VIRY.CZ

Zdravím, jsem docela zoufalej, protože sem po dlouhý době projel comp a nestačil sem se divit. Norton našel spoustu věcí..Nějaké viry co se musí odstranit ručně.když sem hledal jak na to, tak sem narazil.Také sem si všiml, že v centru zabezpečení systému windows nejde ta služba zapnout. Zkoušel jsem i přes služby, ale tam jsem ani centrum zabezpečení nenašel

Ohledně virů a antivirů jsem newbee takže prosím o radu. Díky moc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Marty at 2013-07-15 23:30:16
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 139 GB (29%) free of 477 GB
Total RAM: 6142 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:30:35, on 15/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\PicPick\picpick.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Marty.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
R3 - URLSearchHook: (no name) - {0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)
F3 - REG:win.ini: load=C:\Users\Marty\AppData\Local\Temp\{79752~1.EXE
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe
O4 - HKCU\..\Run: [Mikogo] "C:\Users\Marty\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [supertintin_skype] C:\Program Files (x86)\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Purple Lounge - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PurpleLoungeMPP\MPPoker.exe (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: B-Service - Unknown owner - C:\Users\Marty\AppData\Roaming\Mikogo\B-Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate1ca9a6f3d2f71c0) (gupdate1ca9a6f3d2f71c0) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\ccSvcHst.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19030 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
atieclxx
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\SysWOW64\ASDR.exe
"C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe"
"C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll" /prefetch:1
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"taskhost.exe"
"C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\ccSvcHst.exe" /c /a /s UserSession
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe" /c /a /s UserSession
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {8543B656-903B-4CCC-8113-E347E71C91A4}
"C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe" -silent /s
"C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s
WLIDSvcM.exe 2972
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\PicPick\picpick.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe"
ArcCon.ac 66894 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Logitech\G930\G930.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4200 series#1261767312" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3436.0.2013750036\1276083022" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,20 --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x68be --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.660.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/OmniboxReplaceHUPAndNewScoring/HQP-postperiod-ReplaceHUP_New-postperiod-Scoring/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3436.2.899197694\1491860488" /prefetch:673131151
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/OmniboxReplaceHUPAndNewScoring/HQP-postperiod-ReplaceHUP_New-postperiod-Scoring/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3436.15.1020374586\377520896" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3436.16.1197210480\1439828483" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Marty\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\z849xsjq.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://isearch.avg.com/?cid={4214EEE2-9 ... 2011-11-05 11:48:44&v=15.3.0.11&pid=avg&sg=0&sap=hp"
prefs.js - "extensions.enabledItems" - "{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, ffxtlbr@babylon.com:1.2.0, {0b7430e9-e659-4555-ac67-be3340aaa519}:3.8.1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191, avg@toolbar:12.2.5.32, smartwebprinting@hp.com:4.51, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid={4214 ... 2011-11-05 11:48:44&pid=avg&sg=0&v=15.3.0.11&sap=ku&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npatgpc.dll
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
avg-secure-search.xml
