Kontrola logu.

Zpráva

Shady22 · #1 Příspěvek od **Shady22** » 17 lis 2013 16:43

Prosím o kontrolu logu:)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2013-11-17 16:41:13
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 359 GB (78%) free of 463 GB
Total RAM: 3959 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:19, on 17.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, enhanced for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MyStart Toolbar - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - C:\Program Files (x86)\mystarttb\mystartDx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MyStart Anti-phishing Domain Advisor] "C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Fopuyg] C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\???\???\???\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\GoogleUpdate.exe" >
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C718F98B-3F2E-4CBD-8DC6-43CF41B0740B}: NameServer = 10.10.2.10,80.82.144.94
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\Windows\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12013 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 25465360
\??\C:\Windows\system32\conhost.exe "163971111-8048881901224634182-1797901138-1567529844-7269399-511941668-1699990888
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\SysWOW64\ssins.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1888
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe"
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5068 CREDAT:267521 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe -Embedding
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5068 CREDAT:267724 /prefetch:2
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"taskhost.exe"
taskeng.exe {0FC12364-C1B6-4994-9753-8F323A1A36A0}
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-982f7fee-64e1-4a1a-9d74-207ae83996c1 -SystemEventPortName:HostProcess-759e3a7a-0e94-421d-9e30-d8fdd6681492 -IoCancelEventPortName:HostProcess-4c1061ae-21b0-4554-857c-a58d03607256 -NonStateChangingEventPortName:HostProcess-93649408-cdaf-49ed-b3dc-43999e14247a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b3e6382a-738b-467f-a249-d59748cd4234 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-776872935-2510699691-1752943658-100092_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-776872935-2510699691-1752943658-100092 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Uživatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNLC7NX3\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0]
"Description"=
"Path"=C:\Program Files (x86)\Virtual Earth 3D\

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
yahoo.xml

C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\extensions\
yasearch@yandex.ru
{607b689f-7600-45e4-b8e5-887f72dab15c}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-26 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}]
MyStart Toolbar - C:\Program Files (x86)\mystarttb\mystartDx.dll [2013-09-25 91712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-26 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-10-10 256080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]
{ccb24e92-62c4-4c53-95d2-65f9eed476bc} - MyStart Toolbar - C:\Program Files (x86)\mystarttb\mystartDx.dll [2013-09-25 91712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-06-22 10920552]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-04-13 649608]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-09-15 206208]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2010-06-11 861216]
"MSC"=c:\Program Files\Microsoft Security Client\mssecex.exe -hide -runkey []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-05 802136]
"Fopuyg"=C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe [2010-10-25 468992]
"Google Update"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-04-13 284696]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-05-25 960080]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"MyStart Anti-phishing Domain Advisor"=C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe [2013-08-30 235072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-11-17 00:51:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-11-17 00:51:21 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-11-17 00:51:21 ----A---- C:\Windows\system32\elshyph.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\url.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-11-17 00:51:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\wininet.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\urlmon.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\url.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-17 00:51:19 ----A---- C:\Windows\system32\msrating.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\msls31.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\iesetup.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\iertutil.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\iernonce.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\iedkcs32.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\ieapfltr.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\ieapfltr.dat
2013-11-17 00:51:19 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-17 00:51:19 ----A---- C:\Windows\system32\icardie.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\dxtrans.dll
2013-11-17 00:51:19 ----A---- C:\Windows\system32\dxtmsft.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\wextract.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\webcheck.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\vbscript.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\pngfilt.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\occache.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\mshtmler.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\mshtmled.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\mshtml.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\mshta.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\msfeedssync.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\licmgr10.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\jscript9.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\jscript.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\inseng.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\imgutil.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\iexpress.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\ieUnatt.exe
2013-11-17 00:51:18 ----A---- C:\Windows\system32\ieui.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\iepeers.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\ieframe.dll
2013-11-17 00:51:18 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-11-16 15:01:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-11-14 16:04:19 ----A---- C:\Windows\system32\crypt32.dll
2013-11-14 16:04:18 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-14 16:04:08 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-14 16:04:04 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-14 16:04:04 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-14 16:04:04 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-14 16:04:04 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 16:04:04 ----A---- C:\Windows\system32\credui.dll
2013-11-14 16:04:04 ----A---- C:\Windows\system32\authui.dll
2013-11-14 16:03:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-14 16:03:56 ----A---- C:\Windows\system32\schannel.dll
2013-11-14 16:03:56 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-14 16:03:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-14 16:03:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-14 16:03:56 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-14 16:03:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-14 16:03:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-14 16:03:55 ----A---- C:\Windows\system32\sspicli.dll
2013-11-14 16:03:55 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-14 16:03:55 ----A---- C:\Windows\system32\lsass.exe
2013-11-14 16:03:54 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-14 16:03:54 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-14 16:03:54 ----A---- C:\Windows\system32\secur32.dll
2013-11-14 16:03:52 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-14 16:03:52 ----A---- C:\Windows\system32\gdi32.dll
2013-11-14 16:03:51 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-14 16:03:51 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-14 16:03:51 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-14 16:03:51 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-14 16:03:51 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-04 18:06:41 ----A---- C:\Windows\system32\drivers\mcvidrv_x64.sys
2013-11-04 18:06:16 ----D---- C:\ProgramData\MyStart Anti-phishing Domain Advisor
2013-11-04 18:06:10 ----D---- C:\ProgramData\EmailNotifier
2013-11-04 18:06:00 ----D---- C:\Program Files (x86)\mystarttb
2013-11-04 18:05:58 ----D---- C:\Program Files (x86)\ManyCam

======List of files/folders modified in the last 1 month======

2013-11-17 16:41:16 ----D---- C:\Program Files\trend micro
2013-11-17 16:40:53 ----D---- C:\Users\Uživatel\AppData\Roaming\uTorrent
2013-11-17 16:15:41 ----D---- C:\Users\Uživatel\AppData\Roaming\Skype
2013-11-17 12:57:49 ----D---- C:\Windows\Temp
2013-11-17 12:12:18 ----D---- C:\Windows\system32\config
2013-11-17 12:09:48 ----SD---- C:\Users\Uživatel\AppData\Roaming\Microsoft
2013-11-17 11:44:41 ----D---- C:\Windows\winsxs
2013-11-17 11:44:03 ----A---- C:\Windows\SYSWOW64\log.txt
2013-11-17 11:43:08 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-11-17 11:43:08 ----D---- C:\Windows\system32\cs-CZ
2013-11-17 11:43:08 ----D---- C:\Program Files\Internet Explorer
2013-11-17 11:43:08 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-17 11:43:05 ----D---- C:\Windows\SYSWOW64\migration
2013-11-17 11:43:04 ----D---- C:\Windows\SYSWOW64\en-US
2013-11-17 11:43:04 ----D---- C:\Windows\SysWOW64
2013-11-17 11:43:02 ----D---- C:\Windows\system32\migration
2013-11-17 11:43:02 ----D---- C:\Windows\PolicyDefinitions
2013-11-17 11:43:02 ----D---- C:\Windows\inf
2013-11-17 11:43:01 ----D---- C:\Windows\system32\en-US
2013-11-17 11:43:00 ----D---- C:\Windows\System32
2013-11-17 11:42:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 00:56:05 ----D---- C:\Windows\Logs
2013-11-17 00:55:33 ----D---- C:\Windows\system32\catroot
2013-11-17 00:54:45 ----D---- C:\Windows\system32\catroot2
2013-11-17 00:32:48 ----SHD---- C:\System Volume Information
2013-11-16 19:37:53 ----RD---- C:\Program Files (x86)
2013-11-16 12:13:06 ----D---- C:\Windows\Prefetch
2013-11-16 00:22:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-15 19:12:31 ----D---- C:\ProgramData\boost_interprocess
2013-11-15 14:45:41 ----D---- C:\Windows\system32\drivers
2013-11-15 00:12:39 ----D---- C:\Windows\system32\MRT
2013-11-15 00:10:55 ----D---- C:\Windows\debug
2013-11-15 00:10:52 ----A---- C:\Windows\system32\MRT.exe
2013-11-06 13:40:53 ----SHD---- C:\Windows\Installer
2013-11-06 13:40:52 ----D---- C:\ProgramData\Skype
2013-11-06 13:40:44 ----RD---- C:\Program Files (x86)\Skype
2013-11-04 18:13:53 ----D---- C:\ProgramData
2013-11-04 18:12:39 ----A---- C:\Windows\NeroDigital.ini
2013-11-04 18:07:49 ----D---- C:\Windows\system32\DriverStore
2013-11-04 18:06:03 ----D---- C:\Users\Uživatel\AppData\Roaming\Mozilla
2013-11-04 18:05:58 ----AD---- C:\ProgramData\TEMP
2013-10-30 18:46:49 ----D---- C:\Program Files (x86)\SpeedFan
2013-10-26 21:19:27 ----D---- C:\Windows\Minidump
2013-10-26 21:19:22 ----D---- C:\Windows
2013-10-18 16:07:43 ----D---- C:\Windows\system32\LogFiles
2013-10-18 15:08:09 ----RSD---- C:\Windows\Fonts
2013-10-18 15:08:05 ----A---- C:\Windows\ODBC.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-28 279616]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2010-11-20 146432]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-06-03 4171328]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-06-22 2399848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-25 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-25 102952]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-06-25 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-25 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-25 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-08-03 16392]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 68608]
S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 7168]
S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-08-24 92160]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-27 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-05-25 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 ssinstall;SInstalátor; C:\Windows\SysWOW64\ssins.exe [2013-10-02 2324216]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-09 49152]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-07-16 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-16 119408]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-25 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 17 lis 2013 22:34

Zdravim

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Shady22 · #3 Příspěvek od **Shady22** » 17 lis 2013 23:30

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Uživatel :: ACER [administrator]

17.11.2013 23:00:39
mbar-log-2013-11-17 (23-00-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 254389
Time elapsed: 18 minute(s), 21 second(s)

Memory Processes Detected: 1
C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe (Trojan.Zbot) -> 3368 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\CLASSES\APPID\{D3A39EAC-36F5-4FB6-BDD4-9908F6C4CFFF} (Adware.K.GoodJoy) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D3A39EAC-36F5-4FB6-BDD4-9908F6C4CFFF} (Adware.K.GoodJoy) -> Delete on reboot.
HKCU\SOFTWARE\SkyMedia (Adware.SkyMedia) -> Delete on reboot.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Fopuyg (Trojan.Zbot) -> Data: C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ (Trojan.Zaccess) -> Data: -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=196&q={searchTerms}) Good: (http://www.google.com/search?q={searchT ... {startPage}) -> Replace on reboot.

Folders Detected: 7
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{cd727baf-71f8-8a75-5274-dca3e9c696c7} (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{cd727baf-71f8-8a75-5274-dca3e9c696c7}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Uživatel\AppData\Local\Google\Desktop\Install\{cd727baf-71f8-8a75-5274-dca3e9c696c7} (Trojan.0Access) -> Delete on reboot.

Files Detected: 1
C:\Users\Uživatel\AppData\Roaming\Ivsa\fopuyg.exe (Trojan.Zbot) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#4 Příspěvek od **vyosek** » 18 lis 2013 08:49

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Shady22 · #5 Příspěvek od **Shady22** » 18 lis 2013 09:28

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/18/2013 09:05:56 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/18/2013 09:09:33 AM
Execution time: 0 hours(s), 3 minute(s), and 36 seconds(s)

Shady22 · #6 Příspěvek od **Shady22** » 18 lis 2013 09:28

ComboFix 13-11-16.01 - Uživatel 18.11.2013 9:16.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2319 [GMT 1:00]
Spuštěný z: c:\users\U×ivatel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-18 do 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-18 08:22 . 2013-11-18 08:22 -------- d-----w- c:\users\UIVATE~2\AppData\Local\temp
2013-11-18 08:22 . 2013-11-18 08:22 -------- d-----w- c:\users\U×ivatel\AppData\Local\temp
2013-11-18 08:22 . 2013-11-18 08:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-18 08:22 . 2013-11-18 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-18 08:14 . 2013-11-18 08:14 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46F8E51B-CD76-4421-9E08-C45AAF3C6912}\offreg.dll
2013-11-17 23:01 . 2013-10-12 08:43 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-11-17 22:00 . 2013-11-17 22:00 -------- d-----w- c:\programdata\Malwarebytes
2013-11-17 22:00 . 2013-11-17 22:00 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-17 21:59 . 2013-11-17 21:59 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-14 15:04 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 15:04 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 15:04 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 15:04 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:04 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 15:04 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 15:04 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 15:04 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 15:04 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-04 17:06 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\users\Uživatel\AppData\Local\mystart_ad
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\programdata\MyStart Anti-phishing Domain Advisor
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\programdata\EmailNotifier
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\program files (x86)\mystarttb
2013-11-04 17:05 . 2013-11-04 17:13 -------- d-----w- c:\program files (x86)\ManyCam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 23:10 . 2010-10-25 07:55 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 19:12 . 2012-03-29 13:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 19:12 . 2011-05-19 11:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 13:51 . 2013-04-28 09:15 2324216 ----a-w- c:\windows\SysWow64\ssins.exe
2013-09-25 02:22 . 2013-11-14 15:03 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-14 15:03 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-08 02:30 . 2013-10-10 12:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 12:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 12:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-16 04:27 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-16 04:27 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-16 04:27 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-16 04:27 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-16 04:27 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-16 04:27 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-16 04:27 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-10 12:58 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 12:57 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 12:57 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 12:57 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 12:57 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 12:57 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 12:57 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 12:57 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 12:57 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 12:57 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 12:57 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 12:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 12:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 12:57 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 12:57 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 12:57 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 12:58 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 12:57 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}]
2013-09-25 21:07 91712 ----a-w- c:\program files (x86)\mystarttb\mystartDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ccb24e92-62c4-4c53-95d2-65f9eed476bc}"= "c:\program files (x86)\mystarttb\mystartDx.dll" [2013-09-25 91712]
.
[HKEY_CLASSES_ROOT\clsid\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-05 802136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-25 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MyStart Anti-phishing Domain Advisor"="c:\programdata\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe" [2013-08-30 235072]
.
c:\users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-7-5 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NPSStartup"=
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 11:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:12]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 14:43]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-09-15 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mCustomizeSearch = hxxp://www.google.com
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.10.2.10 80.82.144.94
TCP: Interfaces\{C718F98B-3F2E-4CBD-8DC6-43CF41B0740B}: NameServer = 10.10.2.10,80.82.144.94
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-11-04 18:06; {607b689f-7600-45e4-b8e5-887f72dab15c}; c:\users\UĂ…Âľivatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-{078BDD0D-2B31-FE89-F67B-0D586B8A210B} - c:\progra~3\INSTAL~1\{A172C~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-11-18 09:25:08
ComboFix-quarantined-files.txt 2013-11-18 08:25
ComboFix2.txt 2013-08-09 23:44
ComboFix3.txt 2013-08-08 21:07
ComboFix4.txt 2013-08-08 20:29
ComboFix5.txt 2013-11-18 08:14
.
Před spuštěním: Volných bajtů: 380 198 961 152
Po spuštění: Volných bajtů: 379 700 195 328
.
- - End Of File - - D1D3AFAB41607991B8D2D6552C4A358F

#7 Příspěvek od **vyosek** » 18 lis 2013 09:46

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Shady22 · #8 Příspěvek od **Shady22** » 18 lis 2013 10:08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by U§ivatel on po 18.11.2013 at 9:53:15,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealioKit1-stub-0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealioKit1-stub-0_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealioKit1-stub-0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealioKit1-stub-0_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{10A82144-1FAE-43D0-8CB5-FFF77D3B66A2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\U§ivatel\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\U§ivatel\appdata\local\discount buddy"
Successfully deleted: [Folder] "C:\Users\U§ivatel\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{07319BDF-DBC5-450F-B3F8-028D56AA6180}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{1A4AC20F-5663-4289-BA88-0861F22AB619}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{244D8B84-BA6D-4942-A136-1071B9B3D6FD}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{260E8051-E88C-49A4-8DA9-516B4DBF710C}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{2E3DEC0A-62CF-42B9-9303-6EE6DB8FAB40}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{47B3515F-3B6A-44B5-A7A2-0E65BCDFF15E}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{614B8A16-7D0C-4673-8DD7-F396F1E3C091}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{703F7688-BFB6-4304-8C7D-35FFB1156F64}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{B2D4A568-632B-4843-8414-EB670BE2E037}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{C816CC55-8BFA-498C-9D38-765640CAF90C}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{EBD289C1-C217-4AC0-977B-4870B2D8A9D8}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{EBF3A438-16DD-449E-9E26-B51DEBA188C2}
Successfully deleted: [Empty Folder] C:\Users\U§ivatel\appdata\local\{F4070C30-9972-4217-BB8B-B48EF835B03C}

~~~ FireFox

Successfully deleted: [Folder] C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\e6l20esf.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}
Successfully deleted the following from C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\e6l20esf.default\prefs.js

user_pref("extensions.crossrider.bic", "14085db90847e2ba4f820f34eeb37d36");
Emptied folder: C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\e6l20esf.default\minidumps [132 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 18.11.2013 at 10:00:43,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shady22 · #9 Příspěvek od **Shady22** » 18 lis 2013 10:08

# AdwCleaner v3.012 - Report created 18/11/2013 at 10:03:45
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Uživatel - ACER
# Running from : C:\Users\Uživatel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\ICQToolbarData
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\icqplugin-12.xml
File Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\icqplugin-13.xml
File Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\icqplugin-14.xml
File Deleted : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\searchplugins\icqplugin-15.xml
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\Discount Buddy

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4061 octets] - [18/11/2013 10:03:14]
AdwCleaner[S0].txt - [3893 octets] - [18/11/2013 10:03:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3953 octets] ##########

#10 Příspěvek od **vyosek** » 19 lis 2013 08:32

Pokud nemate, tak presunte Combofix primo na c:\

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ccb24e92-62c4-4c53-95d2-65f9eed476bc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"MyStart Anti-phishing Domain Advisor"=-
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

Folder::
c:\program files (x86)\mystarttb

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt tez primo na c:\
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Shady22 · #11 Příspěvek od **Shady22** » 19 lis 2013 16:13

ComboFix 13-11-16.01 - Uživatel 19.11.2013 15:55:06.9.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2515 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\mystarttb
c:\program files (x86)\mystarttb\components\abextender.js
c:\program files (x86)\mystarttb\components\windowmediator.js
c:\program files (x86)\mystarttb\dtuser.exe
c:\program files (x86)\mystarttb\ffHelper.exe
c:\program files (x86)\mystarttb\chrome-newtab-search.crx
c:\program files (x86)\mystarttb\chrome\content\config.xml
c:\program files (x86)\mystarttb\chrome\content\custom.js
c:\program files (x86)\mystarttb\chrome\content\email.js
c:\program files (x86)\mystarttb\chrome\content\favicon.png
c:\program files (x86)\mystarttb\chrome\content\lib\about.xml
c:\program files (x86)\mystarttb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\mystarttb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\mystarttb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\mystarttb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\mystarttb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\mystarttb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\mystarttb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\mystarttb\chrome\content\lib\external.js
c:\program files (x86)\mystarttb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\mystarttb\chrome\content\lib\rsspreview.html
c:\program files (x86)\mystarttb\chrome\content\lib\rsswin.xml
c:\program files (x86)\mystarttb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\mystarttb\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\mystarttb\chrome\content\modules\datastore.jsm
c:\program files (x86)\mystarttb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\mystarttb\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\mystarttb\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\mystarttb\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\mystarttb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\mystarttb\chrome\content\newtab\newtab.html
c:\program files (x86)\mystarttb\chrome\content\partner.xml
c:\program files (x86)\mystarttb\chrome\content\preferences.xml
c:\program files (x86)\mystarttb\chrome\content\toolbar.htm
c:\program files (x86)\mystarttb\chrome\content\toolbar.xul
c:\program files (x86)\mystarttb\chrome\content\tracking.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\alexa-eula-accept.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\Alexa-Policy.htm
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\Alexa.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\AlexaEULAPreinstalled.txt
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\btn-wide-close-over.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\btn-wide-close.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\css\dialog.css
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\graphredna.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\bg-middle.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\bg-middle2.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\bg_top.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\btn-search.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\delete.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\ico-graph-down.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\ico-questionmark.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\loader.gif
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\stars-sprite.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-arrow.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-off-l.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-off-r.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-on-l.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-on-r.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-on-rd.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-over-l.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-over-r.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-white-left.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-white-mdl.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tab-white-right.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tile-topbg.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\tile-topbg1.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\vtip_arrow.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\images\work_background.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\index.html
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\js\main.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\js\number_format.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\js\pnjfix.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\js\vtip.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\panel\main.html
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank0.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank05.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank1.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank15.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank2.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank25.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank3.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank35.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank4.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank45.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rank5.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\rankna.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\css\dialog.css
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\css\iehack.css
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\bg.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\bottom-left.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\bottom-right.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\btn-close-over.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\btn-close.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\btn-wide-close-over.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\btn-wide-close.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\default.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\footer-short-left.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\footer-short-middle.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\footer-short-right.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\logo-alexa.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\titlebar-left.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\titlebar-middle.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\titlebar-right.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\transparent.gif
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\win-btm-left.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\win-btm-mdl.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\win-btm-right-resize.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\images\win-btm-right.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\main.html
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\skin\scripts\defscript.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\style1.css
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\style2.css
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\throbber.gif
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Alexa\widget_version.txt
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\.project
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\Coupons.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\icons\coupon-alert.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\icons\coupon-default.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\images\alert_default.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\images\alert_notification.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\splash_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\tb_icon.ico
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\thumb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\thumbs\Coupons.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\tile_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.Coupons_v5\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.ebayshortcut\splash_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.ebayshortcut\tb_icon.ico
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.ebayshortcut\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.ebayshortcut\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.ebayshortcut\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.FacebookShortcut\splash_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.ico
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.chitika\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.chitika\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.chitika\wl.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.intext\img\bulb-logo-smartsearch.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.intext\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.intext\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.smartsearch\img\bulb-logo-smartsearch.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.smartsearch\img\logo-smartsearch.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.smartsearch\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.smartsearch\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.TwitterShortcut\splash_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.ico
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.xml
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.YouTubeShortcut\splash_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.YouTubeShortcut\tb_icon.ico
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.YouTubeShortcut\tb_icon.png
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.YouTubeShortcut\widget.js
c:\program files (x86)\mystarttb\chrome\content\widgets\net.vmn.www.YouTubeShortcut\widget.xml
c:\program files (x86)\mystarttb\chrome\data\search\engines.xml
c:\program files (x86)\mystarttb\chrome\data\search\search.xsl
c:\program files (x86)\mystarttb\chrome\skin\blogger.png
c:\program files (x86)\mystarttb\chrome\skin\bluelite.png
c:\program files (x86)\mystarttb\chrome\skin\bluesky.png
c:\program files (x86)\mystarttb\chrome\skin\btn-search-over.png
c:\program files (x86)\mystarttb\chrome\skin\btn-search.png
c:\program files (x86)\mystarttb\chrome\skin\btn-settings-over.png
c:\program files (x86)\mystarttb\chrome\skin\btn-settings.png
c:\program files (x86)\mystarttb\chrome\skin\btn-widgets-over.png
c:\program files (x86)\mystarttb\chrome\skin\btn-widgets.png
c:\program files (x86)\mystarttb\chrome\skin\custom.css
c:\program files (x86)\mystarttb\chrome\skin\dictionary.png
c:\program files (x86)\mystarttb\chrome\skin\downloadcom.png
c:\program files (x86)\mystarttb\chrome\skin\facebook.png
c:\program files (x86)\mystarttb\chrome\skin\fb.png
c:\program files (x86)\mystarttb\chrome\skin\grey.png
c:\program files (x86)\mystarttb\chrome\skin\ico-digg.png
c:\program files (x86)\mystarttb\chrome\skin\ico-mail.png
c:\program files (x86)\mystarttb\chrome\skin\ico\16x16_iconCheckMail.png
c:\program files (x86)\mystarttb\chrome\skin\ico\16x16_iconMailSettings.png
c:\program files (x86)\mystarttb\chrome\skin\ico\aol-mail16.png
c:\program files (x86)\mystarttb\chrome\skin\ico\gmail16.png
c:\program files (x86)\mystarttb\chrome\skin\ico\ico-ebay.png
c:\program files (x86)\mystarttb\chrome\skin\ico\ico-facebook.png
c:\program files (x86)\mystarttb\chrome\skin\ico\ico-toolbar-cleaner.png
c:\program files (x86)\mystarttb\chrome\skin\ico\ico-twitter.png
c:\program files (x86)\mystarttb\chrome\skin\ico\ico-youtube.png
c:\program files (x86)\mystarttb\chrome\skin\ico\mail-new.png
c:\program files (x86)\mystarttb\chrome\skin\ico\mail.png
c:\program files (x86)\mystarttb\chrome\skin\ico\msn16.png
c:\program files (x86)\mystarttb\chrome\skin\ico\rr16.png
c:\program files (x86)\mystarttb\chrome\skin\ico\yahoo-16.png
c:\program files (x86)\mystarttb\chrome\skin\images.png
c:\program files (x86)\mystarttb\chrome\skin\lib\add.png
c:\program files (x86)\mystarttb\chrome\skin\lib\aol.png
c:\program files (x86)\mystarttb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\mystarttb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\mystarttb\chrome\skin\lib\blank.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\collapse.png
c:\program files (x86)\mystarttb\chrome\skin\lib\dtx.css
c:\program files (x86)\mystarttb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\mystarttb\chrome\skin\lib\edit-back.png
c:\program files (x86)\mystarttb\chrome\skin\lib\expand.png
c:\program files (x86)\mystarttb\chrome\skin\lib\found.png
c:\program files (x86)\mystarttb\chrome\skin\lib\gmail.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\mystarttb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\hotmail.png
c:\program files (x86)\mystarttb\chrome\skin\lib\checkmark.png
c:\program files (x86)\mystarttb\chrome\skin\lib\chevron.png
c:\program files (x86)\mystarttb\chrome\skin\lib\imap.png
c:\program files (x86)\mystarttb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\lock.png
c:\program files (x86)\mystarttb\chrome\skin\lib\mailcom.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\mystarttb\chrome\skin\lib\misc-panel-config-tab-icon.png
c:\program files (x86)\mystarttb\chrome\skin\lib\modify.png
c:\program files (x86)\mystarttb\chrome\skin\lib\move.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\movetarget.png
c:\program files (x86)\mystarttb\chrome\skin\lib\notifylabel-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\notifylabel-middle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\notifylabel-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\notifylabel_ff.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\ie-only.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\ie7-only.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\jquery.qtip.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\apps-hover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-add.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-close.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-install.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-launch.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btndark-left-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btndark-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btndark-right-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\btndark-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\dislike.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\dislike_over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\glass.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-facebook.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-info.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-pref.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-twitter.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\like.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\like_over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\searchbox.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\searchbox_end.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\searchboxlite.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\searchboxlite_end.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\sortby_bg.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\sprite-dropdown.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\sprite.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\star.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\star_blank.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\thumb-up.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\default.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery-ui.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.qtip-1.0.0-rc3.min.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.qtip.min.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.uniform.min.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\jquery.url.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\js\kendo.all.min.js
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\mystarttb\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\mystarttb\chrome\skin\lib\pop.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\mystarttb\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\mystarttb\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\mystarttb\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\mystarttb\chrome\skin\lib\reload.png
c:\program files (x86)\mystarttb\chrome\skin\lib\remove.png
c:\program files (x86)\mystarttb\chrome\skin\lib\rename.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\rss.png
c:\program files (x86)\mystarttb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\mystarttb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\mystarttb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\mystarttb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\mystarttb\chrome\skin\lib\search-go.png
c:\program files (x86)\mystarttb\chrome\skin\lib\search.png
c:\program files (x86)\mystarttb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\mystarttb\chrome\skin\lib\throbber.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\mystarttb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\mystarttb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\mystarttb\chrome\skin\lib\yahoo.png
c:\program files (x86)\mystarttb\chrome\skin\lichen.png
c:\program files (x86)\mystarttb\chrome\skin\logo-about.png
c:\program files (x86)\mystarttb\chrome\skin\logo-over.png
c:\program files (x86)\mystarttb\chrome\skin\logo.png
c:\program files (x86)\mystarttb\chrome\skin\magnifier.png
c:\program files (x86)\mystarttb\chrome\skin\manycam.png
c:\program files (x86)\mystarttb\chrome\skin\modify-save.png
c:\program files (x86)\mystarttb\chrome\skin\modify.png
c:\program files (x86)\mystarttb\chrome\skin\music.png
c:\program files (x86)\mystarttb\chrome\skin\myspace.png
c:\program files (x86)\mystarttb\chrome\skin\news.png
c:\program files (x86)\mystarttb\chrome\skin\options\options-main.png
c:\program files (x86)\mystarttb\chrome\skin\options\options-search.png
c:\program files (x86)\mystarttb\chrome\skin\options\options-weather.png
c:\program files (x86)\mystarttb\chrome\skin\options\options-widgets.png
c:\program files (x86)\mystarttb\chrome\skin\orange.png
c:\program files (x86)\mystarttb\chrome\skin\shopping.png
c:\program files (x86)\mystarttb\chrome\skin\skin-bluelite.png
c:\program files (x86)\mystarttb\chrome\skin\skin-bluesky.png
c:\program files (x86)\mystarttb\chrome\skin\skin-grey.png
c:\program files (x86)\mystarttb\chrome\skin\skin-lichen.png
c:\program files (x86)\mystarttb\chrome\skin\skin-orange.png
c:\program files (x86)\mystarttb\chrome\skin\skin-yellow.png
c:\program files (x86)\mystarttb\chrome\skin\slider-bluelite.png
c:\program files (x86)\mystarttb\chrome\skin\slider-bluesky.png
c:\program files (x86)\mystarttb\chrome\skin\slider-lichen.png
c:\program files (x86)\mystarttb\chrome\skin\slider-orange.png
c:\program files (x86)\mystarttb\chrome\skin\slider-yellow.png
c:\program files (x86)\mystarttb\chrome\skin\social_delicious.png
c:\program files (x86)\mystarttb\chrome\skin\social_stumbleupon.png
c:\program files (x86)\mystarttb\chrome\skin\technorati.png
c:\program files (x86)\mystarttb\chrome\skin\throbber.gif
c:\program files (x86)\mystarttb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\mystarttb\chrome\skin\twitter.png
c:\program files (x86)\mystarttb\chrome\skin\web.png
c:\program files (x86)\mystarttb\chrome\skin\wikipedia.png
c:\program files (x86)\mystarttb\chrome\skin\yellow.png
c:\program files (x86)\mystarttb\chrome\skin\youtube.png
c:\program files (x86)\mystarttb\ieUtilsLite.exe
c:\program files (x86)\mystarttb\install.ico
c:\program files (x86)\mystarttb\manifest.xml
c:\program files (x86)\mystarttb\mystartDx.dll
c:\program files (x86)\mystarttb\mystarttb.dll
c:\program files (x86)\mystarttb\ToolbarCleaner.exe
c:\program files (x86)\mystarttb\toolbarcleaner.ini
c:\program files (x86)\mystarttb\uninstall.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-19 do 2013-11-19 )))))))))))))))))))))))))))))))
.
.
2013-11-19 15:03 . 2013-11-19 15:03 -------- d-----w- c:\users\UIVATE~2\AppData\Local\temp
2013-11-19 15:03 . 2013-11-19 15:03 -------- d-----w- c:\users\U×ivatel\AppData\Local\temp
2013-11-19 15:03 . 2013-11-19 15:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-19 15:03 . 2013-11-19 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-18 09:03 . 2013-11-18 09:03 -------- d-----w- C:\AdwCleaner
2013-11-18 08:53 . 2013-11-18 08:53 -------- d-----w- c:\windows\ERUNT
2013-11-17 23:01 . 2013-10-12 08:43 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-11-17 22:00 . 2013-11-17 22:00 -------- d-----w- c:\programdata\Malwarebytes
2013-11-17 22:00 . 2013-11-17 22:00 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-17 21:59 . 2013-11-17 21:59 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-14 15:04 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 15:04 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 15:04 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 15:04 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:04 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 15:04 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 15:04 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 15:04 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 15:04 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-04 17:06 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\users\Uživatel\AppData\Local\mystart_ad
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\programdata\MyStart Anti-phishing Domain Advisor
2013-11-04 17:06 . 2013-11-04 17:06 -------- d-----w- c:\programdata\EmailNotifier
2013-11-04 17:05 . 2013-11-04 17:13 -------- d-----w- c:\program files (x86)\ManyCam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2010-10-22 17:55 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 23:10 . 2010-10-25 07:55 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 19:12 . 2012-03-29 13:47 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 19:12 . 2011-05-19 11:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 13:51 . 2013-04-28 09:15 2324216 ----a-w- c:\windows\SysWow64\ssins.exe
2013-09-25 02:22 . 2013-11-14 15:03 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-14 15:03 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-08 02:30 . 2013-10-10 12:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 12:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 12:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-16 04:27 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-16 04:27 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-16 04:27 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-16 04:27 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-16 04:27 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-16 04:27 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-16 04:27 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-10 12:58 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 12:57 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 12:57 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 12:57 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 12:57 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 12:57 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 12:57 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 12:57 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 12:57 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 12:57 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 12:57 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 12:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 12:57 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 12:57 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 12:57 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 12:57 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 12:58 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 12:57 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-25 960080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-7-5 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 ssinstall;SInstalátor;c:\windows\SysWOW64\ssins.exe;c:\windows\SysWOW64\ssins.exe [x]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 11:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:12]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 14:43]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 15:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-09-15 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mCustomizeSearch = hxxp://www.google.com
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.10.2.10 80.82.144.94
TCP: Interfaces\{C718F98B-3F2E-4CBD-8DC6-43CF41B0740B}: NameServer = 10.10.2.10,80.82.144.94
FF - ProfilePath - c:\users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\e6l20esf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files (x86)\mystarttb\mystartDx.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-mystarttb - c:\program files (x86)\mystarttb\uninstall.exe
AddRemove-ssinstall - c:\windows\system32\ssinstall-uninstall.bat
AddRemove-{078BDD0D-2B31-FE89-F67B-0D586B8A210B} - c:\progra~3\INSTAL~1\{A172C~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-19 16:11:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-19 15:11
ComboFix2.txt 2013-11-18 08:25
ComboFix3.txt 2013-08-09 23:44
ComboFix4.txt 2013-08-08 21:07
ComboFix5.txt 2013-11-19 14:51
.
Před spuštěním: Volných bajtů: 379 925 622 784
Po spuštění: Volných bajtů: 379 483 303 936
.
- - End Of File - - 764E2184602C34977E8B504A9C80F534

#12 Příspěvek od **vyosek** » 19 lis 2013 20:49

Jak se chova PC

Shady22 · #13 Příspěvek od **Shady22** » 19 lis 2013 21:18

Žádná změna, jen mírný nárust rychlosti

#14 Příspěvek od **vyosek** » 20 lis 2013 07:38

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Shady22 · #15 Příspěvek od **Shady22** » 20 lis 2013 14:40

Takže..jsem hotov

Díky za pomoc..přeju hezký den

VIRY.CZ

Kontrola logu.

Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.

Re: Kontrola logu.