---- C:\Windows\system32\MRT.exe
2013-06-12 21:14:11 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-06-10 16:50:20 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-06-10 16:49:26 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2013-06-10 16:45:58 ----D---- C:\Users\Srbino\AppData\Roaming\Origin
2013-06-10 16:45:58 ----D---- C:\ProgramData\Origin
2013-06-09 21:24:12 ----D---- C:\Program Files (x86)\The KMPlayer
2013-06-01 21:50:52 ----D---- C:\Program Files (x86)\Electronic Arts
2013-06-01 20:30:15 ----D---- C:\ProgramData\Blizzard Entertainment
2013-05-30 17:50:29 ----D---- C:\Program Files (x86)\SpeedFan
2013-05-30 17:46:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-05-30 17:46:35 ----D---- C:\ProgramData\Media Center Programs
2013-05-30 17:43:27 ----D---- C:\Users\Srbino\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2013-05-26 16:50:35 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2000-01-01 568640]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-02 834544]
R1 archlp;archlp; C:\Windows\SysWOW64\drivers\archlp.sys [2009-05-22 135680]
R1 Magic Tune;MagicTune; C:\Windows\system32\Drivers\MtiCtwl.sys [2008-11-04 23096]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2000-01-01 62784]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 708200]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 SmbDrv;SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver.sys [2000-01-01 21264]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-06-10 528384]
R3 tihub3;TI USB3 Hub Service; C:\Windows\system32\DRIVERS\tihub3.sys [2011-06-17 131656]
R3 tixhci;TI XHCI Service; C:\Windows\system32\DRIVERS\tixhci.sys [2011-06-17 405064]
S1 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2008-11-04 23096]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-12-03 25640]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-20 14745600]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2011-11-15 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-10-25 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-10-25 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2000-01-01 13632]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2000-01-01 277824]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-30 339776]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-01-16 76888]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-06-10 302592]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2000-01-01 365376]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-01-07 77944]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-21 1432400]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-22 117144]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-08-28 4204272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-03 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Předem děkuji za jakoukoliv pomoc!

Zdravim

Bud to budem resit tady nebo na PCporadne, ne na obou...A dale, my tu nebudem dodelavat praci za nekoho, kdo nevi co a jak...

Zaliskane je to jak jetel

Odinstalujte Advanced SystemCare 6 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• C:\Users\Srbino\AppData\Roaming\mow\mow.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Omlouvám se, dva roky jsem s PC žádný problém neměl takže je to solidní log advanced teda smažu, i když jsem s ním relativně spokojený.

zde link: https://www.virustotal.com/cs/file/96bf ... 372180322/

K vecem od IOBit jsem se vyjadril vyse, jen zbytecne kramy

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill problém vyřešil, za všechno může mow.exe

Zde log z Rkillu:
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/25/2013 07:22:33 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Srbino\AppData\Roaming\mow\mow.exe (PID: 2416) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Srbino\Desktop\rkill\rkill-06-25-2013-07-22-37.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com

20 out of 15280 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 06/25/2013 07:23:29 PM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)



Log z Combofixu:
ComboFix 13-06-24.01 - Srbino 25.06.2013 19:30:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.5980 [GMT 2:00]
Spuštěný z: c:\users\Srbino\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
c:\users\Srbino\AppData\Roaming\2B87.exe
c:\users\Srbino\AppData\Roaming\7A34.exe
c:\users\Srbino\AppData\Roaming\mow\mow.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\DebugLog.Info_2013_03_18.txt
c:\windows\SysWow64\SET7293.tmp
c:\windows\SysWow64\SET7A66.tmp
c:\windows\SysWow64\SETDC7A.tmp
c:\windows\SysWow64\SETE45D.tmp
c:\windows\SysWow64\SETE74C.tmp
c:\windows\SysWow64\tmp349D.tmp
c:\windows\SysWow64\tmp34AE.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-25 do 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-25 17:36 . 2013-06-25 17:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-06-25 17:25 . 2013-06-25 17:25 -------- d-----w- c:\programdata\StarApp
2013-06-25 17:25 . 2013-06-25 17:25 -------- d-----w- c:\program files (x86)\WebSearch
2013-06-25 17:25 . 2013-06-25 17:25 -------- d-----w- c:\programdata\InstallMate
2013-06-25 16:39 . 2013-06-25 16:39 -------- d-----w- C:\rsit
2013-06-25 16:39 . 2013-06-25 16:39 -------- d-----w- c:\program files\trend micro
2013-06-25 16:15 . 2013-06-25 16:15 -------- d-----w- c:\users\Srbino\AppData\Roaming\NVIDIA
2013-06-25 15:55 . 2013-06-25 15:55 -------- d-----w- c:\users\Srbino\AppData\Roaming\ParetoLogic
2013-06-25 15:55 . 2013-06-25 15:55 -------- d-----w- c:\users\Srbino\AppData\Roaming\DriverCure
2013-06-25 15:55 . 2013-06-25 16:41 -------- d-----w- c:\programdata\ParetoLogic
2013-06-25 13:55 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FA6F039-C71D-41E5-BAED-D681771773F8}\mpengine.dll
2013-06-25 12:43 . 2013-06-25 12:43 1950093 ----a-w- c:\windows\SysWow64\updateGeForce 9600 GTglg2tc960w256l4.bin
2013-06-25 11:53 . 2013-06-25 14:02 -------- d-----w- c:\users\Srbino\AppData\Local\NVIDIA
2013-06-25 11:48 . 2013-02-25 05:27 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-06-25 11:48 . 2013-02-25 05:27 194848 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-06-24 22:12 . 2013-06-25 16:42 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-06-24 20:58 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-24 20:07 . 2013-06-24 20:07 942945 ----a-w- c:\windows\SysWow64\updateGeForce GT 545glg2tc6016w256l4.bin
2013-06-24 18:08 . 2013-06-25 17:35 -------- d-----w- c:\users\Srbino\AppData\Roaming\mow
2013-06-24 17:58 . 2013-06-24 17:58 -------- d-----w- c:\program files (x86)\1C Company
2013-06-23 12:13 . 2013-06-23 12:13 -------- d-----w- C:\Games
2013-06-23 12:06 . 2013-06-25 11:41 -------- d-----w- c:\program files (x86)\Skyrim
2013-06-21 07:45 . 2013-06-21 07:45 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5B0489-AE5C-4AE0-B689-6D35A410EACC}\gapaengine.dll
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\users\Srbino\AppData\Roaming\BANDISOFT
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\program files (x86)\Bandicam
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\program files (x86)\BandiMPEG1
2013-06-16 14:30 . 2013-06-16 14:30 -------- d-----w- c:\program files (x86)\HELP
2013-06-15 21:44 . 2013-06-15 21:44 -------- d-----w- c:\users\Srbino\AppData\Roaming\Ultima Online Forever (Razor)
2013-06-13 22:32 . 2013-06-13 22:32 -------- d-----w- c:\programdata\Recovery
2013-06-01 19:28 . 2013-06-01 19:43 -------- d-----w- c:\program files (x86)\StarCraft II
2013-05-30 17:39 . 2013-05-30 17:39 -------- d-----w- c:\users\Srbino\AppData\Local\Facebook
2013-05-30 15:52 . 2013-05-30 15:52 -------- d-----w- c:\users\Srbino\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 16:42 . 2012-05-30 20:23 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-12 19:32 . 2012-01-05 18:36 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 19:14 . 2012-05-02 05:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:14 . 2011-11-15 15:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-10 14:50 . 2012-06-22 20:32 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-10 14:50 . 2012-01-02 13:21 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-10 14:49 . 2012-01-02 13:21 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-21 17:58 . 2012-02-10 14:34 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-10 19:31 . 2012-02-12 14:21 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 08:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 08:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 08:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 08:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 08:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 08:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-28 07:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 08:46 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 08:46 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 08:46 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2012-02-14 19:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Facebook Update"="c:\users\Srbino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-30 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAStorIcon"="c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe" [2000-01-01 284480]