babylon.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\z849xsjq.default\extensions\
ffxtlbr@babylon.com
{0b7430e9-e659-4555-ac67-be3340aaa519}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\z849xsjq.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-23 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14 6307960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\IPS\IPSBHO.DLL [2012-08-10 387040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-13 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-23 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
Norton Identity Protection - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll [2012-08-22 497048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
NCH Toolbar - C:\Program Files (x86)\NCH\tbNCH.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-13 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-11-24 1536456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-23 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{c2db4fe6-8409-45ce-8010-189a7b5cce86} - NCH Toolbar - C:\Program Files (x86)\NCH\tbNCH.dll [2009-12-31 2349080]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-23 192592]
{A13C2648-91D4-4bf3-BC6D-0079707C4389} - Norton Identity Safe Toolbar - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll [2012-08-22 497048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-01-20 6963744]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-01-20 1833504]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"PicPick Start"=C:\Program Files (x86)\PicPick\picpick.exe [2010-11-20 4816896]
"Mikogo"=C:\Users\Marty\AppData\Roaming\Mikogo 4\mikogo-host.exe [2011-08-04 5420408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"supertintin_skype"=C:\Program Files (x86)\Supertintin for Skype\supertintin_skype.exe [2011-01-10 999936]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03 19603048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"ASUSGamerOSD"=C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [2009-07-30 380928]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-18 98304]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"Nikon Transfer Monitor"=C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2009-09-15 479232]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Logitech G930"=C:\Program Files (x86)\Logitech\G930\G930.exe [2011-03-23 1516888]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-02-20 152392]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux9"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-15 23:30:16 ----D---- C:\rsit
2013-07-15 23:30:16 ----D---- C:\Program Files\trend micro
2013-07-15 23:07:36 ----SHD---- C:\$$PendingFiles
2013-07-15 23:00:45 ----D---- C:\Program Files (x86)\Trend Micro
2013-07-15 20:02:53 ----A---- C:\autoexec.bat
2013-07-15 20:02:21 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2013-07-15 20:02:04 ----D---- C:\sh4ldr
2013-07-15 20:02:04 ----D---- C:\Program Files\Enigma Software Group
2013-07-15 20:01:25 ----D---- C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-15 18:41:10 ----D---- C:\Windows\system32\drivers\NSTx64
2013-07-15 18:41:10 ----D---- C:\Program Files (x86)\Norton Identity Safe
2013-07-15 18:41:05 ----D---- C:\Program Files\Symantec
2013-07-15 18:41:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2013-07-15 18:41:05 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-15 18:40:27 ----D---- C:\Windows\system32\drivers\NAVx64
2013-07-15 18:40:26 ----D---- C:\Program Files (x86)\Norton AntiVirus
2013-07-15 18:40:23 ----D---- C:\ProgramData\Norton
2013-07-15 18:40:13 ----D---- C:\ProgramData\NortonInstaller
2013-07-15 18:40:13 ----D---- C:\Program Files (x86)\NortonInstaller
2013-07-15 17:53:03 ----HD---- C:\VTRoot
2013-07-15 17:43:08 ----D---- C:\Program Files\COMODO
2013-07-15 17:43:04 ----D---- C:\ProgramData\COMODO
2013-07-15 17:42:45 ----D---- C:\Program Files (x86)\Comodo
2013-07-15 15:36:38 ----D---- C:\Program Files\PostgreSQL
2013-07-15 14:41:31 ----D---- C:\Users\Marty\AppData\Roaming\postgresql
2013-07-12 11:21:38 ----D---- C:\ProgramData\ESET
2013-07-12 11:21:38 ----D---- C:\Program Files\ESET
2013-07-12 11:15:36 ----D---- C:\Users\Marty\AppData\Roaming\TuneUp Software
2013-07-11 22:23:05 ----D---- C:\Program Files (x86)\x264 Video Codec
2013-06-16 14:44:51 ----D---- C:\Program Files (x86)\Sharkystrator

