CPU 100%

Zpráva

kikirik · #1 Příspěvek od **kikirik** » 18 led 2014 20:54

ahoj, prosím o kontrolu logu, NB hned po spustení má CPU na 100%.
ďakujem

Logfile of random's system information tool 1.09 (written by random/random)
Run by ntb at 2014-01-18 20:33:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 97 GB (21%) free of 458 GB
Total RAM: 3894 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:35:06, on 18. 1. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ntb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPCON/6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0035578 - {11111111-1111-1111-1111-110311551178} - C:\Program Files (x86)\Torntv 2\Torntv 2-bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [msfmyrlgSrv] C:\Windows\inf\msfmyrlg.vbe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12017 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
taskeng.exe {F15E3CC5-96C8-4777-9198-228A176C2B6D}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"
"C:\Program Files\Realtek\RtVOsd\RtVOsd.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskmgr.exe /3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1408.0.1814650043\1216561275" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,5,13,23 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2509 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group2 pct:10b stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="1408.1.861921922\1230706771" /prefetch:673131151
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group2 pct:10b stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="1408.2.237143098\1041443884" /prefetch:673131151
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group2 pct:10b stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_54/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --enable-software-compositing --channel="1408.3.1946583321\2079078570" /prefetch:673131151
taskeng.exe {4427E859-48F4-4318-86D2-B1A754AEB728}
"C:\Users\ntb\Downloads\RSITx64 (1).exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
C:\Windows\tasks\HPCeeScheduleForNTB-HP$.job
C:\Windows\tasks\HPCeeScheduleForntb.job
C:\Windows\tasks\Torntv 2-codedownloader.job
C:\Windows\tasks\Torntv 2-enabler.job
C:\Windows\tasks\Torntv 2-updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default

prefs.js - "browser.startup.homepage" - "http://google.sk"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=SP_ss ... D=54545&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonEU\NGM\npNxGameEU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg_igeared.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\extensions\
{7a5f72d2-9bbf-443f-9d35-26fc7e858e77}

C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\searchplugins\
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14 6307960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-18 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178}]
Torntv 2 - C:\Program Files (x86)\Torntv 2\Torntv 2-bho.dll [2013-07-02 748032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-31 64672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-10-18 1485112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2010-10-18 1485112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-13 2281256]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-09-22 6489704]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-31 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-31 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-31 416024]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-02-05 415680]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-31 790176]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-31 657056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-01-14 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 116648]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2013-11-29 3806544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv]
C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2013-11-15 2044]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE [2010-09-28 1040952]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2010-08-30 61112]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2010-10-13 111928]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"msfmyrlgSrv"=C:\Windows\inf\msfmyrlg.vbe [2013-08-27 1558]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-31 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-10-18 52920]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-01-18 20:33:51 ----D---- C:\Program Files\trend micro
2014-01-18 20:33:44 ----D---- C:\rsit
2014-01-18 19:45:33 ----D---- C:\Windows\pss
2014-01-18 17:52:47 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-01-18 17:52:40 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-18 17:52:40 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-01-18 17:52:40 ----A---- C:\Windows\SYSWOW64\java.exe
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-15 22:08:37 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-01-15 22:08:36 ----A---- C:\Windows\system32\win32k.sys
2014-01-15 22:08:36 ----A---- C:\Windows\system32\drivers\netio.sys
2014-01-01 17:26:17 ----D---- C:\Users\ntb\AppData\Roaming\PotPlayerMini64
2014-01-01 17:25:03 ----D---- C:\Program Files\DAUM
2013-12-28 10:42:09 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

======List of files/folders modified in the last 1 month======

2014-01-18 20:33:51 ----RD---- C:\Program Files
2014-01-18 20:33:01 ----D---- C:\Windows\Temp
2014-01-18 19:51:50 ----A---- C:\Windows\SYSWOW64\log.txt
2014-01-18 19:50:16 ----D---- C:\Windows\system32\config
2014-01-18 19:49:49 ----D---- C:\Users\ntb\AppData\Roaming\ZumoDrive
2014-01-18 19:45:33 ----D---- C:\Windows
2014-01-18 19:28:53 ----SHD---- C:\Windows\Installer
2014-01-18 19:28:21 ----SHD---- C:\System Volume Information
2014-01-18 17:53:04 ----D---- C:\ProgramData\Oracle
2014-01-18 17:52:47 ----D---- C:\Windows\SysWOW64
2014-01-18 17:52:40 ----D---- C:\Program Files (x86)\Java
2014-01-18 10:48:00 ----D---- C:\Windows\System32
2014-01-18 10:48:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-18 10:47:59 ----D---- C:\Windows\inf
2014-01-17 15:08:59 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-17 15:07:45 ----D---- C:\Windows\Prefetch
2014-01-16 14:48:55 ----D---- C:\Windows\winsxs
2014-01-16 14:45:54 ----D---- C:\Windows\system32\drivers
2014-01-16 14:45:52 ----D---- C:\Windows\system32\DriverStore
2014-01-16 00:19:10 ----D---- C:\ProgramData\Microsoft Help
2014-01-16 00:13:55 ----D---- C:\Windows\system32\MRT
2014-01-16 00:13:42 ----A---- C:\Windows\system32\MRT.exe
2014-01-15 22:08:29 ----D---- C:\Windows\system32\catroot
2014-01-15 22:08:28 ----D---- C:\Windows\system32\catroot2
2014-01-01 17:23:19 ----D---- C:\Program Files (x86)
2013-12-29 09:30:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 10:31:29 ----D---- C:\Windows\Tasks
2013-12-28 10:31:29 ----D---- C:\Windows\system32\Tasks
2013-12-20 18:31:27 ----SD---- C:\Users\ntb\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-13 540696]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-31 29344]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-09-28 31088]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-08-31 12306848]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2013-11-15 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-09-22 2494056]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-09-13 1390640]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-31 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2011-03-31 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-31 259232]
S3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-03-31 109216]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-31 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-31 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-31 283296]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-31 287392]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-31 75936]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-02-09 18720]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2012-08-10 1001376]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-16 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-04-21 1432400]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-28 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-16 1255736]
S4 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 WebCake Desktop Updater;WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [2013-08-19 51992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 18 led 2014 21:49

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

kikirik · #3 Příspěvek od **kikirik** » 19 led 2014 09:37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by ntb on so 18. 01. 2014 at 23:06:30,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] webcake desktop updater
Successfully deleted: [Service] webcake desktop updater

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2255258162-3851658991-3524058132-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2255258162-3851658991-3524058132-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf67f764-95b6-4360-bb57-b2e5aa6c814b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322552278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_colin-mcrae-dirt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_colin-mcrae-dirt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_skype(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_skype(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_skype_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_skype_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_colin-mcrae-dirt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_colin-mcrae-dirt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_skype(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_skype(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_skype_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_skype_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0935D14-C3DB-47BF-91EE-56513253F2DD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\ntb\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\ntb\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\ntb\appdata\local\babylon"
Failed to delete: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv 2"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\user.js
Successfully deleted: [File] C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\extensions\trtv3@trtv.com.xpi
Successfully deleted: [File] C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\conduitcommon
Successfully deleted the following from C:\Users\ntb\AppData\Roaming\mozilla\firefox\profiles\78xc584o.default\prefs.js

user_pref("CT2697549..clientLogIsEnabled", true);
user_pref("CT2697549..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2697549..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2697549.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2697549.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2697549.CT2697549", "CT2697549");
user_pref("CT2697549.CurrentServerDate", "15-10-2011");
user_pref("CT2697549.DSChangedManually", true);
user_pref("CT2697549.DSInstall", true);
user_pref("CT2697549.DialogsAlignMode", "LTR");
user_pref("CT2697549.DialogsGetterLastCheckTime", "Thu Oct 13 2011 17:33:34 GMT+0200");
user_pref("CT2697549.DownloadReferralCookieData", "");
user_pref("CT2697549.EMailNotifierPollDate", "Sat Oct 15 2011 14:45:09 GMT+0200");
user_pref("CT2697549.FirstServerDate", "6-10-2011");
user_pref("CT2697549.FirstTime", true);
user_pref("CT2697549.FirstTimeFF3", true);
user_pref("CT2697549.FixPageNotFoundErrors", true);
user_pref("CT2697549.GroupingServerCheckInterval", 1440);
user_pref("CT2697549.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2697549.HPChangedManually", false);
user_pref("CT2697549.HPInstall", true);
user_pref("CT2697549.HasUserGlobalKeys", true);
user_pref("CT2697549.HomePageProtectorEnabled", false);
user_pref("CT2697549.HomepageBeforeUnload", "hxxp://google.sk");
user_pref("CT2697549.Initialize", true);
user_pref("CT2697549.InitializeCommonPrefs", true);
user_pref("CT2697549.InstallationAndCookieDataSentCount", 3);
user_pref("CT2697549.InstallationType", "Unknown");
user_pref("CT2697549.InstalledDate", "Thu Oct 06 2011 09:06:42 GMT+0200");
user_pref("CT2697549.InvalidateCache", false);
user_pref("CT2697549.IsAlertDBUpdated", true);
user_pref("CT2697549.IsGrouping", false);
user_pref("CT2697549.IsInitSetupIni", true);
user_pref("CT2697549.IsMulticommunity", false);
user_pref("CT2697549.IsOpenThankYouPage", true);
user_pref("CT2697549.IsOpenUninstallPage", true);
user_pref("CT2697549.IsProtectorsInit", true);
user_pref("CT2697549.LanguagePackLastCheckTime", "Fri Oct 14 2011 16:36:59 GMT+0200");
user_pref("CT2697549.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2697549.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2697549.LastLogin_3.7.0.6", "Mon Oct 10 2011 17:33:33 GMT+0200");
user_pref("CT2697549.LastLogin_3.8.0.8", "Sat Oct 15 2011 14:45:10 GMT+0200");
user_pref("CT2697549.LatestVersion", "3.5.0.12");
user_pref("CT2697549.Locale", "en");
user_pref("CT2697549.MCDetectTooltipHeight", "83");
user_pref("CT2697549.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2697549.MCDetectTooltipWidth", "295");
user_pref("CT2697549.MyStuffEnabledAtInstallation", false);
user_pref("CT2697549.OriginalFirstVersion", "3.7.0.6");
user_pref("CT2697549.RadioIsPodcast", false);
user_pref("CT2697549.RadioLastCheckTime", "Fri Oct 14 2011 16:36:58 GMT+0200");
user_pref("CT2697549.RadioLastUpdateIPServer", "0");
user_pref("CT2697549.RadioLastUpdateServer", "129481927968270000");
user_pref("CT2697549.RadioMediaID", "21366191");
user_pref("CT2697549.RadioMediaType", "Media Player");
user_pref("CT2697549.RadioMenuSelectedID", "EBRadioMenu_CT269754921366191");
user_pref("CT2697549.RadioShrinkedFromSetup", false);
user_pref("CT2697549.RadioStationName", "News%20-%20Info%20Wars");
user_pref("CT2697549.RadioStationURL", "hxxp://www.infowars.com/infowars.asx");
user_pref("CT2697549.SHRINK_TOOLBAR", 1);
user_pref("CT2697549.SavedHomepage", "www.google.sk");
user_pref("CT2697549.SearchCaption", "85Play_Games Customized Web Search");
user_pref("CT2697549.SearchEngineBeforeUnload", "Google");
user_pref("CT2697549.SearchFromAddressBarIsInit", true);
user_pref("CT2697549.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&q=");
user_pref("CT2697549.SearchInNewTabEnabled", true);
user_pref("CT2697549.SearchInNewTabIntervalMM", 1440);
user_pref("CT2697549.SearchInNewTabLastCheckTime", "Fri Oct 14 2011 16:36:55 GMT+0200");
user_pref("CT2697549.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2697549.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2697549.SearchProtectorEnabled", false);
user_pref("CT2697549.SearchProtectorToolbarDisabled", true);
user_pref("CT2697549.SendProtectorDataViaLogin", true);
user_pref("CT2697549.ServiceMapLastCheckTime", "Fri Oct 14 2011 16:36:57 GMT+0200");
user_pref("CT2697549.SettingsLastCheckTime", "Sat Oct 15 2011 14:45:08 GMT+0200");
user_pref("CT2697549.SettingsLastUpdate", "1312887586");
user_pref("CT2697549.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2697549&SearchSource=13");
user_pref("CT2697549.ThirdPartyComponentsInterval", 504);
user_pref("CT2697549.ThirdPartyComponentsLastCheck", "Thu Oct 06 2011 09:06:40 GMT+0200");
user_pref("CT2697549.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2697549.ToolbarDisabled", true);
user_pref("CT2697549.ToolbarShrinkedFromSetup", false);
user_pref("CT2697549.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2697549");
user_pref("CT2697549.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2697549.UserID", "UN93665706748260567");
user_pref("CT2697549.ValidationData_Toolbar", 2);
user_pref("CT2697549.WeatherNetwork", "");
user_pref("CT2697549.WeatherPollDate", "Sat Oct 15 2011 14:45:11 GMT+0200");
user_pref("CT2697549.WeatherUnit", "C");
user_pref("CT2697549.alertChannelId", "1089913");
user_pref("CT2697549.backendstorage.facebook_ctid_connect_send_new", "73656E646564");
user_pref("CT2697549.backendstorage.facebook_mode", "32");
user_pref("CT2697549.backendstorage.facebook_user_locale", "656E");
user_pref("CT2697549.components.1000080", true);
user_pref("CT2697549.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2697549.globalFirstTimeInfoLastCheckTime", "Sat Oct 15 2011 14:45:10 GMT+0200");
user_pref("CT2697549.homepageProtectorEnableByLogin", true);
user_pref("CT2697549.initDone", true);
user_pref("CT2697549.isAppTrackingManagerOn", true);
user_pref("CT2697549.isFirstRadioInstallation", false);
user_pref("CT2697549.myStuffEnabled", true);
user_pref("CT2697549.myStuffPublihserMinWidth", 400);
user_pref("CT2697549.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2697549.myStuffServiceIntervalMM", 1440);
user_pref("CT2697549.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2697549.oldAppsList", "129230149899488137,129230149899488138,111,129290145886943788,129288516223350698,129295465080606616,129288516342256830,1000082,1292937973738
user_pref("CT2697549.revertSettingsEnabled", true);
user_pref("CT2697549.searchProtectorDialogDelayInSec", 10);
user_pref("CT2697549.searchProtectorEnableByLogin", true);
user_pref("CT2697549.testingCtid", "");
user_pref("CT2697549.toolbarAppMetaDataLastCheckTime", "Fri Oct 14 2011 16:36:59 GMT+0200");
user_pref("CT2697549.toolbarContextMenuLastCheckTime", "Thu Oct 06 2011 09:06:42 GMT+0200");
user_pref("CT2697549.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2697549&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "85Play_Games Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1089913/1085617/SK", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2697549", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2697549", "\"634531597989330000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2697549&octid=CT2697549", "\"1312887586\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/equalizer_dead.gif", "\"0edf93762fc81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/minimize.gif", "\"0de996742fc81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play.gif", "\"0ec8aff762fc81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/stop.gif", "\"076720782fc81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/vol.gif", "\"0c7aecb742fc81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a3a61aa4d6e207cac364094a4efba2b6\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ntb\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\78xc584o.default\\conduitCommon\\modules\\3.8.0.8");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=788fbb5000000000000018f46ababa02&tlver=1.4.31.2&instlRef=std&affID=5
user_pref("CommunityToolbar.ToolbarsList", "CT2697549");
user_pref("CommunityToolbar.ToolbarsList2", "CT2697549");
user_pref("CommunityToolbar.ToolbarsList4", "CT2697549");
user_pref("CommunityToolbar.globalUserId", "582b9624-bf2c-4b00-a8d7-093dd4dbdc9e");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2697549");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Oct 13 2011 17:24:09 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Oct 14 2011 16:37:05 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Oct 14 2011 16:36:57 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "f12b2494-ed25-4c46-b876-09391139874e");
user_pref("CommunityToolbar.originalHomepage", "www.google.sk");
user_pref("CommunityToolbar.originalSearchEngine", "Google");
user_pref("browser.search.defaultthis.engineName", "85Play_Games Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2697549&SearchSource=3&q={searchTerms}");
user_pref("extensions.BabylonToolbar.bbDpng", 16);
user_pref("extensions.BabylonToolbar.cntry", "SK");
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "0E979BD5A765BB456E9FEA4CD2D253C5");
user_pref("extensions.BabylonToolbar.lastActv", "16");
user_pref("extensions.BabylonToolbar.lastDP", 16);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.217:54:57");
user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=788fbb5000000000000018f46ababa02&tlver=1.4.31.2&instlRef=std&affID=54545&q=");
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=788fbb5000000000000018f46ababa02&tlver=1.4.31.2&instlRef=std&affID=54545&q=")
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.simapp_id", "{43DAF9E9-C4FB-11E0-A313-3C4A92548F94}");