"HP Software Update"="c:\program files (x86)\hp\hp software update\hpwuschd2.exe" [2008-12-08 54576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
S1 Magic Tune;MagicTune;c:\windows\system32\Drivers\MtiCtwl.sys;c:\windows\SYSNATIVE\Drivers\MtiCtwl.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 19:14]
.
2013-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000Core.job
- c:\users\Srbino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-30 17:39]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000UA.job
- c:\users\Srbino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-30 17:39]
.
2013-06-04 c:\windows\Tasks\HPCeeScheduleForSrbino.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-06-04 c:\windows\Tasks\HPCeeScheduleForSUPERMACHINE$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-09 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-13 14:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\idt\wdm\sttray64.exe" [2011-06-10 1128448]
"BeatsOSDApp"="c:\program files\idt\wdm\beats64.exe" [2010-10-21 37888]
"AmIcoSinglun64"="c:\program files (x86)\amicosinglun\amicosinglun64.exe" [2000-01-01 324096]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://websearch.searchingissme.info/?unqvl=23
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.searchingissme.info/?unqvl=23
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.236.184.254 10.0.0.3 10.0.0.2
FF - ProfilePath - c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchingissme.info/?unqvl=23
FF - prefs.js: keyword.URL - hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=
FF - ExtSQL: 2013-05-24 15:52; zpwar4@zsciy.net; c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\extensions\zpwar4@zsciy.net.xpi
FF - ExtSQL: 2013-06-17 21:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-01-02 19:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-c:\users\Srbino\AppData\Roaming\mow\mow.exe - c:\users\Srbino\AppData\Roaming\mow\mow.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-InstallShield_{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8} - c:\program files (x86)\InstallShield Installation Information\{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8}\Texas Instruments xHCI Driver v1.12.9 (
AddRemove-Televize_-_SychrovNET_vlc-0.9.8a - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,3b,1b,2e,d4,57,
1e,54,dd,6d,0d,a5,01,29,d7,31,72,2e,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,1f,cf,
05,9b,b2,eb,06,bf,9e,a5,08,89,6d,ff,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,26,95,
6f,f3,6a,4a,09,ad,f1,54,e3,18,7b,e1,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,80,04,
6b,c6,8c,44,02,ac,e3,8b,85,f4,9a,6f,57
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,3b,1b,7e,9f,80,
98,ba,b6,a9,07,b9,24,bb,9d,b5,f5,7b,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c3,20,
8d,34,16,d7,0e,94,c4,0e,3b,73,4b,21,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,17,d8,
c6,73,fe,33,07,a6,7c,c3,7a,c4,86,ca,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e8,ef,
e2,78,95,43,0b,a7,ca,51,2d,e4,55,ea,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,0d,44,
37,c0,01,0d,02,b2,ab,90,f6,62,6d,00,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,3b,1b,69,5a,4d,
48,e4,11,fc,04,b9,9d,90,9a,31,01,08,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,89,15,
e2,6c,96,46,0a,a5,33,c9,b6,2c,95,17,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c9,fa,
a0,53,98,b8,55,a6,e5,5f,ff,cc,49,f7,1b
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,38,12,61,38,3e,
49,8c,27,14,02,ef,e3,be,9b,00,6b,3d,61
.
[HKEY_USERS\S-1-5-21-924197963-2507838477-3784744702-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,bc,7f,36,f5,aa,e4,a9,80,67,59,13,59,bf,1f,ee,34,d1,77,d5,5a,
c5,8b,5c,95,c9,aa,c9,18,3f,88,7a,2a,80,f8,e5,d8,2f,8c,82,19,70,64,e8,01,cb,\
"rkeysecu"=hex:f6,39,30,b7,c8,d3,6a,32,23,a1,a0,eb,24,5d,76,8a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-25 19:42:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-25 17:42
.
Před spuštěním: Volných bajtů: 961 941 602 304
Po spuštění: Volných bajtů: 961 812 279 296
.
- - End Of File - - 2CF59F0959E858694ED015539C04ABA7
D41D8CD98F00B204E9800998ECF8427E