======List of files/folders modified in the last 1 month======

2013-07-15 23:30:16 ----RD---- C:\Program Files
2013-07-15 23:30:07 ----D---- C:\Windows\Temp
2013-07-15 23:13:32 ----D---- C:\Users\Marty\AppData\Roaming\Skype
2013-07-15 23:00:45 ----SHD---- C:\Windows\Installer
2013-07-15 23:00:45 ----RD---- C:\Program Files (x86)
2013-07-15 23:00:45 ----HD---- C:\Config.Msi
2013-07-15 22:41:47 ----D---- C:\ProgramData\Microsoft Help
2013-07-15 22:41:01 ----RSD---- C:\Windows\assembly
2013-07-15 22:39:43 ----D---- C:\Windows\System32
2013-07-15 22:39:43 ----D---- C:\Windows\inf
2013-07-15 22:39:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-15 22:38:14 ----D---- C:\Windows\winsxs
2013-07-15 22:35:08 ----D---- C:\Windows\debug
2013-07-15 22:35:02 ----A---- C:\Windows\system32\MRT.exe
2013-07-15 22:34:05 ----D---- C:\Windows\system32\catroot2
2013-07-15 22:34:05 ----D---- C:\Windows\system32\catroot
2013-07-15 22:27:48 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-15 22:27:48 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-07-15 22:26:08 ----D---- C:\Windows\system32\config
2013-07-15 22:25:57 ----D---- C:\Windows\SoftwareDistribution
2013-07-15 22:10:27 ----D---- C:\Windows
2013-07-15 21:57:15 ----SHD---- C:\System Volume Information
2013-07-15 20:24:00 ----D---- C:\Windows\system32\Tasks
2013-07-15 20:02:49 ----D---- C:\Windows\SysWOW64
2013-07-15 20:02:21 ----D---- C:\Windows\system32\drivers
2013-07-15 19:37:08 ----D---- C:\Users\Marty\AppData\Roaming\Desktopicon
2013-07-15 19:02:01 ----D---- C:\Windows\Tasks
2013-07-15 19:02:01 ----D---- C:\Windows\system32\wbem
2013-07-15 19:02:01 ----D---- C:\Program Files\Internet Explorer
2013-07-15 19:02:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-07-15 19:02:00 ----D---- C:\Users\Marty\AppData\Roaming\Mikogo 4
2013-07-15 19:01:59 ----D---- C:\Program Files (x86)\Eidos
2013-07-15 19:01:42 ----D---- C:\Windows\registration
2013-07-15 18:59:13 ----D---- C:\Windows\system32\LogFiles
2013-07-15 18:43:03 ----D---- C:\Program Files (x86)\Common Files
2013-07-15 18:41:05 ----D---- C:\Program Files\Common Files
2013-07-15 18:40:23 ----HD---- C:\ProgramData
2013-07-15 18:36:53 ----D---- C:\Windows\system32\DriverStore
2013-07-15 18:13:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-07-15 15:29:12 ----D---- C:\ProgramData\avg9
2013-07-15 14:08:45 ----D---- C:\Users\Marty\AppData\Roaming\Azureus
2013-07-14 08:50:32 ----D---- C:\Users\Marty\AppData\Roaming\DAEMON Tools Lite
2013-07-14 08:50:25 ----D---- C:\Users\Marty\AppData\Roaming\TS3Client
2013-07-14 08:48:09 ----D---- C:\Windows\Panther
2013-07-14 08:48:07 ----D---- C:\Windows\Minidump
2013-07-14 08:48:07 ----D---- C:\Windows\Logs
2013-07-12 11:56:03 ----D---- C:\ProgramData\MFAData
2013-07-12 11:34:05 ----D---- C:\Users\Marty\AppData\Roaming\TableNinja.v2
2013-07-12 11:31:51 ----D---- C:\Windows\SYSWOW64\drivers
2013-07-12 11:31:50 ----HD---- C:\$AVG
2013-07-12 11:29:13 ----D---- C:\Windows\Prefetch
2013-07-11 22:23:15 ----SD---- C:\ProgramData\Microsoft
2013-07-11 20:15:33 ----A---- C:\blitzerr.txt
2013-07-10 11:38:51 ----D---- C:\Program Files (x86)\TableNinja
2013-06-30 20:26:59 ----A---- C:\log_hud.txt
2013-06-30 20:18:51 ----A---- C:\Program Files (x86)\log_hud.txt
2013-06-30 20:06:13 ----A---- C:\Program Files (x86)\log_hud.txtlog_hud.txt
2013-06-30 18:45:49 ----D---- C:\Program Files (x86)\SharkScope
2013-06-28 11:58:32 ----D---- C:\Program Files (x86)\PokerStars
2013-06-27 13:03:35 ----D---- C:\Windows\system32\NDF
2013-06-26 03:13:59 ----D---- C:\Windows\Microsoft.NET
2013-06-26 03:05:20 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-06-24 13:03:05 ----D---- C:\Program Files (x86)\Vuze
2013-06-21 13:15:27 ----D---- C:\ProgramData\Skype
2013-06-21 13:15:24 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2008-11-04 98144]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-05 560184]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NAVx64\1401000.018\SYMDS64.SYS [2012-07-27 493216]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAVx64\1401000.018\SYMEFA64.SYS [2012-08-07 1132192]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [2012-08-10 1385120]
R1 ccSet_NAV;Norton AntiVirus Settings Manager; C:\Windows\system32\drivers\NAVx64\1401000.018\ccSetx64.sys [2012-08-06 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager; C:\Windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys [2012-08-07 168096]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-08-18 484512]
R1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [2009-12-11 16384]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2009-07-16 30080]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20120811.001\IDSVia64.sys [2012-08-10 512672]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\drivers\NAVx64\1401000.018\SRTSP64.SYS [2012-08-10 776352]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NAVx64\1401000.018\SRTSPX64.SYS [2012-05-24 37496]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NAVx64\1401000.018\Ironx64.SYS [2012-07-27 224416]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\system32\drivers\NAVx64\1401000.018\SYMNETS.SYS [2012-07-22 432800]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-02-27 43168]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-08-23 120336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-18 6170624]
R3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys [2007-08-08 35624]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\System32\Drivers\atkdisplowfilter.sys [2009-02-17 39424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]
R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-07-15 23080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-01-20 1699744]
R3 LADF_BakerCOnly;BakerC Filter Driver; C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver; C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130715.003\ENG64.SYS [2013-07-15 126040]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130715.003\EX64.SYS [2013-07-15 2098776]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2013-07-15 177312]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-06-04 312480]
S3 ALSysIO;ALSysIO; \??\C:\Users\Marty\AppData\Local\Temp\ALSysIO64.sys []
S3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 AODDriver;AODDriver; \??\C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-23 14904]
S3 cpuz130;cpuz130; \??\C:\Users\Marty\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
S3 EraserUtilDrv11220;EraserUtilDrv11220; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2009-12-24 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2013-07-12 30528]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 29696]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-12-15 117248]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 114304]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2008-12-25 190496]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x64\Sandra.sys [2009-08-08 23112]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-18 202752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2009-07-27 61440]
R2 ASKService;ASKService; C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2009-05-06 62464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 NAV;Norton AntiVirus; C:\Program Files (x86)\Norton AntiVirus\Engine\20.1.0.24\ccSvcHst.exe [2012-08-18 143928]
R2 NCO;Norton Identity Safe; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [2012-08-19 143928]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-04-22 75136]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-06-27 1025408]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 641352]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe []
S2 gupdate1ca9a6f3d2f71c0;Služba Google Update (gupdate1ca9a6f3d2f71c0); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 133104]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 B-Service;B-Service; C:\Users\Marty\AppData\Roaming\Mikogo\B-Service.exe [2011-02-20 185640]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 133104]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-25 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [2009-08-24 93336]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Jste se dal na chov konicku trojskych a stadecka rootkitu nebo co

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

Vse delejte postupne, ma to svuj smysl a navaznost

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Spustte tradicne dvouklikem
Probehne skenovani a pak se objevi log, pripadne bude ulozen v miste spusteni jako sc-cleaner.txt, ten sem vlozte

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill 2.5.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/16/2013 12:58:52 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\ATKFUSService.exe (PID: 784) [WD-HEUR]
* C:\Windows\SysWOW64\ASDR.exe (PID: 1584) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Marty\Desktop\rkill\rkill-07-16-2013-12-58-57.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\ [ZA Dir]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\@ [ZA File]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\L\ [ZA Dir]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\L\00000004.@ [ZA File]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\L\201d3dde [ZA File]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\L\6715e287 [ZA File]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\L\76603ac3 [ZA File]
* C:\Windows\Installer\{32af6320-afbd-361c-4889-79e5127d5275}\U\ [ZA Dir]

* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Windows Defender\cs-CZ => c:\windows\system32\config\ [Dir]
* C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpClient.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpCommu.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpClient.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCommu.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpRes.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpAsDesc.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpCmdRun.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpOAV.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpRTP.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpCom.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpLics.dll => c:\windows\system32\config [File]
* C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 14825 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 07/16/2013 01:00:18 PM
Execution time: 0 hours(s), 1 minute(s), and 26 seconds(s)

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 07/16/2013 01:03:04 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Marty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Marty\Desktop

0 bad shortcuts found.

Program finished at: 07/16/2013 01:03:08 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

Results of screen317's Security Check version 0.99.69
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java(TM) 6 Update 31
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (3.6.12) Firefox out of Date!
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Engine 20.1.0.24 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Zaliskane je to opravdu hoooodne...

Pustte tam COmboFix, ten nam to aspon trochu vycisti a pak pujdeme dale...

ted mám trošku problém s tím vypnout rezidentní štíty AVG...mám ho odinstalovanej už dávno..

Ono je tam celkove bordel v zabezpeceni, to poresime posleze...

Hlasku CF odkliknete

ComboFix 13-07-15.01 - Marty 16/07/2013 13:28:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.6142.4286 [GMT 2:00]
Spuštěný z: c:\users\Marty\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\playercachelines.tmp
c:\programdata\sortedcards.tmp
c:\programdata\xml1248.tmp
c:\programdata\xml145B.tmp
c:\programdata\xml38C9.tmp
c:\programdata\xml3BB7.tmp
c:\programdata\xml3CF1.tmp
c:\programdata\xml3DDC.tmp
c:\programdata\xml3E2B.tmp
c:\programdata\xml4867.tmp
c:\programdata\xml4904.tmp
c:\programdata\xml54E4.tmp
c:\programdata\xml5A13.tmp
c:\programdata\xml7FD.tmp
c:\programdata\xml908F.tmp
c:\programdata\xml95CF.tmp
c:\programdata\xml96BA.tmp
c:\programdata\xmlA5EF.tmp
c:\programdata\xmlA70A.tmp
c:\programdata\xmlA8FC.tmp
c:\programdata\xmlCF3B.tmp
c:\programdata\xmlCFE7.tmp
c:\programdata\xmlDF7.tmp
c:\programdata\xmlFD13.tmp
c:\programdata\xmlFFD2.tmp
c:\users\Marty\AppData\Roaming\Desktopicon
c:\users\Marty\AppData\Roaming\Desktopicon\config.ini
c:\users\Marty\AppData\Roaming\Roaming
c:\users\Marty\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\users\Marty\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\Install.db
c:\users\Marty\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\Media_db.db
c:\users\Marty\videos\InstallerHollywoodPoker.exe
c:\users\Marty\videos\roi_simulator.exe
c:\users\Public\videos\FullDoylesRoomSetup.1.151.0.exe
c:\windows\SysWow64\tmpC7F0.tmp
c:\windows\SysWow64\tmpC87D.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-16 do 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-16 11:33 . 2013-07-16 11:33 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-07-16 11:33 . 2013-07-16 11:33 -------- d-----w- c:\users\postgres.Marty-PC\AppData\Local\temp
2013-07-16 11:33 . 2013-07-16 11:33 -------- d-----w- c:\users\postgres.Marty-PC.000\AppData\Local\temp
2013-07-15 21:30 . 2013-07-15 21:30 -------- d-----w- C:\rsit
2013-07-15 21:30 . 2013-07-15 21:30 -------- d-----w- c:\program files\trend micro
2013-07-15 21:07 . 2013-07-15 21:07 -------- d-sh--w- C:\$$PendingFiles
2013-07-15 21:00 . 2013-07-15 21:00 388096 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-15 21:00 . 2013-07-15 21:00 -------- d-----w- c:\program files (x86)\Trend Micro
2013-07-15 18:02 . 2013-07-15 18:02 57886 ----a-w- c:\windows\SysWow64\epfwdata.bin
2013-07-15 18:02 . 2012-06-22 10:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-07-15 18:02 . 2013-07-15 18:02 110080 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{67E1227E-D553-4A6A-96CD-40CCBBC705D8}\IconF7A21AF7.exe
2013-07-15 18:02 . 2013-07-15 18:02 110080 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{67E1227E-D553-4A6A-96CD-40CCBBC705D8}\IconD7F16134.exe
2013-07-15 18:02 . 2013-07-15 18:02 110080 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{67E1227E-D553-4A6A-96CD-40CCBBC705D8}\Icon1226A4C5.exe
2013-07-15 18:02 . 2013-07-15 18:23 -------- d-----w- c:\program files\Enigma Software Group
2013-07-15 18:02 . 2013-07-15 18:02 -------- d-----w- C:\sh4ldr
2013-07-15 18:01 . 2013-07-15 18:02 -------- d-----w- c:\windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-15 16:43 . 2013-07-15 16:43 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-07-15 16:41 . 2013-07-16 10:59 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-07-15 16:41 . 2013-07-15 16:41 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-07-15 16:41 . 2013-07-16 11:00 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-15 16:41 . 2013-07-15 16:41 -------- d-----w- c:\program files\Symantec
2013-07-15 16:41 . 2013-07-15 16:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-07-15 16:40 . 2013-07-16 11:37 -------- d-----w- c:\windows\system32\drivers\NAVx64
2013-07-15 16:40 . 2013-07-15 16:40 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2013-07-15 16:40 . 2013-07-15 16:41 -------- d-----w- c:\programdata\Norton
2013-07-15 16:40 . 2013-07-15 16:41 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-07-15 15:53 . 2013-07-15 15:53 -------- d-----w- C:\VTRoot
2013-07-15 15:43 . 2013-07-15 15:43 -------- d-----w- c:\program files\COMODO
2013-07-15 15:43 . 2013-07-15 15:43 -------- d-----w- c:\programdata\COMODO
2013-07-15 15:42 . 2013-07-15 15:42 -------- d-----w- c:\users\Marty\AppData\Local\Comodo
2013-07-15 15:42 . 2013-07-15 15:44 -------- d-----w- c:\program files (x86)\Comodo
2013-07-15 13:36 . 2013-07-15 13:36 -------- d-----w- c:\program files\PostgreSQL
2013-07-15 12:41 . 2013-07-15 13:02 -------- d-----w- c:\users\Marty\AppData\Roaming\postgresql
2013-07-12 09:21 . 2013-07-15 16:32 -------- d-----w- c:\program files\ESET
2013-07-12 09:15 . 2013-07-12 09:15 -------- d-----w- c:\users\Marty\AppData\Roaming\TuneUp Software
2013-07-11 20:23 . 2013-07-11 20:23 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-11 20:23 . 2013-07-11 20:23 -------- d-----w- c:\program files (x86)\x264 Video Codec
2013-06-20 17:04 . 2013-06-20 17:04 -------- d-----w- c:\users\Marty\AppData\Local\Sharkystrator
2013-06-16 12:44 . 2013-07-15 17:02 -------- d-----w- c:\program files (x86)\Sharkystrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 11:36 . 2009-12-11 01:46 23080 ----a-w- c:\windows\gdrv.sys
2013-07-15 20:35 . 2009-12-14 04:46 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-12 10:00 . 2009-12-13 18:10 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-06-13 13:24 . 2013-06-13 13:24 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-13 13:24 . 2013-01-08 18:28 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 13:24 . 2010-08-27 13:24 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 18:46 . 2013-02-26 20:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:46 . 2013-02-26 20:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 14:08 . 2013-06-15 01:01 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-08 14:07 . 2013-06-15 01:00 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-08 14:06 . 2013-06-15 01:00 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-08 14:06 . 2013-06-15 01:00 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-08 14:06 . 2013-06-15 01:00 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-08 12:28 . 2013-06-15 01:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-08 11:13 . 2013-06-15 01:01 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-17 01:25 . 2013-06-13 01:02 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-17 01:25 . 2013-06-13 01:02 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-05-17 01:25 . 2013-06-13 01:02 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-05-17 01:25 . 2013-06-13 01:02 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59 . 2013-06-13 01:02 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-05-17 00:59 . 2013-06-13 01:02 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 00:58 . 2013-06-13 01:02 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-05-17 00:58 . 2013-06-13 01:02 855552 ----a-w- c:\windows\system32\jscript.dll
2013-05-17 00:58 . 2013-06-13 01:02 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 00:58 . 2013-06-13 01:02 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-17 00:58 . 2013-06-13 01:02 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 00:58 . 2013-06-13 01:02 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-05-17 00:58 . 2013-06-13 01:02 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 12:23 . 2013-06-13 01:02 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-14 08:40 . 2013-06-13 01:02 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51 . 2013-06-12 07:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 07:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 07:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 07:51 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 07:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 07:51 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 07:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 07:51 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:51 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:51 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 07:51 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 07:51 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 07:51 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-07 01:03 . 2013-05-07 01:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 01:03 . 2013-05-07 01:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 01:03 . 2013-05-07 01:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 01:03 . 2013-05-07 01:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 01:03 . 2013-05-07 01:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 01:03 . 2013-05-07 01:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 01:03 . 2013-05-07 01:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 01:03 . 2013-05-07 01:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 01:03 . 2013-05-07 01:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 01:03 . 2013-05-07 01:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 01:03 . 2013-05-07 01:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 01:03 . 2013-05-07 01:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 01:03 . 2013-05-07 01:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 01:03 . 2013-05-07 01:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 01:03 . 2013-05-07 01:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 01:03 . 2013-05-07 01:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 01:03 . 2013-05-07 01:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 01:03 . 2013-05-07 01:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 01:03 . 2013-05-07 01:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 01:03 . 2013-05-07 01:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 01:03 . 2013-05-07 01:03 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 01:03 . 2013-05-07 01:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 01:03 . 2013-05-07 01:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 01:03 . 2013-05-07 01:03 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 01:03 . 2013-05-07 01:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 01:03 . 2013-05-07 01:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 01:03 . 2013-05-07 01:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 01:03 . 2013-05-07 01:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 01:03 . 2013-05-07 01:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 01:03 . 2013-05-07 01:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 01:03 . 2013-05-07 01:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 01:03 . 2013-05-07 01:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 01:03 . 2013-05-07 01:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 01:03 . 2013-05-07 01:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 01:03 . 2013-05-07 01:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 01:03 . 2013-05-07 01:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 01:03 . 2013-05-07 01:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 01:03 . 2013-05-07 01:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 01:03 . 2013-05-07 01:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 01:03 . 2013-05-07 01:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 01:03 . 2013-05-07 01:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 01:03 . 2013-05-07 01:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 01:03 . 2013-05-07 01:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 01:03 . 2013-05-07 01:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 01:03 . 2013-05-07 01:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 01:03 . 2013-05-07 01:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 01:03 . 2013-05-07 01:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 01:03 . 2013-05-07 01:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-07 01:03 . 2013-05-07 01:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-26 05:51 . 2013-06-12 07:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 07:51 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 07:51 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2009-12-31 10:53 2349080 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2010-11-20 4816896]
"Mikogo"="c:\users\Marty\AppData\Roaming\Mikogo 4\mikogo-host.exe" [2011-08-04 5420408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"supertintin_skype"="c:\program files (x86)\Supertintin for Skype\supertintin_skype.exe" [2011-01-10 999936]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate1ca9a6f3d2f71c0;Služba Google Update (gupdate1ca9a6f3d2f71c0);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Marty\AppData\Local\Temp\ALSysIO64.sys;c:\users\Marty\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdTools64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 B-Service;B-Service;c:\users\Marty\AppData\Roaming\Mikogo\B-Service.exe;c:\users\Marty\AppData\Roaming\Mikogo\B-Service.exe [x]
R3 cpuz130;cpuz130;c:\users\Marty\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\Marty\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys;c:\windows\SYSNATIVE\DRIVERS\ENTECH64.sys [x]
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD01000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD01000.020\ccSetx64.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130713.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130713.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [x]
S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfBakerCamd64.sys [x]
S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfBakerRamd64.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - EnigmaRegMonInjDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 09:00 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 18:46]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 07:56]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 07:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&nviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\z849xsjq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3021023&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={4214EEE2-9E72-47C5-AA50-1863013D2E9A}&mid=41ce938b7a1247d69ffdd16d5b26b5ee-3288f3b076cfe458ac710afe2cc86cf0929b3e9d&lang=cs&ds=AVG&pr=pr&d=2011-11-05 11:48&v=15.3.0.11&pid=avg&sg=0&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={4214EEE2-9E72-47C5-AA50-1863013D2E9A}&mid=41ce938b7a1247d69ffdd16d5b26b5ee-3288f3b076cfe458ac710afe2cc86cf0929b3e9d&lang=cs&ds=AVG&pr=pr&d=2011-11-05 11:48&pid=avg&sg=0&v=15.3.0.11&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - fcc193f800000000000000ffa4db18e9
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc193f800000000000000ffa4db18e9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15452
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{0b7430e9-e659-4555-ac67-be3340aaa519} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{7L00YFIL-ORTD-NDX8-8FHK-MXZ1AKU5GQQR} - c:\users\Marty\AppData\Local\Temp\application.exe
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
AddRemove-Unibet - c:\microgaming\Casino\Unibet\install.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=hex:51,66,7a,6c,4c,1d,38,12,50,d3,52,
34,79,b3,8e,01,c8,54,6e,db,8d,6e,1b,8c
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}"=hex:51,66,7a,6c,4c,1d,38,12,88,4c,c8,
c6,3b,ca,a0,00,ff,06,5b,da,7e,02,8a,92
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=hex:51,66,7a,6c,4c,1d,38,12,78,38,4c,
81,00,23,88,0a,f5,40,f8,f6,90,c6,d4,52
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,
0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15
"{201F27D4-3704-41D6-89C1-AA35E39143ED}"=hex:51,66,7a,6c,4c,1d,38,12,ba,24,0c,
24,36,79,b8,04,f6,d7,e9,75,e6,cf,07,f9
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{B0DE3308-5D5A-470D-81B9-634FC078393B}"=hex:51,66,7a,6c,4c,1d,38,12,66,30,cd,
b4,68,13,63,02,fe,af,20,0f,c5,26,7d,2f
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:fe,fc,91,63,d7,2f,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Celkový čas: 2013-07-16 13:45:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-16 11:45
.
Před spuštěním: Volných bajtů: 143 052 832 768
Po spuštění: Volných bajtů: 143 283 253 248
.
- - End Of File - - 33F23D84270B06EC1DF883B81D56EA53
A36C5E4F47E84449FF07ED3517B43A31

Udelejte FRST dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=130781

btw:
cokoliv chci spustit, tak mě to u všeho píše: Pokus použít neplatnou operaci registru, který je označen pro odstranění. Je normální??

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Ok, to s tím FRST, musím udělat z jiného compu a budu potřebovat flashku?

Jiny PC neni potreba, flash disk by byl vhodny, ale muzete to ulozit i primo na c:\ treba

VIRY.CZ

Spousta havěti

Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti

Re: Spousta havěti