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 19. 01. 2014 at 8:55:02,90
End of JRT log

kikirik · #4 Příspěvek od **kikirik** » 19 led 2014 09:38

AdwCleaner v3.017 - Report created 19/01/2014 at 09:00:10
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ntb - NTB-HP
# Running from : C:\Users\ntb\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\ntb\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\deti.ntb-HP\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\deti.ntb-HP\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\deti.ntb-HP\AppData\Roaming\iWin
Folder Deleted : C:\Users\ANdrejovko\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\SweetIMToolbarData
Folder Deleted : C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\CT2697549
Folder Deleted : C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\Extensions\{7a5f72d2-9bbf-443f-9d35-26fc7e858e77}
File Deleted : C:\Users\ntb\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\Software\Classes\Installer\Features\467F76FB6B590634BB752B5EAAC618B4
Key Deleted : HKLM\Software\Classes\Installer\Products\467F76FB6B590634BB752B5EAAC618B4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v10.0.2 (sk)

[ File : C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\prefs.js ]

Line Deleted : user_pref("CT2697549.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1089913/1085617/SK", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2697549", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2697549", "\"634531597989330000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2697549&octid=CT2697549", "\"1312887586\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/equalizer_dead.gif", "\"0edf93762fc81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/minimize.gif", "\"0de996742fc81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play.gif", "\"0ec8aff762fc81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/stop.gif", "\"076720782fc81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/vol.gif", "\"0c7aecb742fc81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a3a61aa4d6e207cac364094a4efba2b6\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\ntb\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\78xc584o.default\\conduitCommon\\modules\\3.8.0.8");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]

[ File : C:\Users\deti.ntb-HP\AppData\Roaming\Mozilla\Firefox\Profiles\ssvk7ibg.default\prefs.js ]

[ File : C:\Users\ANdrejovko\AppData\Roaming\Mozilla\Firefox\Profiles\qxm4wd0o.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\deti.ntb-HP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7402 octets] - [19/01/2014 08:58:18]
AdwCleaner[S0].txt - [7417 octets] - [19/01/2014 09:00:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7477 octets] ##########

#5 Příspěvek od **vyosek** » 19 led 2014 09:59

Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

kikirik · #6 Příspěvek od **kikirik** » 19 led 2014 12:30

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2014 03
Ran by ntb (administrator) on NTB-HP on 19-01-2014 10:10:53
Running from C:\Users\ntb\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 041b
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\ntb\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [msfmyrlgSrv] - C:\Windows\inf\msfmyrlg.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-16] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: []
MountPoints2: E - E:\autorun.exe
MountPoints2: {02d976b5-7f44-11e1-8faa-3c4a92548f94} - H:\Autorun.exe
MountPoints2: {02d976ca-7f44-11e1-8faa-3c4a92548f94} - I:\Autorun.exe
HKU\ANdrejovko\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\ANdrejovko\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\ANdrejovko\...\Policies\system: [LogonHoursAction] 2
HKU\ANdrejovko\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\deti.ntb-HP\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\deti.ntb-HP\...\Run: [Google Update] - C:\Users\deti.ntb-HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-01] (Google Inc.)
HKU\deti.ntb-HP\...\Run: [Akamai NetSession Interface] - C:\Users\deti.ntb-HP\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\deti.ntb-HP\...\Run: [Facebook Update] - C:\Users\deti.ntb-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-03] (Facebook Inc.)
HKU\deti.ntb-HP\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\deti.ntb-HP\...\Policies\system: [DisableLockWorkstation] 0
HKU\deti.ntb-HP\...\Policies\system: [DisableChangePassword] 0
HKU\deti.ntb-HP\...\Policies\system: [LogonHoursAction] 2
HKU\deti.ntb-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPCON/6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... =Notebooks
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... =Notebooks
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-18] (EasyBits Software Corp.)

FireFox:
========
FF ProfilePath: C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://google.sk
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @powerchallenge.com/PowerLoader - C:\Users\ntb\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ntb\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ntb\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ntb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml
FF Extension: Adblock Plus - C:\Users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-08-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-02]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\ntb\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ntb\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ntb\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
CHR Plugin: (Power Challenge Loader) - C:\Users\ntb\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
CHR Plugin: (Unity Player) - C:\Users\ntb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\ntb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Adblock Plus) - C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-06]
CHR Extension: (Pe\u0148a\u017Eenka Google) - C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18720 2012-02-09] (Autodesk, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-19 10:10 - 2014-01-19 10:12 - 00017255 _____ C:\Users\ntb\Desktop\FRST.txt
2014-01-19 10:10 - 2014-01-19 10:10 - 00000000 ____D C:\FRST
2014-01-19 10:07 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Desktop\FRSTLauncher.exe
2014-01-19 10:06 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Downloads\FRSTLauncher.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Downloads\FRST64.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Desktop\FRST64.exe
2014-01-19 08:57 - 2014-01-19 09:00 - 00000000 ____D C:\AdwCleaner
2014-01-19 08:55 - 2014-01-19 08:55 - 00028950 _____ C:\Users\ntb\Desktop\JRT.txt
2014-01-18 23:06 - 2014-01-18 23:06 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 22:01 - 2014-01-18 22:00 - 01236282 _____ C:\Users\ntb\Desktop\adwcleaner.exe
2014-01-18 22:00 - 2014-01-18 22:06 - 00552798 _____ C:\Users\ntb\Downloads\adwcleaner (1).exe
2014-01-18 21:58 - 2014-01-18 21:52 - 01037068 _____ (Thisisu) C:\Users\ntb\Desktop\JRT.exe
2014-01-18 21:53 - 2014-01-18 22:04 - 01236282 _____ C:\Users\ntb\Downloads\adwcleaner.exe
2014-01-18 21:51 - 2014-01-18 21:58 - 01037068 _____ (Thisisu) C:\Users\ntb\Downloads\JRT.exe
2014-01-18 20:33 - 2014-01-18 20:36 - 00000000 ____D C:\rsit
2014-01-18 20:33 - 2014-01-18 20:35 - 00000000 ____D C:\Program Files\trend micro
2014-01-18 20:24 - 2014-01-18 20:27 - 00935175 _____ C:\Users\ntb\Downloads\RSITx64 (1).exe
2014-01-18 19:45 - 2014-01-18 19:45 - 00000000 ____D C:\Windows\pss
2014-01-18 17:59 - 2014-01-18 18:00 - 14849989 _____ C:\Users\ntb\Downloads\Antarctic.themepack
2014-01-18 17:52 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 17:52 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 17:52 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 17:52 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-18 17:51 - 2014-01-18 17:52 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:08 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 22:08 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 22:08 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 22:08 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-11 09:35 - 2014-01-11 14:27 - 00000000 ____D C:\Users\ANdrejovko\Desktop\WOW
2014-01-06 21:54 - 2014-01-06 21:54 - 00605152 _____ C:\Users\ntb\Downloads\PHPWebQuiz (1).zip
2014-01-01 19:20 - 2014-01-01 19:20 - 00605152 _____ C:\Users\ntb\Downloads\PHPWebQuiz.zip
2014-01-01 17:26 - 2014-01-01 17:26 - 00000000 ____D C:\Users\ntb\AppData\Roaming\PotPlayerMini64
2014-01-01 17:26 - 2014-01-01 17:26 - 00000000 ____D C:\Users\ntb\AppData\Local\Daum
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Users\ntb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Program Files\DAUM
2014-01-01 17:23 - 2014-01-01 17:24 - 14263255 _____ C:\Users\ntb\Downloads\PotPlayer1.5.39659-x64.EXE
2013-12-29 23:14 - 2013-12-29 23:14 - 00395776 _____ C:\Users\ntb\Downloads\II_Uloha_udrzby_Riadnie.ppt
2013-12-29 11:08 - 2013-12-29 11:08 - 00411648 _____ C:\Users\ntb\Downloads\Prednaska_dvanast_02.ppt
2013-12-29 11:03 - 2013-12-29 11:03 - 00017408 _____ C:\Users\ntb\Downloads\chi2.xls
2013-12-28 15:04 - 2013-12-28 15:04 - 00274944 _____ C:\Users\ntb\Downloads\Prednaska_desat_02.ppt
2013-12-28 14:07 - 2013-12-28 14:07 - 00589824 _____ C:\Users\ntb\Downloads\prednáška5.ppt
2013-12-28 12:08 - 2013-12-28 12:08 - 00887808 _____ C:\Users\ntb\Downloads\STATISTIKA.ppt
2013-12-28 10:42 - 2013-12-28 10:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-23 09:41 - 2013-12-23 09:41 - 00070656 _____ (Anthoria) C:\Users\ntb\Downloads\Anthoria_Launcher.exe

==================== One Month Modified Files and Folders =======

2014-01-19 10:12 - 2014-01-19 10:10 - 00017255 _____ C:\Users\ntb\Desktop\FRST.txt
2014-01-19 10:10 - 2014-01-19 10:10 - 00000000 ____D C:\FRST
2014-01-19 10:06 - 2014-01-19 10:07 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Desktop\FRSTLauncher.exe
2014-01-19 10:06 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Downloads\FRSTLauncher.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Downloads\FRST64.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Desktop\FRST64.exe
2014-01-19 09:54 - 2012-05-01 14:27 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
2014-01-19 09:33 - 2012-04-16 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 09:20 - 2011-04-20 11:43 - 01285751 _____ C:\Windows\WindowsUpdate.log
2014-01-19 09:16 - 2012-04-16 17:25 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000UA.job
2014-01-19 09:13 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-19 09:13 - 2009-07-14 05:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 09:06 - 2013-08-23 16:39 - 00014477 _____ C:\Windows\setupact.log
2014-01-19 09:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-19 09:00 - 2014-01-19 08:57 - 00000000 ____D C:\AdwCleaner
2014-01-19 09:00 - 2012-04-16 17:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000Core.job
2014-01-19 08:56 - 2010-10-19 02:31 - 00730020 _____ C:\Windows\system32\perfh010.dat
2014-01-19 08:56 - 2010-10-19 02:31 - 00145902 _____ C:\Windows\system32\perfc010.dat
2014-01-19 08:56 - 2009-07-14 06:13 - 01654670 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 08:55 - 2014-01-19 08:55 - 00028950 _____ C:\Users\ntb\Desktop\JRT.txt
2014-01-19 08:55 - 2012-05-10 11:15 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C994EC5-4C10-4C2C-B41C-CA0800F06C73}
2014-01-19 08:54 - 2013-10-03 09:37 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
2014-01-18 23:06 - 2014-01-18 23:06 - 00000000 ____D C:\Windows\ERUNT
2014-01-18 22:06 - 2014-01-18 22:00 - 00552798 _____ C:\Users\ntb\Downloads\adwcleaner (1).exe
2014-01-18 22:04 - 2014-01-18 21:53 - 01236282 _____ C:\Users\ntb\Downloads\adwcleaner.exe
2014-01-18 22:00 - 2014-01-18 22:01 - 01236282 _____ C:\Users\ntb\Desktop\adwcleaner.exe
2014-01-18 21:58 - 2014-01-18 21:51 - 01037068 _____ (Thisisu) C:\Users\ntb\Downloads\JRT.exe
2014-01-18 21:52 - 2014-01-18 21:58 - 01037068 _____ (Thisisu) C:\Users\ntb\Desktop\JRT.exe
2014-01-18 20:36 - 2014-01-18 20:33 - 00000000 ____D C:\rsit
2014-01-18 20:35 - 2014-01-18 20:33 - 00000000 ____D C:\Program Files\trend micro
2014-01-18 20:27 - 2014-01-18 20:24 - 00935175 _____ C:\Users\ntb\Downloads\RSITx64 (1).exe
2014-01-18 19:52 - 2013-02-19 13:49 - 00000000 ____D C:\Users\ntb\AppData\Local\LogMeIn Hamachi
2014-01-18 19:49 - 2013-11-16 16:26 - 00000000 ____D C:\Users\ntb\AppData\Roaming\ZumoDrive
2014-01-18 19:45 - 2014-01-18 19:45 - 00000000 ____D C:\Windows\pss
2014-01-18 18:00 - 2014-01-18 17:59 - 14849989 _____ C:\Users\ntb\Downloads\Antarctic.themepack
2014-01-18 17:53 - 2013-12-06 09:38 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 17:52 - 2014-01-18 17:51 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 17:52 - 2013-08-15 20:22 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-18 10:42 - 2013-10-03 09:37 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
2014-01-17 22:31 - 2013-11-15 15:24 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForntb
2014-01-17 22:31 - 2013-11-15 15:24 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForntb.job
2014-01-17 20:35 - 2011-05-26 10:28 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNTB-HP$
2014-01-17 20:35 - 2011-05-26 10:28 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForNTB-HP$.job
2014-01-17 15:09 - 2011-06-16 10:21 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-17 15:08 - 2011-12-16 22:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-16 14:48 - 2009-07-14 05:45 - 00425360 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 00:19 - 2011-06-16 12:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 00:18 - 2013-08-16 19:44 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:13 - 2011-06-16 10:25 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 22:01 - 2011-07-19 13:45 - 00000000 ____D C:\Users\ntb\AppData\Local\CrashDumps
2014-01-12 20:34 - 2011-10-15 14:09 - 00000000 ____D C:\Users\ntb\Documents\skola
2014-01-12 13:54 - 2012-05-01 14:27 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
2014-01-11 15:33 - 2013-11-25 13:11 - 00000000 ____D C:\Users\ANdrejovko\AppData\Roaming\ZumoDrive
2014-01-11 14:27 - 2014-01-11 09:35 - 00000000 ____D C:\Users\ANdrejovko\Desktop\WOW
2014-01-11 14:26 - 2013-11-25 13:11 - 00000000 ____D C:\Users\ANdrejovko\AppData\Local\LogMeIn Hamachi
2014-01-11 14:25 - 2013-02-16 11:20 - 00000000 ____D C:\Users\deti.ntb-HP\AppData\Local\LogMeIn Hamachi
2014-01-11 14:24 - 2011-12-25 10:13 - 00001417 _____ C:\Users\deti.ntb-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-11 09:35 - 2013-11-25 13:10 - 00000000 ____D C:\Users\ANdrejovko\AppData\Local\VirtualStore
2014-01-11 09:31 - 2013-11-25 13:11 - 00001417 _____ C:\Users\ANdrejovko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-06 21:54 - 2014-01-06 21:54 - 00605152 _____ C:\Users\ntb\Downloads\PHPWebQuiz (1).zip
2014-01-01 19:20 - 2014-01-01 19:20 - 00605152 _____ C:\Users\ntb\Downloads\PHPWebQuiz.zip
2014-01-01 17:26 - 2014-01-01 17:26 - 00000000 ____D C:\Users\ntb\AppData\Roaming\PotPlayerMini64
2014-01-01 17:26 - 2014-01-01 17:26 - 00000000 ____D C:\Users\ntb\AppData\Local\Daum
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Users\ntb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2014-01-01 17:25 - 2014-01-01 17:25 - 00000000 ____D C:\Program Files\DAUM
2014-01-01 17:24 - 2014-01-01 17:23 - 14263255 _____ C:\Users\ntb\Downloads\PotPlayer1.5.39659-x64.EXE
2014-01-01 14:48 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-29 23:14 - 2013-12-29 23:14 - 00395776 _____ C:\Users\ntb\Downloads\II_Uloha_udrzby_Riadnie.ppt
2013-12-29 11:08 - 2013-12-29 11:08 - 00411648 _____ C:\Users\ntb\Downloads\Prednaska_dvanast_02.ppt
2013-12-29 11:03 - 2013-12-29 11:03 - 00017408 _____ C:\Users\ntb\Downloads\chi2.xls
2013-12-29 09:30 - 2012-10-27 20:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-28 15:04 - 2013-12-28 15:04 - 00274944 _____ C:\Users\ntb\Downloads\Prednaska_desat_02.ppt
2013-12-28 14:07 - 2013-12-28 14:07 - 00589824 _____ C:\Users\ntb\Downloads\prednáška5.ppt
2013-12-28 12:08 - 2013-12-28 12:08 - 00887808 _____ C:\Users\ntb\Downloads\STATISTIKA.ppt
2013-12-28 10:45 - 2013-12-28 10:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-23 09:41 - 2013-12-23 09:41 - 00070656 _____ (Anthoria) C:\Users\ntb\Downloads\Anthoria_Launcher.exe

Some content of TEMP:
====================
C:\Users\ANdrejovko\AppData\Local\Temp\bdfilters.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\COMAP.EXE
C:\Users\deti.ntb-HP\AppData\Local\Temp\EAD61CE.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel0.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel1.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-3-gcb9cb15.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.1-b2561jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-9-g65324d6-b2632jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.1-R0.1-21-g49b0699-b2754jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2889jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-2891.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\NGMSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\AcDeltree.exe
C:\Users\ntb\AppData\Local\Temp\EAD32C2.exe
C:\Users\ntb\AppData\Local\Temp\EADBEDB.exe
C:\Users\ntb\AppData\Local\Temp\EADEB76.exe
C:\Users\ntb\AppData\Local\Temp\Extract.exe
C:\Users\ntb\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\ntb\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\NGMDll.dll
C:\Users\ntb\AppData\Local\Temp\NGMResource.dll
C:\Users\ntb\AppData\Local\Temp\Quarantine.exe
C:\Users\ntb\AppData\Local\Temp\SP49525.exe
C:\Users\ntb\AppData\Local\Temp\SP50948.exe
C:\Users\ntb\AppData\Local\Temp\SP51059.exe
C:\Users\ntb\AppData\Local\Temp\SP51650.exe
C:\Users\ntb\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\unicows.dll
C:\Users\ntb\AppData\Local\Temp\UninstallEADM.dll
C:\Users\ntb\AppData\Local\Temp\Uninstaller-4340.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ntb\Desktop" je 328 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk
C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE -det [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001

==================== End Of Log ==============================

#7 Příspěvek od **vyosek** » 20 led 2014 04:45

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [msfmyrlgSrv] - C:\Windows\inf\msfmyrlg.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-16] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [] 
MountPoints2: E - E:\autorun.exe
MountPoints2: {02d976b5-7f44-11e1-8faa-3c4a92548f94} - H:\Autorun.exe
MountPoints2: {02d976ca-7f44-11e1-8faa-3c4a92548f94} - I:\Autorun.exe
HKU\ANdrejovko\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\ANdrejovko\...\Policies\system: [LogonHoursAction] 2
HKU\ANdrejovko\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\deti.ntb-HP\...\Run: [Google Update] - C:\Users\deti.ntb-HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-01] (Google Inc.)
HKU\deti.ntb-HP\...\Run: [Akamai NetSession Interface] - C:\Users\deti.ntb-HP\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\deti.ntb-HP\...\Run: [Facebook Update] - C:\Users\deti.ntb-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-03] (Facebook Inc.)
HKU\deti.ntb-HP\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\deti.ntb-HP\...\Policies\system: [DisableLockWorkstation] 0
HKU\deti.ntb-HP\...\Policies\system: [DisableChangePassword] 0
HKU\deti.ntb-HP\...\Policies\system: [LogonHoursAction] 2
HKU\deti.ntb-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPCON/6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... 4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... 4?satitle={searchTerms}&mfe=Notebooks
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
CHR Extension: (Pe\u0148a\u017Eenka Google) - C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

2014-01-19 10:07 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Desktop\FRSTLauncher.exe
2014-01-19 10:06 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Downloads\FRSTLauncher.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Downloads\FRST64.exe
2014-01-19 08:55 - 2014-01-19 08:55 - 00028950 _____ C:\Users\ntb\Desktop\JRT.txt
2014-01-18 22:01 - 2014-01-18 22:00 - 01236282 _____ C:\Users\ntb\Desktop\adwcleaner.exe
2014-01-18 22:00 - 2014-01-18 22:06 - 00552798 _____ C:\Users\ntb\Downloads\adwcleaner (1).exe
2014-01-18 21:58 - 2014-01-18 21:52 - 01037068 _____ (Thisisu) C:\Users\ntb\Desktop\JRT.exe
2014-01-18 21:53 - 2014-01-18 22:04 - 01236282 _____ C:\Users\ntb\Downloads\adwcleaner.exe
2014-01-18 21:51 - 2014-01-18 21:58 - 01037068 _____ (Thisisu) C:\Users\ntb\Downloads\JRT.exe
2014-01-18 20:24 - 2014-01-18 20:27 - 00935175 _____ C:\Users\ntb\Downloads\RSITx64 (1).exe

C:\Windows\inf\msfmyrlg.vbe 
C:\Windows\inf\ntvdm.vbe
C:\Users\ANdrejovko\AppData\Local\Temp\bdfilters.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\COMAP.EXE
C:\Users\deti.ntb-HP\AppData\Local\Temp\EAD61CE.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel0.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel1.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-3-gcb9cb15.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.1-b2561jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-9-g65324d6-b2632jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.1-R0.1-21-g49b0699-b2754jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2889jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-2891.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\NGMSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\AcDeltree.exe
C:\Users\ntb\AppData\Local\Temp\EAD32C2.exe
C:\Users\ntb\AppData\Local\Temp\EADBEDB.exe
C:\Users\ntb\AppData\Local\Temp\EADEB76.exe
C:\Users\ntb\AppData\Local\Temp\Extract.exe
C:\Users\ntb\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\ntb\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\NGMDll.dll
C:\Users\ntb\AppData\Local\Temp\NGMResource.dll
C:\Users\ntb\AppData\Local\Temp\Quarantine.exe
C:\Users\ntb\AppData\Local\Temp\SP49525.exe
C:\Users\ntb\AppData\Local\Temp\SP50948.exe
C:\Users\ntb\AppData\Local\Temp\SP51059.exe
C:\Users\ntb\AppData\Local\Temp\SP51650.exe
C:\Users\ntb\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\unicows.dll
C:\Users\ntb\AppData\Local\Temp\UninstallEADM.dll
C:\Users\ntb\AppData\Local\Temp\Uninstaller-4340.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk" /f

Hosts:

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

kikirik · #8 Příspěvek od **kikirik** » 20 led 2014 13:26

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2014 04
Ran by ntb at 2014-01-20 13:20:25 Run:1
Running from C:\Users\ntb\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [msfmyrlgSrv] - C:\Windows\inf\msfmyrlg.vbe [1558 2013-08-27] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-16] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: []
MountPoints2: E - E:\autorun.exe
MountPoints2: {02d976b5-7f44-11e1-8faa-3c4a92548f94} - H:\Autorun.exe
MountPoints2: {02d976ca-7f44-11e1-8faa-3c4a92548f94} - I:\Autorun.exe
HKU\ANdrejovko\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\ANdrejovko\...\Policies\system: [LogonHoursAction] 2
HKU\ANdrejovko\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\deti.ntb-HP\...\Run: [Google Update] - C:\Users\deti.ntb-HP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-01] (Google Inc.)
HKU\deti.ntb-HP\...\Run: [Akamai NetSession Interface] - C:\Users\deti.ntb-HP\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\deti.ntb-HP\...\Run: [Facebook Update] - C:\Users\deti.ntb-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-03] (Facebook Inc.)
HKU\deti.ntb-HP\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2044 2013-11-15] ()
HKU\deti.ntb-HP\...\Policies\system: [DisableLockWorkstation] 0
HKU\deti.ntb-HP\...\Policies\system: [DisableChangePassword] 0
HKU\deti.ntb-HP\...\Policies\system: [LogonHoursAction] 2
HKU\deti.ntb-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPCON/6
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... 4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/724-11108 ... 4?satitle={searchTerms}&mfe=Notebooks
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()

CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
CHR Extension: (Pe\u0148a\u017Eenka Google) - C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

2014-01-19 10:07 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Desktop\FRSTLauncher.exe
2014-01-19 10:06 - 2014-01-19 10:06 - 00112640 _____ (forum.viry.cz) C:\Users\ntb\Downloads\FRSTLauncher.exe
2014-01-19 10:02 - 2014-01-19 10:02 - 02076160 _____ (Farbar) C:\Users\ntb\Downloads\FRST64.exe
2014-01-19 08:55 - 2014-01-19 08:55 - 00028950 _____ C:\Users\ntb\Desktop\JRT.txt
2014-01-18 22:01 - 2014-01-18 22:00 - 01236282 _____ C:\Users\ntb\Desktop\adwcleaner.exe
2014-01-18 22:00 - 2014-01-18 22:06 - 00552798 _____ C:\Users\ntb\Downloads\adwcleaner (1).exe
2014-01-18 21:58 - 2014-01-18 21:52 - 01037068 _____ (Thisisu) C:\Users\ntb\Desktop\JRT.exe
2014-01-18 21:53 - 2014-01-18 22:04 - 01236282 _____ C:\Users\ntb\Downloads\adwcleaner.exe
2014-01-18 21:51 - 2014-01-18 21:58 - 01037068 _____ (Thisisu) C:\Users\ntb\Downloads\JRT.exe
2014-01-18 20:24 - 2014-01-18 20:27 - 00935175 _____ C:\Users\ntb\Downloads\RSITx64 (1).exe

C:\Windows\inf\msfmyrlg.vbe
C:\Windows\inf\ntvdm.vbe
C:\Users\ANdrejovko\AppData\Local\Temp\bdfilters.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ANdrejovko\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\COMAP.EXE
C:\Users\deti.ntb-HP\AppData\Local\Temp\EAD61CE.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel0.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel1.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-3-gcb9cb15.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.1-b2561jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-9-g65324d6-b2632jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.1-R0.1-21-g49b0699-b2754jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2889jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-2891.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\NGMSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\AcDeltree.exe
C:\Users\ntb\AppData\Local\Temp\EAD32C2.exe
C:\Users\ntb\AppData\Local\Temp\EADBEDB.exe
C:\Users\ntb\AppData\Local\Temp\EADEB76.exe
C:\Users\ntb\AppData\Local\Temp\Extract.exe
C:\Users\ntb\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\ntb\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ntb\AppData\Local\Temp\NGMDll.dll
C:\Users\ntb\AppData\Local\Temp\NGMResource.dll
C:\Users\ntb\AppData\Local\Temp\Quarantine.exe
C:\Users\ntb\AppData\Local\Temp\SP49525.exe
C:\Users\ntb\AppData\Local\Temp\SP50948.exe
C:\Users\ntb\AppData\Local\Temp\SP51059.exe
C:\Users\ntb\AppData\Local\Temp\SP51650.exe
C:\Users\ntb\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\ntb\AppData\Local\Temp\unicows.dll
C:\Users\ntb\AppData\Local\Temp\UninstallEADM.dll
C:\Users\ntb\AppData\Local\Temp\Uninstaller-4340.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk" /f

Hosts:

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msfmyrlgSrv => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NCPluginUpdater => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02d976b5-7f44-11e1-8faa-3c4a92548f94} => Key deleted successfully.
HKCR\CLSID\{02d976b5-7f44-11e1-8faa-3c4a92548f94} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02d976ca-7f44-11e1-8faa-3c4a92548f94} => Key deleted successfully.
HKCR\CLSID\{02d976ca-7f44-11e1-8faa-3c4a92548f94} => Key not found.
HKU\ANdrejovko\Software\Microsoft\Windows\CurrentVersion\Run\\ZumoDrive => Value deleted successfully.
HKU\ANdrejovko\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\ANdrejovko\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Run\\ZumoDrive => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\deti.ntb-HP\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key deleted successfully.
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => Key deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll => Moved successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll not found.
C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
"C:\Users\ntb\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\ntb\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Users\ntb\Downloads\FRST64.exe => Moved successfully.
C:\Users\ntb\Desktop\JRT.txt => Moved successfully.
C:\Users\ntb\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\ntb\Downloads\adwcleaner (1).exe => Moved successfully.
C:\Users\ntb\Desktop\JRT.exe => Moved successfully.
C:\Users\ntb\Downloads\adwcleaner.exe => Moved successfully.
C:\Users\ntb\Downloads\JRT.exe => Moved successfully.
C:\Users\ntb\Downloads\RSITx64 (1).exe => Moved successfully.
C:\Windows\inf\msfmyrlg.vbe => Moved successfully.
C:\Windows\inf\ntvdm.vbe => Moved successfully.
C:\Users\ANdrejovko\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\ANdrejovko\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\ANdrejovko\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\EAD61CE.exe => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\i4jdel1.exe => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-3-gcb9cb15.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.1-b2561jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-9-g65324d6-b2632jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.1-R0.1-21-g49b0699-b2754jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2889jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-b2879jnks.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-2891.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\deti.ntb-HP\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\EAD32C2.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\EADBEDB.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\EADEB76.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\FNP_ACT_InstallerCA.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\SP49525.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\SP50948.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\SP51059.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\SP51650.exe => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\swt-gdip-win32-3448.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
C:\Users\ntb\AppData\Local\Temp\Uninstaller-4340.exe => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f =========

Oper cia sa Łspeçne dokonźila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f =========

Oper cia sa Łspeçne dokonźila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive" /f =========

Oper cia sa Łspeçne dokonźila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive" /f =========

Oper cia sa Łspeçne dokonźila.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk" /f =========

Oper cia sa Łspeçne dokonźila.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

#9 Příspěvek od **vyosek** » 20 led 2014 17:56

Jak se chova PC?

kikirik · #10 Příspěvek od **kikirik** » 20 led 2014 18:05

po spustení je všetko OK, ale akonáhle spustím prehliadač, skúšala som chrome aj mozillu, tak sa všetko spomalí a znovu sa pohybuje využitie procesora 80 až 100%

#11 Příspěvek od **vyosek** » 20 led 2014 18:08

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Pokud budet stale problem, tak napiste

kikirik · #12 Příspěvek od **kikirik** » 20 led 2014 22:19

problém sa nevyriešil, dokonca znovu po spustení je to pomalé a procesor ide na 100%. Teraz som si všimla, že aj zvuk sa prehráva , tak akoby chrapľavo, nie čisto.

#13 Příspěvek od **vyosek** » 20 led 2014 22:56

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

kikirik · #14 Příspěvek od **kikirik** » 21 led 2014 08:32

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/21/2014 07:23:10 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1768) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/21/2014 07:27:50 AM
Execution time: 0 hours(s), 4 minute(s), and 40 seconds(s)

kikirik · #15 Příspěvek od **kikirik** » 21 led 2014 08:34

ComboFix 14-01-16.03 - ntb . 01. 2014 7:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3894.2451 [GMT 1:00]
Running from: c:\users\ntb\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-12-21 to 2014-01-21 )))))))))))))))))))))))))))))))
.
.
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\users\deti.ntb-HP\AppData\Local\temp
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-21 06:57 . 2014-01-21 06:57 -------- d-----w- c:\users\ANdrejovko\AppData\Local\temp
2014-01-20 20:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A2E25A8-A413-4891-A737-0349D748994C}\mpengine.dll
2014-01-19 18:21 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-18 22:06 . 2014-01-18 22:06 -------- d-----w- c:\windows\ERUNT
2014-01-18 19:33 . 2014-01-18 19:35 -------- d-----w- c:\program files\trend micro
2014-01-18 16:52 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 21:08 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 21:08 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 21:08 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 21:08 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 21:08 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 21:08 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 21:08 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 21:08 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 21:08 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-01 16:26 . 2014-01-01 16:26 -------- d-----w- c:\users\ntb\AppData\Roaming\PotPlayerMini64
2014-01-01 16:26 . 2014-01-01 16:26 -------- d-----w- c:\users\ntb\AppData\Local\Daum
2014-01-01 16:25 . 2014-01-01 16:25 -------- d-----w- c:\program files\DAUM
2013-12-28 09:42 . 2013-12-28 09:45 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2011-06-16 09:21 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-15 23:13 . 2011-06-16 09:25 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-16 15:33 . 2012-04-16 16:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-16 15:33 . 2011-06-18 07:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 21:56 . 2013-12-04 21:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 21:56 . 2013-12-04 21:56 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 21:56 . 2013-12-04 21:56 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 21:56 . 2013-12-04 21:56 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 21:56 . 2013-12-04 21:55 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 21:55 . 2013-12-04 21:55 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 21:55 . 2013-12-04 21:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-04 21:55 . 2013-12-04 21:55 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-04 21:55 . 2013-12-04 21:55 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 21:55 . 2013-12-04 21:55 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 21:55 . 2013-12-04 21:55 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 21:55 . 2013-12-04 21:55 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 21:55 . 2013-12-04 21:55 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 21:55 . 2013-12-04 21:55 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 21:55 . 2013-12-04 21:55 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 21:55 . 2013-12-04 21:55 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 21:55 . 2013-12-04 21:55 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 21:55 . 2013-12-04 21:55 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 21:55 . 2013-12-04 21:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-04 21:55 . 2013-12-04 21:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 21:55 . 2013-12-04 21:55 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 21:55 . 2013-12-04 21:55 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 21:55 . 2013-12-04 21:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-04 21:55 . 2013-12-04 21:55 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 21:55 . 2013-12-04 21:55 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 21:55 . 2013-12-04 21:55 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 21:55 . 2013-12-04 21:55 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 21:55 . 2013-12-04 21:55 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 21:55 . 2013-12-04 21:55 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-04 21:55 . 2013-12-04 21:55 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 21:55 . 2013-12-04 21:55 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 21:55 . 2013-12-04 21:55 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 21:55 . 2013-12-04 21:55 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 21:55 . 2013-12-04 21:55 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 21:55 . 2013-12-04 21:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 21:55 . 2013-12-04 21:55 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 21:55 . 2013-12-04 21:55 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 21:55 . 2013-12-04 21:55 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 21:55 . 2013-12-04 21:55 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 21:55 . 2013-12-04 21:55 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 21:55 . 2013-12-04 21:55 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 21:55 . 2013-12-04 21:55 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 21:55 . 2013-12-04 21:55 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 21:55 . 2013-12-04 21:55 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 21:55 . 2013-12-04 21:55 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 21:55 . 2013-12-04 21:55 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 21:55 . 2013-12-04 21:55 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 21:55 . 2013-12-04 21:55 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-04 21:55 . 2013-12-04 21:55 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 21:55 . 2013-12-04 21:55 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-04 21:55 . 2013-12-04 21:55 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 21:55 . 2013-12-04 21:55 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 21:55 . 2013-12-04 21:55 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 21:55 . 2013-12-04 21:55 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 21:55 . 2013-12-04 21:55 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 21:55 . 2013-12-04 21:55 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 21:55 . 2013-12-04 21:55 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 21:55 . 2013-12-04 21:55 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-04 21:55 . 2013-12-04 21:55 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-10 21:03 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-10 21:03 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-10 21:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-10 21:03 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-10 21:03 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-10 21:03 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-10 21:03 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-10 21:03 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-10 21:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-10 21:03 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-10 21:03 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-10 21:03 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-10 21:03 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-10 21:03 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-10 21:03 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-10 21:03 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-10 21:03 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-10 21:03 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-10 21:03 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-10 21:03 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-10 21:03 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-10 21:03 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-10 21:03 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-10 21:03 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-10 20:39 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 20:39 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-15 14:19 . 2013-11-15 14:19 158976 ----a-w- c:\windows\system32\drivers\Impcd.sys
2013-11-12 02:23 . 2013-12-10 20:39 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 20:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-10 20:39 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-10 20:39 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-08-19 19:02 . 2013-08-19 19:02 51992 ----a-w- c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:33]
.
2014-01-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
- c:\users\deti.ntb-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-03 08:37]
.
2014-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
- c:\users\deti.ntb-HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-03 08:37]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000Core.job
- c:\users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:25]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1000UA.job
- c:\users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-16 16:25]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005Core.job
- c:\users\deti.ntb-HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 13:27]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255258162-3851658991-3524058132-1005UA.job
- c:\users\deti.ntb-HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-01 13:27]
.
2014-01-17 c:\windows\Tasks\HPCeeScheduleForNTB-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2014-01-17 c:\windows\Tasks\HPCeeScheduleForntb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-31 790176]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-31 657056]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\ntb\AppData\Roaming\Mozilla\Firefox\Profiles\78xc584o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-soe-PlanetSide 2 - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-21 08:28:59
ComboFix-quarantined-files.txt 2014-01-21 07:28
.
Pre-Run: 132 306 767 872 bytes free
Post-Run: 132 214 599 680 bytes free
.
- - End Of File - - B023FDC562ECB8D3AC1D58F8AC902F94

VIRY.CZ

CPU 100%

CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%

Re: CPU 100%