Rkill jej jen stopnul, poresil to az CF, jeste je to potreba ale docistit

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

# AdwCleaner v2.303 - Log vytvooen 25/06/2013 v 22:30:02
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Srbino - SUPERMACHINE
# Spuštin systém : Normální
# Spuštino z : C:\Users\Srbino\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\WebSearch
Složka Nalezeno : C:\ProgramData\Browser Manager
Složka Nalezeno : C:\ProgramData\InstallMate
Složka Nalezeno : C:\ProgramData\ParetoLogic
Složka Nalezeno : C:\Users\Srbino\AppData\Roaming\DriverCure
Složka Nalezeno : C:\Users\Srbino\AppData\Roaming\ParetoLogic
Soubor Nalezeno : C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\searchplugins\WebSearch.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\SProtector
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Klíe Nalezeno : HKCU\Software\Softonic
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Nalezeno : HKLM\Software\APN
Klíe Nalezeno : HKLM\Software\AskToolbar
Klíe Nalezeno : HKLM\Software\BrowserMngr
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\Software\SP Global
Klíe Nalezeno : HKLM\Software\SProtector
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Klíe Nalezeno : HKU\S-1-5-21-924197963-2507838477-3784744702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Nalezeno : HKU\S-1-5-21-924197963-2507838477-3784744702-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16618

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.searchingissme.info/?unqvl=23
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111814&tt=090812_ppc_3212_5&babsrc=HP_ss&mntrId=5e669bbc00000000000074de2bb0a09b
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.searchingissme.info/?unqvl=23

-\\ Mozilla Firefox v17.0.1 (cs)

Soubor : C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\prefs.js

Nalezeno : user_pref("aol_toolbar.default.homepage.check", false);
Nalezeno : user_pref("aol_toolbar.default.search.check", false);
Nalezeno : user_pref("browser.search.defaultenginename", "WebSearch");
Nalezeno : user_pref("browser.search.defaultenginename,S", "WebSearch");
Nalezeno : user_pref("browser.search.defaulturl", "hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=");
Nalezeno : user_pref("browser.search.order.1", "WebSearch");
Nalezeno : user_pref("browser.search.order.1,S", "WebSearch");
Nalezeno : user_pref("browser.search.selectedEngine", "WebSearch");
Nalezeno : user_pref("browser.search.selectedEngine,S", "WebSearch");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://websearch.searchingissme.info/?unqvl=23");
Nalezeno : user_pref("extensions.5108eb0d6826b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Nalezeno : user_pref("extensions.519f7b12655c0.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Nalezeno : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Nalezeno : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Nalezeno : user_pref("keyword.URL", "hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Nalezeno : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Nalezeno : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R1].txt - [6322 octets] - [25/06/2013 22:30:02]

########## EOF - C:\AdwCleaner[R1].txt - [6382 octets] ##########

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

# AdwCleaner v2.303 - Log vytvooen 25/06/2013 v 22:33:21
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Srbino - SUPERMACHINE
# Spuštin systém : Normální
# Spuštino z : C:\Users\Srbino\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\WebSearch
Složka Vymazáno : C:\ProgramData\Browser Manager
Složka Vymazáno : C:\ProgramData\InstallMate
Složka Vymazáno : C:\ProgramData\ParetoLogic
Složka Vymazáno : C:\Users\Srbino\AppData\Roaming\DriverCure
Složka Vymazáno : C:\Users\Srbino\AppData\Roaming\ParetoLogic
Soubor Vymazáno : C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\searchplugins\WebSearch.xml

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\AppDataLow\SProtector
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Klíe Vymazáno : HKCU\Software\Softonic
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Vymazáno : HKLM\Software\APN
Klíe Vymazáno : HKLM\Software\AskToolbar
Klíe Vymazáno : HKLM\Software\BrowserMngr
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Klíe Vymazáno : HKLM\Software\PIP
Klíe Vymazáno : HKLM\Software\SP Global
Klíe Vymazáno : HKLM\Software\SProtector
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16618

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.searchingissme.info/?unqvl=23 --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.searchingissme.info/?unqvl=23 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (cs)

Soubor : C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\prefs.js

C:\Users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\user.js ... Vymazáno !

Vymazáno : user_pref("aol_toolbar.default.homepage.check", false);
Vymazáno : user_pref("aol_toolbar.default.search.check", false);
Vymazáno : user_pref("browser.search.defaultenginename", "WebSearch");
Vymazáno : user_pref("browser.search.defaultenginename,S", "WebSearch");
Vymazáno : user_pref("browser.search.defaulturl", "hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=");
Vymazáno : user_pref("browser.search.order.1", "WebSearch");
Vymazáno : user_pref("browser.search.order.1,S", "WebSearch");
Vymazáno : user_pref("browser.search.selectedEngine", "WebSearch");
Vymazáno : user_pref("browser.search.selectedEngine,S", "WebSearch");
Vymazáno : user_pref("browser.startup.homepage", "hxxp://websearch.searchingissme.info/?unqvl=23");
Vymazáno : user_pref("extensions.5108eb0d6826b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Vymazáno : user_pref("extensions.519f7b12655c0.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Vymazáno : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Vymazáno : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Vymazáno : user_pref("keyword.URL", "hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Vymazáno : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Vymazáno : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R1].txt - [6435 octets] - [25/06/2013 22:30:02]
AdwCleaner[S1].txt - [6051 octets] - [25/06/2013 22:33:21]

########## EOF - C:\AdwCleaner[S1].txt - [6111 octets] ##########

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files (x86)\WebSearch
  c:\users\Srbino\AppData\Roaming\mow
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Facebook Update"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "GrooveMonitor"=-
  "HP Software Update"=-
  
  DDS::
  uStart Page = hxxp://websearch.searchingissme.info/?unqvl=23
  mStart Page = hxxp://websearch.searchingissme.info/?unqvl=23
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  Firefox::
  FF - ProfilePath - c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=
  FF - prefs.js: browser.search.selectedEngine - WebSearch
  FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchingissme.info/?unqvl=23
  FF - prefs.js: keyword.URL - hxxp://websearch.searchingissme.info/?unqvl=23&l=1&q=
  FF - user.js: network.http.pipelining.maxrequests - 8
  FF - user.js: network.http.request.max-start-delay - 0
  FF - user.js: network.http.max-connections - 48
  FF - user.js: network.http.max-connections-per-server - 16
  FF - user.js: network.http.max-persistent-connections-per-proxy - 16
  FF - user.js: network.http.max-persistent-connections-per-server - 8
  FF - user.js: browser.turbo.enabled - true
  FF - user.js: browser.display.show_image_placeholders - true
  FF - user.js: browser.chrome.favicons - false
  FF - user.js: browser.urlbar.autocomplete.enabled - true
  FF - user.js: browser.cache.memory.capacity - 65536
  FF - user.js: content.notify.ontimer - true
  FF - user.js: content.interrupt.parsing - true
  FF - user.js: content.max.tokenizing.time - 2250000
  FF - user.js: content.switch.threshold - 750000
  FF - user.js: plugin.expose_full_path - true
  FF - user.js: ui.submenuDelay - 0
  
  RegNull::
  [HKEY_USERS\S-1-5-21-924197963-2507838477-3784744702-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  File::
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000Core.job
  C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000UA.job
  C:\Windows\tasks\HPCeeScheduleForSrbino.job
  C:\Windows\tasks\HPCeeScheduleForSUPERMACHINE$.job
  C:\Windows\tasks\ParetoLogic Registration3.job
  C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
  C:\Windows\tasks\ParetoLogic Update Version3.job
  C:\Windows\tasks\RegCure Pro.job
  C:\Windows\tasks\SlimDrivers Startup.job
  C:\Windows\tasks\SmartDefrag_Startup.job
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Všiml jsem si, že se mi lehce posekává počítač a když jsem v mozille tak se občas sekne uplně (stalo se mi to tak 3x). Doufám že combofix ssebou vzal i tuhle škodnou, která zato může...

Zde je ještě log z comba:
ComboFix 13-06-27.01 - Srbino 27.06.2013 10:16:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8172.6221 [GMT 2:00]
Spuštěný z: c:\users\Srbino\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Srbino\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000UA.job"
"c:\windows\tasks\HPCeeScheduleForSrbino.job"
"c:\windows\tasks\HPCeeScheduleForSUPERMACHINE$.job"
"c:\windows\tasks\ParetoLogic Registration3.job"
"c:\windows\tasks\ParetoLogic Update Version3 Startup Task.job"
"c:\windows\tasks\ParetoLogic Update Version3.job"
"c:\windows\tasks\RegCure Pro.job"
"c:\windows\tasks\SlimDrivers Startup.job"
"c:\windows\tasks\SmartDefrag_Startup.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Srbino\AppData\Roaming\mow
c:\users\Srbino\AppData\Roaming\mow\elib.dll
c:\users\Srbino\AppData\Roaming\mow\light_d.dll
c:\users\Srbino\AppData\Roaming\mow\road_v.lft
c:\users\Srbino\AppData\Roaming\mow\run.lft
c:\users\Srbino\AppData\Roaming\mow\set_a.del
c:\users\Srbino\AppData\Roaming\mow\teo.a
c:\users\Srbino\AppData\Roaming\mow\thread.dll
c:\users\Srbino\AppData\Roaming\mow\update.pp
c:\users\Srbino\AppData\Roaming\mow\updateGeForce GT 545glg2tc6016w256l4.bin
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-924197963-2507838477-3784744702-1000UA.job
c:\windows\tasks\HPCeeScheduleForSrbino.job
c:\windows\tasks\HPCeeScheduleForSUPERMACHINE$.job
c:\windows\tasks\SmartDefrag_Startup.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-27 do 2013-06-27 )))))))))))))))))))))))))))))))
.
.
2013-06-27 08:23 . 2013-06-27 08:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-06-27 08:23 . 2013-06-27 08:23 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-06-27 08:23 . 2013-06-27 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 22:26 . 2013-06-26 22:26 -------- d-----w- c:\program files (x86)\Microsoft Games
2013-06-26 22:10 . 2013-06-26 22:10 -------- d-----w- c:\users\Srbino\AppData\Roaming\NVIDIA
2013-06-26 20:53 . 2013-06-26 20:53 -------- d-----w- c:\program files (x86)\Warframe
2013-06-26 20:53 . 2013-06-26 22:18 -------- d-----w- c:\users\Srbino\AppData\Local\Warframe
2013-06-26 20:00 . 2013-06-26 20:04 -------- d-----w- c:\users\Public\Games
2013-06-26 15:25 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BB99290-674F-464A-8971-5655D31DFE78}\mpengine.dll
2013-06-26 12:43 . 2013-06-26 12:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-06-26 12:43 . 2013-06-26 12:43 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-26 09:37 . 2013-05-12 20:34 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-06-26 09:37 . 2013-05-12 20:34 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-06-26 09:37 . 2013-05-12 20:34 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-06-26 09:37 . 2013-05-12 20:34 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-06-26 09:37 . 2013-05-12 20:34 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-06-26 09:37 . 2013-05-08 14:13 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-06-26 09:37 . 2013-05-12 21:42 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-26 09:37 . 2013-05-12 21:42 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-06-26 09:37 . 2013-06-26 09:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-06-25 17:25 . 2013-06-25 17:25 -------- d-----w- c:\programdata\StarApp
2013-06-25 16:39 . 2013-06-25 16:39 -------- d-----w- C:\rsit
2013-06-25 16:39 . 2013-06-25 16:39 -------- d-----w- c:\program files\trend micro
2013-06-25 13:55 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 12:43 . 2013-06-25 12:43 1950093 ----a-w- c:\windows\SysWow64\updateGeForce 9600 GTglg2tc960w256l4.bin
2013-06-25 11:53 . 2013-06-25 14:02 -------- d-----w- c:\users\Srbino\AppData\Local\NVIDIA
2013-06-25 11:48 . 2013-02-25 05:27 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2013-06-25 11:48 . 2013-02-25 05:27 194848 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-06-24 22:12 . 2013-06-25 16:42 -------- d-----w- c:\program files (x86)\SlimDrivers
2013-06-24 20:07 . 2013-06-24 20:07 942945 ----a-w- c:\windows\SysWow64\updateGeForce GT 545glg2tc6016w256l4.bin
2013-06-24 17:58 . 2013-06-24 17:58 -------- d-----w- c:\program files (x86)\1C Company
2013-06-23 12:13 . 2013-06-23 12:13 -------- d-----w- C:\Games
2013-06-23 12:06 . 2013-06-26 17:06 -------- d-----w- c:\program files (x86)\Skyrim
2013-06-21 07:45 . 2013-06-21 07:45 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5B0489-AE5C-4AE0-B689-6D35A410EACC}\gapaengine.dll
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\users\Srbino\AppData\Roaming\BANDISOFT
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\program files (x86)\Bandicam
2013-06-16 14:46 . 2013-06-16 14:46 -------- d-----w- c:\program files (x86)\BandiMPEG1
2013-06-16 14:30 . 2013-06-16 14:30 -------- d-----w- c:\program files (x86)\HELP
2013-06-15 21:44 . 2013-06-15 21:44 -------- d-----w- c:\users\Srbino\AppData\Roaming\Ultima Online Forever (Razor)
2013-06-13 22:32 . 2013-06-13 22:32 -------- d-----w- c:\programdata\Recovery
2013-06-01 19:28 . 2013-06-01 19:43 -------- d-----w- c:\program files (x86)\StarCraft II
2013-05-30 17:39 . 2013-05-30 17:39 -------- d-----w- c:\users\Srbino\AppData\Local\Facebook
2013-05-30 15:52 . 2013-05-30 15:52 -------- d-----w- c:\users\Srbino\AppData\Local\Sony Online Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 16:42 . 2012-05-30 20:23 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-12 19:32 . 2012-01-05 18:36 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 19:14 . 2012-05-02 05:15 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:14 . 2011-11-15 15:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-10 14:50 . 2012-06-22 20:32 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-10 14:50 . 2012-01-02 13:21 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-10 14:49 . 2012-01-02 13:21 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-21 17:58 . 2012-02-10 14:34 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-12 21:42 . 2013-03-28 13:25 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-03-28 13:25 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-10 19:31 . 2012-02-12 14:21 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 08:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 08:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 08:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 08:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 08:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 08:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-28 07:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 08:46 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 08:46 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 08:46 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2012-02-14 19:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe" [2000-01-01 284480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
S1 Magic Tune;MagicTune;c:\windows\system32\Drivers\MtiCtwl.sys;c:\windows\SYSNATIVE\Drivers\MtiCtwl.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\idt\wdm\sttray64.exe" [2011-06-10 1128448]
"BeatsOSDApp"="c:\program files\idt\wdm\beats64.exe" [2010-10-21 37888]
"AmIcoSinglun64"="c:\program files (x86)\amicosinglun\amicosinglun64.exe" [2000-01-01 324096]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}
TCP: DhcpNameServer = 10.236.184.254 10.0.0.3 10.0.0.2
FF - ProfilePath - c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\
FF - ExtSQL: 2013-05-24 15:52; zpwar4@zsciy.net; c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\extensions\zpwar4@zsciy.net.xpi
FF - ExtSQL: 2013-06-17 21:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Srbino\AppData\Roaming\Mozilla\Firefox\Profiles\ijlwxfyy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2012-01-02 19:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-InstallShield_{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8} - c:\program files (x86)\InstallShield Installation Information\{3AF095EF-23B3-4C6A-BBA1-4C1EB663DAF8}\Texas Instruments xHCI Driver v1.12.9 (
AddRemove-{8E8C3CFD-F20D-67A0-B812-B1405F1EAEB2} - c:\progra~3\INSTAL~2\{988C5~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-06-27 10:30:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-27 08:30
ComboFix2.txt 2013-06-25 17:42
.
Před spuštěním: Volných bajtů: 945 739 833 344
Po spuštění: Volných bajtů: 945 180 622 848
.
- - End Of File - - 2BDDC91A6D6147EB4E44A25AA26A675E
D41D8CD98F00B204E9800998ECF8427E

Pouzivejte normalni barvu pisma, tohle se neda cist

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden


Pripadne zkuste FF preinstalovat

Pročištěno, děkuji Vám strašně moc za pomoc. Kdybych měl náhodou problém, tak napíšu!

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat