VIRY.CZ

Ahoj,
mám problém s notebookem. Po naběhnutí windows 7 se myš pohybuje sekaně a vyskakuje hláška od Microsoft .NET Framework, že nestíhá...Děkuji předem za radu, co s tím mám dělat.

Tady dávám log z FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Ihor (administrator) on IHOR-PC on 13-01-2014 21:00:25
Running from C:\Users\Ihor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [msgnocuSrv] - C:\Windows\inf\msgnocu.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [NtVdmSrv] - C:\Windows\inf\ntvdm.vbe [1219 2013-06-20] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1383232 2013-12-13] (Spigot, Inc.)
HKCU\...\Run: [88b7da58a3e62f24b08f565445b53900] - C:\Users\Ihor\windows.exe [29696 2014-01-03] ()
HKCU\...\Run: [978bcc21dfa55450c519ce5e0cb9b4cb] - C:\Users\Ihor\AppData\Roaming\photo.exe [24064 2013-12-29] ()
HKCU\...\Run: [a0c37fcb5918c5f02ddbf004b53d120c] - C:\ProgramData\svchost.exe [24064 2013-12-30] ()
HKCU\...\Run: [b50b61dd4ed2297cbf16db09c0bed498] - C:\Users\Ihor\taskhost.exe [24064 2013-12-31] ()
HKCU\...\Run: [54d1350c8449fb4e18aebc0ad5fd2787] - C:\Users\Ihor\svchost.exe [24064 2013-12-31] ()
HKCU\...\Run: [tmp97EB] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [abb278f5f94f5be17c28e4761048b650] - C:\Users\Ihor\AppData\Roaming\taskhost.exe [29184 2014-01-01] ()
HKCU\...\Run: [b7c77f48dde2ad69a039c2aceab2d240] - C:\Windows\windows.exe [29696 2014-01-01] ()
HKCU\...\Run: [f8a3f37293dcb5954d599b582155c4e5] - C:\Users\Ihor\AppData\Roaming\mexhsy.exe [24576 2014-01-01] ()
HKCU\...\Run: [225659c6fa2732024934dc96358cf4cb] - C:\Users\Ihor\AppData\Roaming\windows.exe [29696 2014-01-01] ()
HKCU\...\Run: [aee62c22efb71f17ec0744e8f88d8439] - C:\ProgramData\taskhost .exe [29184 2014-01-01] ()
HKCU\...\Run: [xcrx] - C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe [94720 2014-01-02] ()
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [vdcwwdxbwo] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs" <===== ATTENTION
HKCU\...\Run: [96692782eb52a518c332d30387fbd310] - C:\Users\Ihor\trjpad.exe [24064 2014-01-02] ()
HKCU\...\Run: [20054a1b12d049fcaf4099727f96da6d] - C:\ProgramData\System.exe [24064 2014-01-03] ()
HKCU\...\Run: [tmp4106] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [e7d208841702e4fe48243dfe74a60ee9] - C:\Users\Ihor\taskhost .exe [29184 2014-01-04] ()
HKCU\...\Run: [eb78d0b479ba41606efcf9194e178119] - C:\Users\Ihor\AppData\Roaming\torjan.exe [44544 2014-01-11] ()
HKCU\...\Run: [Windows] - C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe
HKCU\...\Run: [8181fef9f155186026993bbd38cb4855] - C:\Windows\Mozilla Firefoxe.exe [24064 2014-01-12] ()
HKCU\...\Run: [0e4da5cc90f75b7971f3fdafd56c9623] - C:\Windows\server.exe [619520 2014-01-12] (Microsoft Corporation)
HKCU\...\Run: [tdnkeeuwjq] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs" <===== ATTENTION
HKCU\...\Run: [mvpjbscryh] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs" <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - wscript.exe //B "C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs" <===== ATTENTION
HKCU\...\Run: [fd2fbc3c9739d9ceb9388ed7eb6cf440] - "C:\Users\Ihor\AppData\Local\Temp\Mozilla Firefoxe.exe" .. <===== ATTENTION
HKCU\...\Run: [81ed0e74a40ed4fe8a36a7b819c4279f] - C:\Windows\Trojan.exe [29696 2014-01-13] ()
HKCU\...\Run: [tmp3E3F] - "C:\Users\Ihor\AppData\Local\Temp\tmp3E3F.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [1ffcf52b0cd64d83554855bd6f04fc1f] - "C:\Users\Ihor\AppData\Local\Temp\taskhost.exe" .. <===== ATTENTION
HKCU\...\Run: [tmp791A] - "C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMP791~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS" <===== ATTENTION
HKCU\...\Run: [tmpA025] - "C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [tmpD81C] - "C:\Users\Ihor\AppData\Local\Temp\tmpD81C.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [tmpF24A] - "C:\Users\Ihor\AppData\Local\Temp\tmpF24A.tmp.vbs" <===== ATTENTION
HKCU\...\Run: [365bad42f4f98be74c2bf2cacfcb2958] - "C:\Users\Ihor\AppData\Local\Temp\help.exe" .. <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMPD81~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPD81~1.VBS" <===== ATTENTION
HKCU\...\Run: [TMPF24~1] - "C:\Users\Ihor\AppData\Local\Temp\TMPF24~1.VBS" <===== ATTENTION
HKCU\...\Run: [85ce27c90f0ba2b98ceb888e2ca7acde] - "C:\Users\Ihor\AppData\Local\Temp\google.exe" .. <===== ATTENTION
HKCU\...\Run: [6d0e9f17ea6b0b17fcc3b3d388e9e19d] - "C:\Users\Ihor\AppData\Local\Temp\ windows.exe" .. <===== ATTENTION
HKCU\...\Run: [34a197ecc5748dbb80c6ad3289a7fb7c] - "C:\Users\Ihor\AppData\Local\Temp\dell.exe" .. <===== ATTENTION
HKCU\...\Run: [a9f2d977c6de2e3f5debaca1def6c0a8] - "C:\Users\Ihor\AppData\Local\Temp\G.Chrome.exe" .. <===== ATTENTION
HKCU\...\Run: [96d5bbd31c1ef1f063007ac1abc25a6c] - "C:\Users\Ihor\AppData\Local\Temp\amdjed.exe" .. <===== ATTENTION
HKCU\...\Run: [958436d9be3c028f3254ca9056e72392] - "C:\Users\Ihor\AppData\Local\Temp\Google Chrome.exe" .. <===== ATTENTION
HKCU\...\Run: [912c76a909eaf9ea406e74f23b6290bf] - "C:\Users\Ihor\AppData\Local\Temp\Skype.exe" .. <===== ATTENTION
HKCU\...\Run: [bb62e28591030e826081bf1f4a74c0b8] - "C:\Users\Ihor\AppData\Local\Temp\dllhost.exe" .. <===== ATTENTION
HKCU\...\Run: [c210b18097fa9ee4b57d8d28130c4154] - "C:\Users\Ihor\AppData\Local\Temp\windows.exe" .. <===== ATTENTION
HKCU\...\Run: [b9f53cd24dbd8eb354a1d3b41e105755] - "C:\Users\Ihor\AppData\Local\Temp\systemx.exe" .. <===== ATTENTION
HKCU\...\Run: [bec07547ae282f99dd66988f212eb755] - "C:\Users\Ihor\AppData\Local\Temp\gogole.exe" .. <===== ATTENTION
MountPoints2: {d9805815-783b-11e1-b3e1-b870f470e97e} - E:\VTP_Manager.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe (aP__L_0_m_p_Y_)
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yMdtsm8DG9h69i6yimxWMwxhb5h.exe ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ymnZ67MlXvfC2KrXGksiLN1m8rfP.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appid=f826ef ... 8fcb83530a
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 55f99cca4b
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browse ... earchTerms}
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... 24D3965BD1
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://search.iminent.com/?appId=&ref=t ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?se ... MIJQn&i=26
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 70F470E97E}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Protector by IB - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Protector by IB - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Protector by IB\Extension32.dll ()
BHO-x32: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
BHO-x32: SMTTB2009 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - DealBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome:
=======
CHR HomePage: hxxp://search.iminent.com/
CHR RestoreOnStartup: "hxxp://search.iminent.com/", "
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://search.tb.ask.com/search/GGmain. ... pconverter
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll (Injovo)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (4game) - C:\Program Files (x86)\4game\4game\npplugin4game.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-11]
CHR Extension: (Browser Companion Helper) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0 [2012-09-03]
CHR Extension: (Google Search) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-28]
CHR Extension: (Protector by IB) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0 [2012-08-25]
CHR Extension: (ADDICT-THING) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin\1.0_0 [2012-08-25]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0 [2012-11-22]
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR Extension: (avast! WebRep) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 [2012-09-26]
CHR Extension: (Iminent) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0 [2013-12-19]
CHR Extension: (SweetIM for Facebook) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 [2012-08-29]
CHR Extension: (Google Wallet) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Allin1Convert) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0 [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-07]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Protector by IB\source.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Protector by IB\source.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [ehgkcpnkpkkmkjbbmnekccjiodanppin] - C:\ProgramData\ADDICT-THING\ehgkcpnkpkkmkjbbmnekccjiodanppin.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-05-02]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [2012-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-08-29]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-19] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-08-21] (AVAST Software)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2011-01-28] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [185856 2012-04-24] ()
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-07-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys [488056 2011-08-02] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110808.024\ENG64.SYS [117880 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110808.024\EX64.SYS [2048632 2011-08-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-10] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-13 20:50 - 2014-01-13 21:00 - 00033624 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:48 - 2014-01-13 20:28 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:48 - 2014-01-13 20:25 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:09 - 2014-01-13 20:11 - 00007083 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-13 20:03 - 00001024 _____ C:\Windows\PFRO.log
2014-01-13 19:59 - 2014-01-13 20:02 - 00000000 ____D C:\Windows\pss
2014-01-13 19:15 - 2014-01-13 20:28 - 00000000 _____ C:\Windows\windows.exe.tmp
2014-01-13 19:05 - 2014-01-13 19:05 - 00000120 _____ C:\0.bak
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\DriverCure
2014-01-13 18:59 - 2014-01-13 19:52 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 _____ C:\Windows\Trojan.exe.tmp
2014-01-13 14:43 - 2014-01-13 14:43 - 00029696 _____ C:\Windows\Trojan.exe
2014-01-13 14:12 - 2014-01-13 14:12 - 00029696 _____ C:\Users\Ihor\AppData\LocaltcgXeFJzyR.exe
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 18:03 - 2014-01-13 19:21 - 00000668 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe.tmp
2014-01-12 18:01 - 2014-01-12 18:01 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\server.exe
2014-01-12 14:35 - 2014-01-12 14:35 - 00024064 _____ C:\Windows\Mozilla Firefoxe.exe
2014-01-11 12:38 - 2014-01-13 20:28 - 00000503 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe.tmp
2014-01-11 12:33 - 2014-01-11 12:32 - 00044544 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-05 17:58 - 2014-01-13 20:28 - 00011323 _____ C:\Users\Ihor\taskhost .exe.tmp
2014-01-04 20:08 - 2014-01-04 20:07 - 00029184 _____ C:\Users\Ihor\taskhost .exe
2014-01-04 18:39 - 2014-01-04 18:44 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-03 10:16 - 2014-01-03 10:16 - 00024064 _____ C:\ProgramData\System.exe
2014-01-02 20:56 - 2014-01-02 20:56 - 00024064 _____ C:\Users\Ihor\trjpad.exe
2014-01-02 16:16 - 2014-01-13 20:05 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-02 16:09 - 2014-01-02 16:09 - 00094720 _____ C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe
2014-01-02 07:25 - 2014-01-13 20:28 - 00012057 _____ C:\ProgramData\taskhost .exe.tmp
2014-01-01 21:34 - 2014-01-01 21:34 - 00029184 _____ C:\ProgramData\taskhost .exe
2014-01-01 20:18 - 2014-01-13 20:27 - 00012648 _____ C:\Users\Ihor\AppData\Roaming\windows.exe.tmp
2014-01-01 20:17 - 2014-01-01 20:17 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\windows.exe
2014-01-01 19:00 - 2014-01-01 19:00 - 00024576 _____ C:\Users\Ihor\AppData\Roaming\mexhsy.exe
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 _____ C:\Windows\windows.exe
2014-01-01 10:17 - 2014-01-01 10:17 - 00029184 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe
2013-12-31 16:09 - 2013-12-31 16:09 - 00024064 _____ C:\Users\Ihor\svchost.exe
2013-12-31 15:15 - 2014-01-13 20:28 - 00013006 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe.tmp
2013-12-31 15:12 - 2013-12-31 15:12 - 00024064 _____ C:\Users\Ihor\taskhost.exe
2013-12-30 18:42 - 2013-12-30 18:42 - 00024064 _____ C:\ProgramData\svchost.exe
2013-12-30 11:05 - 2013-12-30 11:42 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-29 19:17 - 2013-12-29 19:17 - 00024064 _____ C:\Users\Ihor\AppData\Roaming\photo.exe
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-21 15:49 - 2013-12-21 15:49 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\LOVE
2013-12-20 18:53 - 2014-01-13 20:27 - 00013210 _____ C:\Users\Ihor\windows.exe.tmp
2013-12-20 18:53 - 2014-01-03 10:06 - 00029696 _____ C:\Users\Ihor\windows.exe
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-12-19 19:56 - 2013-12-27 15:30 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-14 17:28 - 2013-12-14 17:51 - 189762510 _____ C:\Users\Ihor\Downloads\Doctor-Who_06x14---Doktor,-vdova-a-skříň.avi
2013-12-14 16:15 - 2013-12-14 16:16 - 01433600 _____ C:\Users\Ihor\Downloads\ja-legenda-cz.avi
2013-12-14 11:47 - 2013-12-14 11:47 - 00839168 _____ C:\Users\Ihor\Downloads\SimCity-5-Full-Download-+-Crack-v1.1.exe
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Users\Ihor\Documents\SimCity 4
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Program Files (x86)\SimCity 4 Deluxe - crack
2013-12-14 11:45 - 2013-12-14 11:45 - 06294084 _____ ( ) C:\Users\Ihor\Downloads\SimCity-4-Deluxe---crack.exe
2013-12-14 11:43 - 2013-12-14 11:43 - 00000000 ____D C:\Program Files (x86)\Sim city 4 deluxe - etina
2013-12-14 11:42 - 2013-12-14 11:42 - 04415524 _____ ( ) C:\Users\Ihor\Downloads\Sim-city-4-deluxe---etina.exe

==================== One Month Modified Files and Folders =======

2014-01-13 21:00 - 2014-01-13 20:50 - 00033624 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:41 - 2011-04-16 03:24 - 00666422 _____ C:\Windows\system32\perfh005.dat
2014-01-13 20:41 - 2011-04-16 03:24 - 00140118 _____ C:\Windows\system32\perfc005.dat
2014-01-13 20:41 - 2009-07-14 06:13 - 01577482 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 20:28 - 2014-01-13 20:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:28 - 2014-01-13 19:15 - 00000000 _____ C:\Windows\windows.exe.tmp
2014-01-13 20:28 - 2014-01-13 14:45 - 00000059 _____ C:\Windows\Trojan.exe.tmp
2014-01-13 20:28 - 2014-01-11 12:38 - 00000503 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe.tmp
2014-01-13 20:28 - 2014-01-05 17:58 - 00011323 _____ C:\Users\Ihor\taskhost .exe.tmp
2014-01-13 20:28 - 2014-01-02 07:25 - 00012057 _____ C:\ProgramData\taskhost .exe.tmp
2014-01-13 20:28 - 2014-01-01 18:37 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-13 20:28 - 2013-12-31 15:15 - 00013006 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe.tmp
2014-01-13 20:28 - 2011-06-09 20:20 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 20:27 - 2014-01-01 20:18 - 00012648 _____ C:\Users\Ihor\AppData\Roaming\windows.exe.tmp
2014-01-13 20:27 - 2013-12-20 18:53 - 00013210 _____ C:\Users\Ihor\windows.exe.tmp
2014-01-13 20:25 - 2014-01-13 20:48 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:15 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:15 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 20:11 - 2014-01-13 20:09 - 00007083 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:08 - 2011-06-09 19:45 - 00000000 ___RD C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 20:06 - 2011-06-09 20:20 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 20:05 - 2014-01-02 16:16 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-13 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 20:04 - 2014-01-13 20:04 - 00000056 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-13 20:03 - 00001024 _____ C:\Windows\PFRO.log
2014-01-13 20:02 - 2014-01-13 19:59 - 00000000 ____D C:\Windows\pss
2014-01-13 19:52 - 2014-01-13 18:59 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-13 19:50 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Skype
2014-01-13 19:33 - 2012-05-02 20:08 - 00000000 ____D C:\ProgramData\ADDICT-THING
2014-01-13 19:21 - 2014-01-12 18:03 - 00000668 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe.tmp
2014-01-13 19:20 - 2012-09-03 18:02 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\BrowserCompanion
2014-01-13 19:09 - 2011-04-16 04:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-13 19:07 - 2012-08-25 20:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-13 19:05 - 2014-01-13 19:05 - 00000120 _____ C:\0.bak
2014-01-13 19:05 - 2013-05-06 14:42 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-13 19:05 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Macromedia
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 19:01 - 2014-01-13 19:01 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\DriverCure
2014-01-13 18:55 - 2011-10-20 14:57 - 00000000 ____D C:\Windows\Minidump
2014-01-13 18:55 - 2011-06-10 09:29 - 00000000 ____D C:\Users\Ihor\AppData\Local\CrashDumps
2014-01-13 18:55 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Clickteam
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Program Files (x86)\The Games Factory 2
2014-01-13 14:43 - 2014-01-13 14:43 - 00029696 _____ C:\Windows\Trojan.exe
2014-01-13 14:12 - 2014-01-13 14:12 - 00029696 _____ C:\Users\Ihor\AppData\LocaltcgXeFJzyR.exe
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 18:01 - 2014-01-12 18:01 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\Trojan.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\server.exe
2014-01-12 14:35 - 2014-01-12 14:35 - 00024064 _____ C:\Windows\Mozilla Firefoxe.exe
2014-01-11 12:32 - 2014-01-11 12:33 - 00044544 _____ C:\Users\Ihor\AppData\Roaming\torjan.exe
2014-01-11 10:45 - 2009-07-14 06:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-05 17:58 - 2011-06-09 19:27 - 00000000 ____D C:\Users\Ihor
2014-01-04 20:07 - 2014-01-04 20:08 - 00029184 _____ C:\Users\Ihor\taskhost .exe
2014-01-04 18:44 - 2014-01-04 18:39 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-03 10:16 - 2014-01-03 10:16 - 00024064 _____ C:\ProgramData\System.exe
2014-01-03 10:06 - 2013-12-20 18:53 - 00029696 _____ C:\Users\Ihor\windows.exe
2014-01-02 20:56 - 2014-01-02 20:56 - 00024064 _____ C:\Users\Ihor\trjpad.exe
2014-01-02 19:39 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Local\VirtualStore
2014-01-02 16:09 - 2014-01-02 16:09 - 00094720 _____ C:\Users\Ihor\AppData\Roaming\Coffin Of Evil.exe
2014-01-01 21:34 - 2014-01-01 21:34 - 00029184 _____ C:\ProgramData\taskhost .exe
2014-01-01 20:17 - 2014-01-01 20:17 - 00029696 _____ C:\Users\Ihor\AppData\Roaming\windows.exe
2014-01-01 19:00 - 2014-01-01 19:00 - 00024576 _____ C:\Users\Ihor\AppData\Roaming\mexhsy.exe
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 _____ C:\Windows\windows.exe
2014-01-01 10:17 - 2014-01-01 10:17 - 00029184 _____ C:\Users\Ihor\AppData\Roaming\taskhost.exe
2013-12-31 16:09 - 2013-12-31 16:09 - 00024064 _____ C:\Users\Ihor\svchost.exe
2013-12-31 15:12 - 2013-12-31 15:12 - 00024064 _____ C:\Users\Ihor\taskhost.exe
2013-12-30 18:42 - 2013-12-30 18:42 - 00024064 _____ C:\ProgramData\svchost.exe
2013-12-30 11:42 - 2013-12-30 11:05 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-30 11:19 - 2010-12-22 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 09:43 - 2012-12-25 18:48 - 00000000 ____D C:\Users\Ihor\Desktop\SVJATYK
2013-12-30 09:33 - 2012-03-29 19:44 - 00000000 ____D C:\Users\Ihor\Desktop\nestor
2013-12-29 19:17 - 2013-12-29 19:17 - 00024064 _____ C:\Users\Ihor\AppData\Roaming\photo.exe
2013-12-29 14:17 - 2011-11-16 19:07 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\.minecraft
2013-12-27 15:30 - 2013-12-19 19:56 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-23 17:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-21 15:49 - 2013-12-21 15:49 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\LOVE
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2013-12-20 09:07 - 2013-12-20 09:07 - 00000000 ____D C:\Program Files (x86)\Application Updater
2013-12-20 09:05 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 13:54 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Local\Google
2013-12-15 05:40 - 2013-11-05 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 05:32 - 2011-07-16 18:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 17:51 - 2013-12-14 17:28 - 189762510 _____ C:\Users\Ihor\Downloads\Doctor-Who_06x14---Doktor,-vdova-a-skříň.avi
2013-12-14 16:16 - 2013-12-14 16:15 - 01433600 _____ C:\Users\Ihor\Downloads\ja-legenda-cz.avi
2013-12-14 11:47 - 2013-12-14 11:47 - 00839168 _____ C:\Users\Ihor\Downloads\SimCity-5-Full-Download-+-Crack-v1.1.exe
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Users\Ihor\Documents\SimCity 4
2013-12-14 11:46 - 2013-12-14 11:46 - 00000000 ____D C:\Program Files (x86)\SimCity 4 Deluxe - crack
2013-12-14 11:45 - 2013-12-14 11:45 - 06294084 _____ ( ) C:\Users\Ihor\Downloads\SimCity-4-Deluxe---crack.exe
2013-12-14 11:43 - 2013-12-14 11:43 - 00000000 ____D C:\Program Files (x86)\Sim city 4 deluxe - etina
2013-12-14 11:42 - 2013-12-14 11:42 - 04415524 _____ ( ) C:\Users\Ihor\Downloads\Sim-city-4-deluxe---etina.exe

Files to move or delete:
====================
C:\ProgramData\svchost.exe
C:\ProgramData\System.exe
C:\ProgramData\taskhost .exe
C:\Users\Ihor\svchost.exe
C:\Users\Ihor\taskhost .exe
C:\Users\Ihor\taskhost.exe
C:\Users\Ihor\trjpad.exe
C:\Users\Ihor\windows.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ihor\Desktop" je 12618 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19
"C:\Users\Ihor\AppData\Local\Temp\windowss.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a
"C:\Users\Ihor\AppData\Local\Temp\hackdragoncity.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2
"C:\Users\Ihor\AppData\Local\Temp\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01
"C:\Users\Ihor\AppData\Local\Temp\HaCkeD.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5
"C:\Users\Ihor\AppData\Roaming\Trojan.exe" ..

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e
"C:\Users\Ihor\AppData\Local\Temp\taskmgr.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf
"C:\Users\Ihor\AppData\Local\Temp\hack.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent
C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager
C:\Program Files (x86)\Launch Manager\LManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2113atgzBG7JnU4ISFsSYJLZCBxd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22f881ced422d0a8cfa18224e8da0c19.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2991ca02e1de7b64004ddf2762692c1a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7350b4ce4c5b9059b3abecb448b12322.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ae1ff5603ac84828c7a0e5890086b01.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\927023f818e6ce8ef3ccb347194b0a7e.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ba4c12bee3027d94da5c81db2d196bfd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdc91361ec959706e6799be39d7a6c26.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EwMLMywkRcer8HrZMlWPKHwmHgR.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVTdTQxNbPFOwblwth5DPxfTEuXm.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kWuvZfzxlODgGY2XrHt24Rz7TIr.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LGXobePv3iJYZ1FPwBX11xkmzaO.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeMOnAfEuJIYw7IANadhoif8NIJ.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sGwFOYlDsM5oftLTnwIUCP5QpUh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk
C:\Users\Ihor\AppData\Roaming\BROWSE~1\tcbhn.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UG2L2YusZscSQYJxQEliuRlof2e.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravim

Jste se dal na chov konicku trojskych ci co Cela zoo i s babkou pokladni

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Jsme se s manželkou zasmáli
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2014 09:48:13 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (Base Filtering Engine) (BFE) is not Running.
Startup Type set to: Automatic

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/13/2014 09:48:40 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2014 09:48:13 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba BFE (Base Filtering Engine) (BFE) is not Running.
Startup Type set to: Automatic

* Klient DHCP (Dhcp) is not Running.
Startup Type set to: Automatic

* Klient DNS (Dnscache) is not Running.
Startup Type set to: Automatic

* Systém událostí COM+ (EventSystem) is not Running.
Startup Type set to: Automatic

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Síťová připojení (Netman) is not Running.
Startup Type set to: Manual

* Služba rozhraní síťového úložiště (nsi) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* Ovladač pro podporu zastaralého rozhraní TDI NetIO (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/13/2014 09:48:40 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)

Jestli ma manzelka rada konicky, tak ji vemte do hrebcina nebo na nejake exoticke do zoo, ale at je v PC nechova, to nejsou dobri kamaradi I kdyz teda vystavni kousky tam tedy mate


Ja se nad logem spise zdesil, ale to zvladnem a dame dohromady Sice to budem postupne osekavat jak Herakles Hydru, ale to pujde

Pokracujte ComboFixem, at se nam to aspon trochu procisti

chvilku to trvalo:)

ComboFix 14-01-13.01 - Ihor 13.01.2014 22:18:04.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1917 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\DealBulldog Toolbar
c:\program files (x86)\DealBulldog Toolbar\affid.dat
c:\program files (x86)\DealBulldog Toolbar\alert_plugin.dll
c:\program files (x86)\DealBulldog Toolbar\basis.xml
c:\program files (x86)\DealBulldog Toolbar\CustomTabPage.dll
c:\program files (x86)\DealBulldog Toolbar\icons.bmp
c:\program files (x86)\DealBulldog Toolbar\info.txt
c:\program files (x86)\DealBulldog Toolbar\install.ico
c:\program files (x86)\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files (x86)\DealBulldog Toolbar\mbback.bmp
c:\program files (x86)\DealBulldog Toolbar\mbbigopen.bmp
c:\program files (x86)\DealBulldog Toolbar\mbclose.bmp
c:\program files (x86)\DealBulldog Toolbar\mbfwd.bmp
c:\program files (x86)\DealBulldog Toolbar\mbsep.bmp
c:\program files (x86)\DealBulldog Toolbar\nav1c.bmp
c:\program files (x86)\DealBulldog Toolbar\somoto.dll
c:\program files (x86)\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
c:\program files (x86)\DealBulldog Toolbar\tbcore3.inf
c:\program files (x86)\DealBulldog Toolbar\tbhelper.dll
c:\program files (x86)\DealBulldog Toolbar\TbHelper2.exe
c:\program files (x86)\DealBulldog Toolbar\uninstall.exe
c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files (x86)\DealBulldog Toolbar\update.exe
c:\program files (x86)\DealBulldog Toolbar\version.txt
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\program files\Protector by IB\ExTEnsion32.dll
c:\programdata\svchost.exe
c:\programdata\System.exe
c:\programdata\taskhost .exe
c:\programdata\taskhost .exe.tmp
c:\programdata\wxDfast
c:\programdata\wxDfast\background.html
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\data\content.js
c:\programdata\wxDfast\data\jsondb.js
c:\programdata\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx
c:\programdata\wxDfast\settings.ini
c:\programdata\wxDfast\uninstall.exe
c:\users\Ihor\AppData\LocalkPE_TXmLpg.jpg
c:\users\Ihor\AppData\LocaltcgXeFJzyR.exe
c:\users\Ihor\AppData\Roaming\Coffin Of Evil.exe
c:\users\Ihor\AppData\Roaming\dclogs
c:\users\Ihor\AppData\Roaming\Love
c:\users\Ihor\AppData\Roaming\Love\mari0\options.txt
c:\users\Ihor\AppData\Roaming\mexhsy.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yMdtsm8DG9h69i6yimxWMwxhb5h.exe
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ymnZ67MlXvfC2KrXGksiLN1m8rfP.exe
c:\users\Ihor\AppData\Roaming\photo.exe
c:\users\Ihor\AppData\Roaming\taskhost.exe
c:\users\Ihor\AppData\Roaming\taskhost.exe.tmp
c:\users\Ihor\AppData\Roaming\torjan.exe
c:\users\Ihor\AppData\Roaming\torjan.exe.tmp
c:\users\Ihor\AppData\Roaming\Trojan.exe
c:\users\Ihor\AppData\Roaming\Trojan.exe.tmp
c:\users\Ihor\AppData\Roaming\windows.exe
c:\users\Ihor\AppData\Roaming\windows.exe.tmp
c:\users\Ihor\svchost.exe
c:\users\Ihor\taskhost .exe
c:\users\Ihor\taskhost .exe.tmp
c:\users\Ihor\taskhost.exe
c:\users\Ihor\trjpad.exe
c:\users\Ihor\windows.exe
c:\users\Ihor\windows.exe.tmp
c:\windows\Mozilla Firefoxe.exe
c:\windows\SysWow64\tmp7790.tmp
c:\windows\SysWow64\tmp784C.tmp
c:\windows\Trojan.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 21:26 . 2014-01-13 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 19:47 . 2014-01-13 19:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\offreg.dll
2014-01-13 18:07 . 2014-01-13 21:26 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ----a-w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ----a-w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ----a-w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Application Updater
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-25 15:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-12-13 10:35 1398080 ----a-w- c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aee62c22efb71f17ec0744e8f88d8439"="c:\programdata\taskhost .exe .." [X]
"e7d208841702e4fe48243dfe74a60ee9"="c:\users\Ihor\taskhost .exe .." [X]
"b7c77f48dde2ad69a039c2aceab2d240"="c:\windows\windows.exe" [2014-01-01 29696]
"0e4da5cc90f75b7971f3fdafd56c9623"="c:\windows\server.exe" [2014-01-12 619520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"msgnocuSrv"="c:\windows\inf\msgnocu.vbe" [2013-08-27 1558]
"NtVdmSrv"="c:\windows\inf\ntvdm.vbe" [2013-06-20 1219]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-12-13 1383232]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110808.030\IDSvia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 aswKbd;aswKbd; [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Protector by IB\Extension32.dll
Toolbar-Locked - (no file)
Toolbar-{338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll
Wow6432Node-HKCU-Run-88b7da58a3e62f24b08f565445b53900 - c:\users\Ihor\windows.exe
Wow6432Node-HKCU-Run-978bcc21dfa55450c519ce5e0cb9b4cb - c:\users\Ihor\AppData\Roaming\photo.exe
Wow6432Node-HKCU-Run-a0c37fcb5918c5f02ddbf004b53d120c - c:\programdata\svchost.exe
Wow6432Node-HKCU-Run-b50b61dd4ed2297cbf16db09c0bed498 - c:\users\Ihor\taskhost.exe
Wow6432Node-HKCU-Run-54d1350c8449fb4e18aebc0ad5fd2787 - c:\users\Ihor\svchost.exe
Wow6432Node-HKCU-Run-abb278f5f94f5be17c28e4761048b650 - c:\users\Ihor\AppData\Roaming\taskhost.exe
Wow6432Node-HKCU-Run-f8a3f37293dcb5954d599b582155c4e5 - c:\users\Ihor\AppData\Roaming\mexhsy.exe
Wow6432Node-HKCU-Run-225659c6fa2732024934dc96358cf4cb - c:\users\Ihor\AppData\Roaming\windows.exe
Wow6432Node-HKCU-Run-xcrx - c:\users\Ihor\AppData\Roaming\Coffin Of Evil.exe
Wow6432Node-HKCU-Run-ăíßŃćČĎÇĘí.b - (no file)
Wow6432Node-HKCU-Run-96692782eb52a518c332d30387fbd310 - c:\users\Ihor\trjpad.exe
Wow6432Node-HKCU-Run-20054a1b12d049fcaf4099727f96da6d - c:\programdata\System.exe
Wow6432Node-HKCU-Run-eb78d0b479ba41606efcf9194e178119 - c:\users\Ihor\AppData\Roaming\torjan.exe
Wow6432Node-HKCU-Run-8181fef9f155186026993bbd38cb4855 - c:\windows\Mozilla Firefoxe.exe
Wow6432Node-HKCU-Run-81ed0e74a40ed4fe8a36a7b819c4279f - c:\windows\Trojan.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-13 22:30:26
ComboFix-quarantined-files.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 383 927 095 296
Po spuštění: Volných bajtů: 383 276 101 632
.
- - End Of File - - 04C7DC57F9AF34E10510A27C3627BBFF
A36C5E4F47E84449FF07ED3517B43A31

Ani se nedivim, nez se tim bordelem probral

Pouzijte tento remover ftp://ftp.symantec.com/public/english_u ... l_Tool.exe at odstranime zbytky antiviru Norton. Ponechame jen Avast

Pri nasledujicim mazani bude ComboFix posilat vzorky haveti autorovi, tak se nedeste co kam posila. Je to pro dalsi vyvoj ComboFixu

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  Application Updater
  
  Collect::
  c:\windows\Trojan.exe.tmp
  c:\windows\windows.exe
  c:\windows\server.exe
  c:\users\Ihor\taskhost .exe
  c:\programdata\taskhost .exe
  c:\windows\inf\ntvdm.vbe
  c:\windows\inf\msgnocu.vbe
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs
  c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Folder::
  c:\program files (x86)\Application Updater
  c:\program files (x86)\YTD Toolbar
  c:\program files (x86)\Common Files\Spigot
  c:\program files (x86)\Ask.com
  c:\program files (x86)\IMinent Toolbar
  c:\program files (x86)\YTD Toolbar
  c:\program files (x86)\SweetIM
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "aíßNcCDÇEí.b"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
  [-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
  "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=-
  "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"=-
  [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
  [-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
  [-HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
  [-HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
  [-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
  [-HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
  [-HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "aee62c22efb71f17ec0744e8f88d8439"=-
  "e7d208841702e4fe48243dfe74a60ee9"=-
  "b7c77f48dde2ad69a039c2aceab2d240"=-
  "0e4da5cc90f75b7971f3fdafd56c9623"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Norton Online Backup"=-
  "Adobe Reader Speed Launcher"=-
  "GrooveMonitor"=-
  "ApnUpdater"=-
  "SweetIM"=-
  "Sweetpacks Communicator"=-
  "SunJavaUpdateSched"=-
  "msgnocuSrv"=-
  "NtVdmSrv"=-
  "SearchSettings"=-
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 14-01-13.01 - Ihor 13.01.2014 23:14:04.2.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1775 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.lnk
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 22:23 . 2014-01-13 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 22:03 . 2014-01-13 22:03 -------- d-----w- c:\programdata\Symantec
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 18:07 . 2014-01-13 22:23 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ----a-w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ----a-w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ----a-w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Application Updater
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-12-20 08:07 . 2013-12-20 08:07 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Protector by IB\Extension32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-25 15:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-12-13 10:35 1398080 ----a-w- c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll" [BU]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll" [2013-12-13 1398080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aee62c22efb71f17ec0744e8f88d8439"="c:\programdata\taskhost .exe .." [X]
"e7d208841702e4fe48243dfe74a60ee9"="c:\users\Ihor\taskhost .exe .." [X]
"b7c77f48dde2ad69a039c2aceab2d240"="c:\windows\windows.exe" [2014-01-01 29696]
"ăíßŃćČĎÇĘí.b"="" [BU]
"0e4da5cc90f75b7971f3fdafd56c9623"="c:\windows\server.exe" [2014-01-12 619520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-25 1648264]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"msgnocuSrv"="c:\windows\inf\msgnocu.vbe" [2013-08-27 1558]
"NtVdmSrv"="c:\windows\inf\ntvdm.vbe" [2013-06-20 1219]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-12-13 1383232]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 aswFW;avast! TDI Firewall driver; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1439821017-4003384198-2142392356-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-13 23:27:46
ComboFix-quarantined-files.txt 2014-01-13 22:27
ComboFix2.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 384 205 430 784
Po spuštění: Volných bajtů: 383 619 645 440
.
- - End Of File - - 0CFEC4668CBFE9BABF100B63596117F8
A36C5E4F47E84449FF07ED3517B43A31

Vy jste mel na plose jen zastupce Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.lnk te samotny skript, takze se nic neprovedlo

Na plose musi byt CFScript.txt, takze jej tam vytvorte\presunte a spustte znovu dle navodu

Omlouvam se, trochu jsem tapal...

ComboFix 14-01-13.01 - Ihor 14.01.2014 0:08.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2795.1847 [GMT 1:00]
Spuštěný z: c:\users\Ihor\Desktop\ComboFix11.exe
Použité ovládací přepínače :: c:\users\Ihor\Desktop\CFScript.txt.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Application Updater\config.ini
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth175.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\wthx175.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\IMinent Toolbar
c:\program files (x86)\IMinent Toolbar\arrow_refresh.png
c:\program files (x86)\IMinent Toolbar\basis.xml
c:\program files (x86)\IMinent Toolbar\cog.png
c:\program files (x86)\IMinent Toolbar\computer_delete.png
c:\program files (x86)\IMinent Toolbar\icons.bmp
c:\program files (x86)\IMinent Toolbar\IMinent_Toolbar.crc
c:\program files (x86)\IMinent Toolbar\IMinent_Toolbar.dll
c:\program files (x86)\IMinent Toolbar\info.txt
c:\program files (x86)\IMinent Toolbar\TbCommonUtils.dll
c:\program files (x86)\IMinent Toolbar\tbcore3.dll
c:\program files (x86)\IMinent Toolbar\TbHelper2.exe
c:\program files (x86)\IMinent Toolbar\uninstall.exe
c:\program files (x86)\IMinent Toolbar\update.exe
c:\program files (x86)\IMinent Toolbar\version.txt
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Communicator\mgcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgcommunication.dll
c:\program files (x86)\SweetIM\Communicator\mgsimcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe
c:\program files (x86)\SweetIM\Messenger\default.xml
c:\program files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files (x86)\SweetIM\Messenger\mgArchive.dll
c:\program files (x86)\SweetIM\Messenger\mgcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgcommunication.dll
c:\program files (x86)\SweetIM\Messenger\mgconfig.dll
c:\program files (x86)\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mghooking.dll
c:\program files (x86)\SweetIM\Messenger\mgICQAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mglogger.dll
c:\program files (x86)\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\mgsimcommon.dll
c:\program files (x86)\SweetIM\Messenger\mgSweetIM.dll
c:\program files (x86)\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files (x86)\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooAuto.dll
c:\program files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files (x86)\SweetIM\Messenger\msvcp71.dll
c:\program files (x86)\SweetIM\Messenger\msvcr71.dll
c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Messenger\SweetIM.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\program files (x86)\YTD Toolbar
c:\program files (x86)\YTD Toolbar\IE\8.5\config.ini
c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE64.dll
c:\program files (x86)\YTD Toolbar\Res\amazon.gif
c:\program files (x86)\YTD Toolbar\Res\dailymotion.gif
c:\program files (x86)\YTD Toolbar\Res\ebay.gif
c:\program files (x86)\YTD Toolbar\Res\facebook.gif
c:\program files (x86)\YTD Toolbar\Res\googleplus.gif
c:\program files (x86)\YTD Toolbar\Res\hulu.gif
c:\program files (x86)\YTD Toolbar\Res\icon_settings.gif
c:\program files (x86)\YTD Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YTD Toolbar\Res\metacafe.gif
c:\program files (x86)\YTD Toolbar\Res\radio-close.gif
c:\program files (x86)\YTD Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YTD Toolbar\Res\radiobeta.gif
c:\program files (x86)\YTD Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-button.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron.gif
c:\program files (x86)\YTD Toolbar\Res\search_amazon.gif
c:\program files (x86)\YTD Toolbar\Res\search_baidu.gif
c:\program files (x86)\YTD Toolbar\Res\search_ebay.gif
c:\program files (x86)\YTD Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YTD Toolbar\Res\search_yandex.gif
c:\program files (x86)\YTD Toolbar\Res\search_youtube.gif
c:\program files (x86)\YTD Toolbar\Res\twitter.gif
c:\program files (x86)\YTD Toolbar\Res\veoh.gif
c:\program files (x86)\YTD Toolbar\Res\widgets.xml
c:\program files (x86)\YTD Toolbar\Res\youtube.gif
c:\program files (x86)\YTD Toolbar\Res\ytd.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YTD Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-13 do 2014-01-13 )))))))))))))))))))))))))))))))
.
.
2014-01-13 23:16 . 2014-01-13 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 22:03 . 2014-01-13 22:03 -------- d-----w- c:\programdata\Symantec
2014-01-13 19:49 . 2014-01-13 19:49 -------- d-----w- C:\FRST
2014-01-13 18:07 . 2014-01-13 23:19 -------- d-----w- c:\users\Ihor\AppData\Local\Temp
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\ParetoLogic
2014-01-13 18:01 . 2014-01-13 18:01 -------- d-----w- c:\users\Ihor\AppData\Roaming\DriverCure
2014-01-13 17:59 . 2014-01-13 18:52 -------- d-----w- c:\programdata\ParetoLogic
2014-01-13 17:53 . 2014-01-13 17:53 -------- d-----w- c:\program files\CCleaner
2014-01-13 13:45 . 2014-01-13 19:28 59 ------w- c:\windows\Trojan.exe.tmp
2014-01-12 13:53 . 2014-01-12 13:53 619520 ------w- c:\windows\server.exe
2014-01-11 07:38 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA2B31AD-DAE2-49F9-9E8D-62D5CA63252C}\mpengine.dll
2014-01-04 12:50 . 2014-01-04 12:50 -------- d-----w- c:\users\Ihor\AppData\Roaming\Micro
2014-01-01 17:37 . 2014-01-13 19:28 12748 ----a-w- c:\windows\system32\.tmp
2014-01-01 13:05 . 2014-01-01 13:05 29696 ------w- c:\windows\windows.exe
2013-12-30 10:05 . 2013-12-30 10:42 -------- d-----w- c:\program files (x86)\Dead Rising 2 Off The Record
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 04:32 . 2011-07-16 17:43 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 16:46 . 2012-08-25 19:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-08-25 19:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 10:38 . 2013-12-10 10:38 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 10:38 . 2013-12-10 10:38 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-10 10:38 . 2013-12-10 10:38 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-10 10:38 . 2013-12-10 10:38 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-10 10:38 . 2013-12-10 10:38 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-10 10:38 . 2013-12-10 10:38 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-10 10:38 . 2013-12-10 10:38 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 10:38 . 2013-12-10 10:38 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-10 10:38 . 2013-12-10 10:38 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 10:38 . 2013-12-10 10:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-10 10:38 . 2013-12-10 10:38 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 10:38 . 2013-12-10 10:38 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-10 10:38 . 2013-12-10 10:38 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-10 10:38 . 2013-12-10 10:38 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-10 10:38 . 2013-12-10 10:38 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 10:38 . 2013-12-10 10:38 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-10 10:38 . 2013-12-10 10:38 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-10 10:38 . 2013-12-10 10:38 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-10 10:38 . 2013-12-10 10:38 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-10 10:38 . 2013-12-10 10:38 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-10 10:38 . 2013-12-10 10:38 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-10 10:38 . 2013-12-10 10:38 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-10 10:38 . 2013-12-10 10:38 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-10 10:38 . 2013-12-10 10:38 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-10 10:38 . 2013-12-10 10:38 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-10 10:38 . 2013-12-10 10:38 413696 ----a-w- c:\windows\system32\html.iec
2013-12-10 10:38 . 2013-12-10 10:38 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-10 10:38 . 2013-12-10 10:38 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-10 10:38 . 2013-12-10 10:38 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-10 10:38 . 2013-12-10 10:38 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-10 10:38 . 2013-12-10 10:38 235520 ----a-w- c:\windows\system32\url.dll
2013-12-10 10:38 . 2013-12-10 10:38 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-10 10:38 . 2013-12-10 10:38 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-10 10:38 . 2013-12-10 10:38 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-10 10:38 . 2013-12-10 10:38 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-10 10:38 . 2013-12-10 10:38 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-10 10:38 . 2013-12-10 10:38 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-10 10:38 . 2013-12-10 10:38 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-12 02:09 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 02:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 02:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 02:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 02:09 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 02:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 02:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 02:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 02:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 02:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 02:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 02:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 02:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 02:09 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 02:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 02:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 02:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 02:09 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 02:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 02:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 02:09 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 02:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 02:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:34 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:34 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2011-06-09 18:45 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 14:35 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 14:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 14:34 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 14:34 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 14:34 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-19 02:18 . 2013-12-11 14:34 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 14:34 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
c:\program files (x86)\BrowserCompanion\jsloader.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Protector by IB\Extension32.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\DealBulldog Toolbar\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ăíßŃćČĎÇĘí.b"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-18 336384]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mvpjbscryh..vbs [2014-1-12 14270]
nxyjekzaeo..vbs [2014-1-12 14270]
tdnkeeuwjq..vbs [2014-1-12 14270]
tmp3E3F.tmp.vbs [2014-1-2 11517]
tmp4106.tmp.vbs [2014-1-3 542852]
tmp50DF.tmp.vbs [2014-1-2 11517]
tmp6D47.tmp.vbs [2014-1-2 11517]
tmp791A.tmp.vbs [2014-1-2 11517]
tmp7E34.tmp.vbs [2014-1-2 11517]
tmp97EB.tmp.vbs [2013-12-31 14276]
tmpA025.tmp.vbs [2014-1-2 11517]
tmpD81C.tmp.vbs [2014-1-2 11517]
tmpF24A.tmp.vbs [2014-1-2 11517]
vdcwwdxbwo..vbs [2014-1-2 14264]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 Protector by IB Updater;Protector by IB Updater;c:\program files\Protector by IB\ExtensionUpdaterService.exe;c:\program files\Protector by IB\ExtensionUpdaterService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 11:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 16:47]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 19:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-01-28 862088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.iminent.com/?appid=f826efdc-1507-4783-b9fa-bc8fcb83530a
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - c:\program files (x86)\IMinent Toolbar\tbcore3.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files (x86)\YTD Toolbar\IE\8.5\ytdToolbarIE.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-TMP3E3~1 - c:\users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-DealBulldog Toolbar - c:\program files (x86)\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"aíßNcCDÇEí.b"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2014-01-14 00:26:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-13 23:26
ComboFix2.txt 2014-01-13 22:27
ComboFix3.txt 2014-01-13 21:30
.
Před spuštěním: Volných bajtů: 383 701 340 160
Po spuštění: Volných bajtů: 383 221 575 680
.
- - End Of File - - 3CF8F674FD4E6ABF4F2D997DC394E0E8
A36C5E4F47E84449FF07ED3517B43A31

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Udelejte novy log z FRST

Zdravím, ve 14hod. jsem doma z práce a hned se na to vrhnu

Ou Kej, budu uz prubezne online cely den

# AdwCleaner v3.017 - Report created 14/01/2014 at 13:59:22
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ihor - IHOR-PC
# Running from : C:\Users\Ihor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\ADDICT-THING
Folder Deleted : C:\ProgramData\Alawar Fridays
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Program Files\Protector by IB
Folder Deleted : C:\Users\Ihor\AppData\Local\Babylon
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\bbrs_002.tb
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\wxDfast
Folder Deleted : C:\Users\Ihor\AppData\LocalLow\ADDICT-THING
Folder Deleted : C:\Users\Ihor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ihor\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Ihor\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ihor\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Ihor\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Ihor\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgkcpnkpkkmkjbbmnekccjiodanppin
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [42194 octets] - [14/01/2014 13:54:31]
AdwCleaner[S0].txt - [41717 octets] - [14/01/2014 13:59:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41778 octets] ##########





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Ihor (administrator) on IHOR-PC on 14-01-2014 14:12:23
Running from C:\Users\Ihor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [862088 2011-01-28] (Acer Incorporated)
HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [] - [x]
HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... 24D3965BD1
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (4game) - C:\Program Files (x86)\4game\4game\npplugin4game.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-11]
CHR Extension: (Google Search) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-28]
CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0 [2012-11-22]
CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
CHR Extension: (avast! WebRep) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 [2012-09-26]
CHR Extension: (Google Wallet) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Allin1Convert) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj\5.81.3.15569_0 [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-19] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [133912 2012-08-21] (AVAST Software)
S2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2011-01-28] (Acer Incorporated)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
S2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [142128 2012-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [266776 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix11\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 13:54 - 2014-01-14 13:59 - 00000000 ____D C:\AdwCleaner
2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 13:13 - 2014-01-14 13:13 - 00559088 _____ C:\Windows\Minidump\011414-34148-01.dmp
2014-01-14 13:12 - 2014-01-14 13:12 - 549593748 _____ C:\Windows\MEMORY.DMP
2014-01-14 00:26 - 2014-01-14 00:26 - 00039242 _____ C:\ComboFix.txt
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 22:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-13 22:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-13 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-13 22:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-13 22:10 - 2014-01-14 00:26 - 00000000 ____D C:\Qoobox
2014-01-13 22:09 - 2014-01-14 00:17 - 00000000 ____D C:\Windows\erdnt
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 20:50 - 2014-01-14 14:12 - 00015419 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:48 - 2014-01-13 20:28 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:48 - 2014-01-13 20:25 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:09 - 2014-01-14 14:09 - 00060524 _____ C:\Windows\WindowsUpdate.log
2014-01-13 20:04 - 2014-01-14 14:01 - 00001070 _____ C:\Windows\setupact.log
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:03 - 2014-01-14 00:17 - 00019516 _____ C:\Windows\PFRO.log
2014-01-13 19:59 - 2014-01-13 20:02 - 00000000 ____D C:\Windows\pss
2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-04 18:39 - 2014-01-04 18:44 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-02 16:16 - 2014-01-13 20:05 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
2013-12-30 11:05 - 2013-12-30 11:42 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-19 19:56 - 2013-12-27 15:30 - 00000000 ____D C:\Users\Ihor\Desktop\3333

==================== One Month Modified Files and Folders =======

2014-01-14 14:12 - 2014-01-13 20:50 - 00015419 _____ C:\Users\Ihor\Desktop\FRST.txt
2014-01-14 14:09 - 2014-01-13 20:09 - 00060524 _____ C:\Windows\WindowsUpdate.log
2014-01-14 14:09 - 2011-04-16 03:24 - 00666672 _____ C:\Windows\system32\perfh005.dat
2014-01-14 14:09 - 2011-04-16 03:24 - 00140336 _____ C:\Windows\system32\perfc005.dat
2014-01-14 14:09 - 2009-07-14 06:13 - 01577482 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 14:09 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 14:09 - 2009-07-14 05:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 14:06 - 2011-06-10 09:29 - 00000000 ____D C:\Users\Ihor\AppData\Local\CrashDumps
2014-01-14 14:01 - 2014-01-13 20:04 - 00001070 _____ C:\Windows\setupact.log
2014-01-14 14:01 - 2011-06-09 20:20 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 14:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 13:59 - 2014-01-14 13:54 - 00000000 ____D C:\AdwCleaner
2014-01-14 13:59 - 2012-05-02 20:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-14 13:48 - 2014-01-14 13:54 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
2014-01-14 13:46 - 2012-08-25 20:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 13:46 - 2011-06-09 20:20 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 13:13 - 2014-01-14 13:13 - 00559088 _____ C:\Windows\Minidump\011414-34148-01.dmp
2014-01-14 13:13 - 2011-10-20 14:57 - 00000000 ____D C:\Windows\Minidump
2014-01-14 13:12 - 2014-01-14 13:12 - 549593748 _____ C:\Windows\MEMORY.DMP
2014-01-14 00:26 - 2014-01-14 00:26 - 00039242 _____ C:\ComboFix.txt
2014-01-14 00:26 - 2014-01-13 22:10 - 00000000 ____D C:\Qoobox
2014-01-14 00:19 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-14 00:17 - 2014-01-13 22:09 - 00000000 ____D C:\Windows\erdnt
2014-01-14 00:17 - 2014-01-13 20:03 - 00019516 _____ C:\Windows\PFRO.log
2014-01-14 00:17 - 2009-07-14 03:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2014-01-14 00:17 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
2014-01-13 23:09 - 2014-01-13 19:15 - 00000008 _____ C:\Windows\windows.exe.tmp
2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
2014-01-13 23:00 - 2011-06-09 19:47 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-13 23:00 - 2010-12-22 14:10 - 00000000 ____D C:\ProgramData\Norton
2014-01-13 22:25 - 2011-06-09 19:45 - 00000000 ___RD C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 22:25 - 2011-06-09 19:27 - 00000000 ____D C:\Users\Ihor
2014-01-13 22:13 - 2014-01-13 22:14 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
2014-01-13 21:45 - 2014-01-13 21:47 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
2014-01-13 20:49 - 2014-01-13 20:49 - 00000000 ____D C:\FRST
2014-01-13 20:28 - 2014-01-13 20:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ihor\Desktop\FRSTLauncher.exe
2014-01-13 20:28 - 2014-01-13 14:45 - 00000059 ____N C:\Windows\Trojan.exe.tmp
2014-01-13 20:28 - 2014-01-01 18:37 - 00012748 _____ C:\Windows\system32\.tmp
2014-01-13 20:25 - 2014-01-13 20:48 - 02075648 _____ (Farbar) C:\Users\Ihor\Desktop\FRST64.exe
2014-01-13 20:05 - 2014-01-02 16:16 - 00244224 _____ C:\Users\Ihor\AppData\Roaming\plugin.dat
2014-01-13 20:04 - 2014-01-13 20:04 - 00000000 _____ C:\Windows\setuperr.log
2014-01-13 20:02 - 2014-01-13 19:59 - 00000000 ____D C:\Windows\pss
2014-01-13 19:50 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Skype
2014-01-13 19:05 - 2013-05-06 14:42 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-13 19:05 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Macromedia
2014-01-13 18:55 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-13 18:53 - 2014-01-13 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Clickteam
2014-01-13 18:45 - 2013-11-28 20:23 - 00000000 ____D C:\Program Files (x86)\The Games Factory 2
2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
2014-01-11 10:45 - 2009-07-14 06:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 18:27 - 2014-01-05 18:27 - 00000000 ____D C:\Users\Ihor\Desktop\Nová složka (5)
2014-01-04 18:44 - 2014-01-04 18:39 - 00025276 _____ C:\Users\Ihor\AppData\Roaming\addons.dat
2014-01-04 13:50 - 2014-01-04 13:50 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\Micro
2014-01-02 19:39 - 2011-06-09 19:45 - 00000000 ____D C:\Users\Ihor\AppData\Local\VirtualStore
2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
2013-12-30 11:42 - 2013-12-30 11:05 - 00000000 ____D C:\Program Files (x86)\Dead Rising 2 Off The Record
2013-12-30 11:19 - 2010-12-22 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-30 09:43 - 2012-12-25 18:48 - 00000000 ____D C:\Users\Ihor\Desktop\SVJATYK
2013-12-30 09:33 - 2012-03-29 19:44 - 00000000 ____D C:\Users\Ihor\Desktop\nestor
2013-12-29 14:17 - 2011-11-16 19:07 - 00000000 ____D C:\Users\Ihor\AppData\Roaming\.minecraft
2013-12-27 15:30 - 2013-12-19 19:56 - 00000000 ____D C:\Users\Ihor\Desktop\3333
2013-12-23 17:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-22 13:33 - 2011-06-09 20:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-21 15:49 - 2013-12-21 15:49 - 05565454 _____ C:\Users\Ihor\Downloads\mari0-win.zip
2013-12-20 18:53 - 2013-12-20 18:53 - 00254464 _____ C:\Users\Ihor\Downloads\Photoshop-CS6.Exe
2013-12-20 09:05 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-16 13:54 - 2011-06-09 20:20 - 00000000 ____D C:\Users\Ihor\AppData\Local\Google
2013-12-15 05:40 - 2013-11-05 14:14 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 05:32 - 2011-07-16 18:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS


Some content of TEMP:
====================
C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Internet Security (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ihor\Desktop" je 12626 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19
"C:\Users\Ihor\AppData\Local\Temp\windowss.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a
"C:\Users\Ihor\AppData\Local\Temp\hackdragoncity.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2
"C:\Users\Ihor\AppData\Local\Temp\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01
"C:\Users\Ihor\AppData\Local\Temp\HaCkeD.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5
"C:\Users\Ihor\AppData\Roaming\Trojan.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e
"C:\Users\Ihor\AppData\Local\Temp\taskmgr.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf
"C:\Users\Ihor\AppData\Local\Temp\hack.exe" .. [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent
C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager
C:\Program Files (x86)\Launch Manager\LManager.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy
C:\Users\Ihor\AppData\Roaming\Micro\spy.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ffcf52b0cd64d83554855bd6f04fc1f.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2113atgzBG7JnU4ISFsSYJLZCBxd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\225659c6fa2732024934dc96358cf4cb.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\22f881ced422d0a8cfa18224e8da0c19.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2991ca02e1de7b64004ddf2762692c1a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\34a197ecc5748dbb80c6ad3289a7fb7c.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\365bad42f4f98be74c2bf2cacfcb2958.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7350b4ce4c5b9059b3abecb448b12322.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7ae1ff5603ac84828c7a0e5890086b01.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8181fef9f155186026993bbd38cb4855.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81ed0e74a40ed4fe8a36a7b819c4279f.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8515eb34d8f9de5af815466e9715b3e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88b7da58a3e62f24b08f565445b53900.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\912c76a909eaf9ea406e74f23b6290bf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\927023f818e6ce8ef3ccb347194b0a7e.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\958436d9be3c028f3254ca9056e72392.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96692782eb52a518c332d30387fbd310.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\96d5bbd31c1ef1f063007ac1abc25a6c.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\978bcc21dfa55450c519ce5e0cb9b4cb.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a9f2d977c6de2e3f5debaca1def6c0a8.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abb278f5f94f5be17c28e4761048b650.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aee62c22efb71f17ec0744e8f88d8439.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b50b61dd4ed2297cbf16db09c0bed498.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9f53cd24dbd8eb354a1d3b41e105755.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ba4c12bee3027d94da5c81db2d196bfd.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb62e28591030e826081bf1f4a74c0b8.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bec07547ae282f99dd66988f212eb755.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c210b18097fa9ee4b57d8d28130c4154.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdc91361ec959706e6799be39d7a6c26.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e7d208841702e4fe48243dfe74a60ee9.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eb78d0b479ba41606efcf9194e178119.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EwMLMywkRcer8HrZMlWPKHwmHgR.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8a3f37293dcb5954d599b582155c4e5.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd2fbc3c9739d9ceb9388ed7eb6cf440.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iVTdTQxNbPFOwblwth5DPxfTEuXm.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kWuvZfzxlODgGY2XrHt24Rz7TIr.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LGXobePv3iJYZ1FPwBX11xkmzaO.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeMOnAfEuJIYw7IANadhoif8NIJ.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sGwFOYlDsM5oftLTnwIUCP5QpUh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk
C:\Users\Ihor\AppData\Roaming\BROWSE~1\tcbhn.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe
C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UG2L2YusZscSQYJxQEliuRlof2e.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [TMP3E3~1] - "C:\Users\Ihor\AppData\Local\Temp\TMP3E3~1.VBS" <===== ATTENTION
  HKLM-x32\...\Run: [] - [x]
  HKCU\...\Run: [ăíßŃćČĎÇĘí.b] - [x]
  HKCU\...\Run: [mvpjbscryh] - C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs [14270 2014-01-12] () <===== ATTENTION
  HKCU\...\Run: [nxyjekzaeo] - C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs [14270 2014-01-12] () <===== ATTENTION
  HKCU\...\Run: [tdnkeeuwjq] - C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs [14270 2014-01-12] () <===== ATTENTION
  HKCU\...\Run: [tmp4106] - C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs [542852 2014-01-03] () <===== ATTENTION
  HKCU\...\Run: [tmp50DF] - C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [tmpA025] - C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [tmp791A] - C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [tmp6D47] - C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [vdcwwdxbwo] - C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs [14264 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [tmp97EB] - C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs [14276 2013-12-31] () <===== ATTENTION
  HKCU\...\Run: [TMP6D4~1] - C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [TMP791~1] - C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [TMP50D~1] - C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS [11517 2014-01-02] () <===== ATTENTION
  HKCU\...\Run: [TMPA02~1] - C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS [11517 2014-01-02] () <===== ATTENTION
  HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
  HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mvpjbscryh..vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nxyjekzaeo..vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tdnkeeuwjq..vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp3E3F.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp4106.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp50DF.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp6D47.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp791A.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp7E34.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp97EB.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpA025.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD81C.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF24A.tmp.vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vdcwwdxbwo..vbs ()
  Startup: C:\Users\Ihor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
  
  SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
  SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKCU - {B8D6B2AC-226A-402F-883E-D1F3D529C592} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=6F44F2EB-C8A3-40C6-901D-2299CC053965&apn_sauid=ECFB09E9-B264-4153-9235-F524D3965BD1
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
  Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
  
  CHR DefaultSearchKeyword: askws
  CHR DefaultSearchProvider: Ask.com
  CHR DefaultNewTabURL: 
  CHR Plugin: (Injovo Extension Plugin) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.426_0\npbrowserext.dll No File
  CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
  CHR Extension: (wxDfast) - C:\Users\Ihor\AppData\Local\Google\Chrome\User Data\Default\Extensions\epohjfbhajfojachcgdhgegmaadodlcd\1.0_0 [2012-08-25]
  CHR HKLM-x32\...\Chrome\Extension: [epohjfbhajfojachcgdhgegmaadodlcd] - C:\ProgramData\wxDfast\epohjfbhajfojachcgdhgegmaadodlcd.crx [2012-11-07]
  
  S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [x]
  
  C:\Program Files\Protector by IB
  2014-01-13 23:03 - 2014-01-13 23:03 - 00000000 ____D C:\ProgramData\Symantec
  2014-01-13 21:48 - 2014-01-13 21:48 - 00004582 _____ C:\Users\Ihor\Desktop\Rkill.txt
  2014-01-13 21:47 - 2014-01-13 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ihor\Desktop\rkill.exe
  2014-01-13 22:14 - 2014-01-13 22:13 - 05166068 ____R (Swearware) C:\Users\Ihor\Desktop\ComboFix11.exe
  2014-01-14 13:54 - 2014-01-14 13:48 - 01236282 _____ C:\Users\Ihor\Desktop\adwcleaner.exe
  2014-01-14 00:08 - 2014-01-14 00:08 - 00001204 _____ C:\CF-Submit.htm
  2014-01-13 19:15 - 2014-01-13 23:09 - 00000008 _____ C:\Windows\windows.exe.tmp
  2014-01-13 14:45 - 2014-01-13 20:28 - 00000059 ____N C:\Windows\Trojan.exe.tmp
  2014-01-13 14:09 - 2014-01-13 14:09 - 00024064 _____ C:\Users\Ihor\Documents\Server1.exe
  2014-01-12 14:53 - 2014-01-12 14:53 - 00619520 ____N (Microsoft Corporation) C:\Windows\server.exe
  2014-01-01 18:37 - 2014-01-13 20:28 - 00012748 _____ C:\Windows\system32\.tmp
  2014-01-01 14:05 - 2014-01-01 14:05 - 00029696 ____N C:\Windows\windows.exe
  C:\Users\Ihor\AppData\Local\Temp\mvpjbscryh..vbs
  C:\Users\Ihor\AppData\Local\Temp\nxyjekzaeo..vbs
  C:\Users\Ihor\AppData\Local\Temp\tdnkeeuwjq..vbs
  C:\Users\Ihor\AppData\Local\Temp\tmp4106.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\tmp50DF.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\tmpA025.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\tmp791A.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\tmp6D47.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\vdcwwdxbwo..vbs
  C:\Users\Ihor\AppData\Local\Temp\tmp97EB.tmp.vbs
  C:\Users\Ihor\AppData\Local\Temp\TMP6D4~1.VBS
  C:\Users\Ihor\AppData\Local\Temp\TMP791~1.VBS
  C:\Users\Ihor\AppData\Local\Temp\TMP50D~1.VBS
  C:\Users\Ihor\AppData\Local\Temp\TMPA02~1.VBS
  C:\Users\Ihor\AppData\Local\Temp\Quarantine.exe
  C:\Program Files (x86)\Iminent
  C:\Program Files (x86)\Optimizer Pro
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22f881ced422d0a8cfa18224e8da0c19" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2991ca02e1de7b64004ddf2762692c1a" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd8f17f4086744065eb0992a09e05a2" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7ae1ff5603ac84828c7a0e5890086b01" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8515eb34d8f9de5af815466e9715b3e5" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\927023f818e6ce8ef3ccb347194b0a7e" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\df405cf21c5c2ea6bf1bdcbf5b1e0bcf" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spy" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^1ffcf52b0cd64d83554855bd6f04fc1f.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2113atgzBG7JnU4ISFsSYJLZCBxd.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^225659c6fa2732024934dc96358cf4cb.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^22f881ced422d0a8cfa18224e8da0c19.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2991ca02e1de7b64004ddf2762692c1a.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^34a197ecc5748dbb80c6ad3289a7fb7c.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^365bad42f4f98be74c2bf2cacfcb2958.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^5cd8f17f4086744065eb0992a09e05a2.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6d0e9f17ea6b0b17fcc3b3d388e9e19d.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7350b4ce4c5b9059b3abecb448b12322.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ae1ff5603ac84828c7a0e5890086b01.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8181fef9f155186026993bbd38cb4855.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^81ed0e74a40ed4fe8a36a7b819c4279f.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8515eb34d8f9de5af815466e9715b3e5.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^85ce27c90f0ba2b98ceb888e2ca7acde.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^88b7da58a3e62f24b08f565445b53900.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^8IEVfHGetHjNhPokt1fxjPbhTinU5a.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^912c76a909eaf9ea406e74f23b6290bf.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^927023f818e6ce8ef3ccb347194b0a7e.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^958436d9be3c028f3254ca9056e72392.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96692782eb52a518c332d30387fbd310.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^96d5bbd31c1ef1f063007ac1abc25a6c.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^978bcc21dfa55450c519ce5e0cb9b4cb.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a9f2d977c6de2e3f5debaca1def6c0a8.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^abb278f5f94f5be17c28e4761048b650.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aee62c22efb71f17ec0744e8f88d8439.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b50b61dd4ed2297cbf16db09c0bed498.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b9f53cd24dbd8eb354a1d3b41e105755.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ba4c12bee3027d94da5c81db2d196bfd.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bb62e28591030e826081bf1f4a74c0b8.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bec07547ae282f99dd66988f212eb755.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^c210b18097fa9ee4b57d8d28130c4154.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cdc91361ec959706e6799be39d7a6c26.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^df405cf21c5c2ea6bf1bdcbf5b1e0bcf.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^e7d208841702e4fe48243dfe74a60ee9.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^eb78d0b479ba41606efcf9194e178119.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EwMLMywkRcer8HrZMlWPKHwmHgR.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^f8a3f37293dcb5954d599b582155c4e5.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fd2fbc3c9739d9ceb9388ed7eb6cf440.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gtNvFAUT5ks1p9ktznHAcbAQEXTPt.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ITwQS8A9sQhkiE3km6m8NgpzYRNiF.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iVTdTQxNbPFOwblwth5DPxfTEuXm.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^kWuvZfzxlODgGY2XrHt24Rz7TIr.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LGXobePv3iJYZ1FPwBX11xkmzaO.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NeMOnAfEuJIYw7IANadhoif8NIJ.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^rhePF2UrJywJ5kWKIaezg1Z6gn2FMx.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sGwFOYlDsM5oftLTnwIUCP5QpUh.exe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ihor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UG2L2YusZscSQYJxQEliuRlof2e.exe" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt