VIRY.CZ

Zdravim, je to cca asi 14 dni, co se zacal ntb vyrazne zpomalovat.
Delsi start, delsi nacitani stranek, video se obcas zadrhava, ale zvuk je plynuly, pomalejsi otvirani slozek...
Zkousel jsem obnovit system do stavu pred temi 14 dny, ale potize zustavaji a navic pri obnoveni prestanou fungovat usb porty a bluetooth.
Vytvoril jsem log FRST, ktery prikladam a prosim nekoho zasveceneho o prekontrolovani.
Diky za jakoukoli pomoc.




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Admin (administrator) on ADMIN-PC on 24-01-2014 22:54:44
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [Google Update] - C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
MountPoints2: {18dc6f7c-8e55-11e2-aeaf-001374000000} - G:\Autorun.exe
MountPoints2: {18dc6f86-8e55-11e2-aeaf-001374000000} - G:\Autorun.exe
MountPoints2: {6f078a7d-1e57-11e3-a47d-047d7b6a4ff6} - G:\Autorun.exe
HKU\Default\...\Run: [T-Mobile CManager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\Default User\...\Run: [T-Mobile CManager] - C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\Windows\SysWow64\SoftAheadCert.dll (SoftAhead Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.cz/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=n9602-150&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5170222146584100&o=APN10640&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Admin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Admin\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DownloadHelper - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-12]
FF Extension: Screengrab (fix version) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2013-04-03]
FF Extension: Greasemonkey - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Admin\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Google Update) - C:\Users\Admin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Angry Birds) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-09-16]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-16]
CHR Extension: (Tampermonkey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-07-08]
CHR Extension: (TV program) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo [2012-09-16]
CHR Extension: (Peněženka Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-04]

==================== Services (Whitelisted) =================

S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-05-07] (SafeNet, Inc)

==================== Drivers (Whitelisted) ====================

S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)
S3 cpuz135; C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-16] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2011-09-09] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 22:54 - 2014-01-24 22:56 - 00017082 _____ C:\Users\Admin\Desktop\FRST.txt
2014-01-24 22:52 - 2014-01-24 22:52 - 00000000 ____D C:\FRST
2014-01-24 22:46 - 2014-01-24 22:44 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2014-01-24 22:46 - 2014-01-24 20:22 - 02077696 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-01-23 23:55 - 2014-01-23 23:55 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-23 22:43 - 2014-01-24 21:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-01-22 09:46 - 2014-01-24 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-21 22:25 - 2014-01-21 22:17 - 00450669 ____R C:\Windows\system32\Drivers\etc\hosts.20140121-222504.backup
2014-01-21 22:17 - 2013-12-03 11:34 - 00000854 _____ C:\Windows\system32\Drivers\etc\hosts.20140121-221703.backup
2014-01-21 21:58 - 2014-01-24 19:07 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-21 21:57 - 2014-01-21 21:57 - 00001382 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-21 21:56 - 2014-01-24 19:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-21 21:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-21 21:55 - 2014-01-24 19:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-21 21:53 - 2014-01-21 21:54 - 00031922 _____ C:\Users\Admin\Documents\cc_20140121_215352.reg
2014-01-21 18:45 - 2014-01-23 22:43 - 00000000 ____D C:\ProgramData\Oracle
2014-01-21 18:44 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 18:43 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 18:43 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 18:43 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 18:41 - 2014-01-21 18:43 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-19 20:24 - 2014-01-24 18:54 - 00000000 ____D C:\ProgramData\T-Mobile
2014-01-19 20:23 - 2014-01-19 20:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\T-Mobile
2014-01-19 20:23 - 2014-01-19 20:23 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2014-01-19 19:47 - 2014-01-19 19:47 - 00001207 _____ C:\Users\Admin\Desktop\T-Mobile Internet Manager.lnk
2014-01-19 19:46 - 2014-01-24 19:05 - 00000000 ____D C:\Users\Administrator
2014-01-19 19:46 - 2014-01-24 18:54 - 00000000 ____D C:\Program Files (x86)\T-Mobile
2014-01-19 19:46 - 2014-01-19 19:47 - 00001207 _____ C:\Users\Administrator\Desktop\T-Mobile Internet Manager.lnk
2014-01-19 00:46 - 2014-01-19 00:55 - 00000000 ____D C:\dvd
2014-01-19 00:43 - 2011-03-23 10:46 - 00000111 _____ C:\Users\Admin\Desktop\EASEUS Backup Tool.url
2014-01-15 00:43 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 00:43 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 00:42 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 01:43 - 2014-01-12 01:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MPC-HC
2014-01-12 01:14 - 2014-01-24 19:09 - 00000000 ____D C:\Users\Admin\Documents\CodecSettingsBackup20140112
2014-01-04 21:48 - 2014-01-04 21:48 - 00013858 _____ C:\Users\Admin\Documents\cc_20140104_214808.reg
2014-01-04 21:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-04 21:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-04 21:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-01-04 21:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-01-04 20:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-01-04 20:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-04 20:51 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-04 20:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-01-04 20:03 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-04 20:03 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-04 20:03 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-04 20:03 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-04 20:03 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-04 20:03 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-04 20:03 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-04 20:03 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-04 20:03 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-04 20:03 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-04 20:03 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-04 20:03 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-04 20:03 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-04 20:03 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-04 20:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-04 20:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-04 20:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-04 20:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-04 20:02 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-04 20:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-04 20:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-04 20:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-04 20:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-04 20:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-04 20:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-04 20:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-04 20:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-04 20:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-04 20:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-04 20:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-04 20:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-02 22:26 - 2014-01-19 23:04 - 00022739 _____ C:\Users\Admin\Desktop\niborea ulohy.txt
2013-12-30 01:34 - 2013-12-31 01:57 - 00000000 ____D C:\Users\Admin\brickstore-cache
2013-12-30 01:32 - 2013-12-30 01:32 - 00002505 _____ C:\Users\Public\Desktop\BrickStore.lnk
2013-12-30 01:32 - 2013-12-30 01:32 - 00000000 ____D C:\Program Files (x86)\SoftForge

==================== One Month Modified Files and Folders =======

2014-01-24 22:56 - 2014-01-24 22:54 - 00017082 _____ C:\Users\Admin\Desktop\FRST.txt
2014-01-24 22:52 - 2014-01-24 22:52 - 00000000 ____D C:\FRST
2014-01-24 22:51 - 2012-07-24 06:45 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2014-01-24 22:45 - 2012-06-04 09:27 - 01237253 _____ C:\Windows\WindowsUpdate.log
2014-01-24 22:44 - 2014-01-24 22:46 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2014-01-24 22:23 - 2013-05-28 00:55 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 22:11 - 2012-08-16 07:29 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-24 22:01 - 2012-09-16 00:19 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000UA.job
2014-01-24 21:31 - 2012-07-21 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 21:04 - 2014-01-23 22:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-01-24 20:22 - 2014-01-24 22:46 - 02077696 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-01-24 19:55 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 19:55 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 19:46 - 2013-05-28 00:55 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 19:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 19:14 - 2012-06-20 15:48 - 00000000 ____D C:\Users\Admin
2014-01-24 19:13 - 2013-07-04 09:16 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2014-01-24 19:12 - 2013-07-04 09:15 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2014-01-24 19:12 - 2013-07-04 09:15 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2014-01-24 19:09 - 2014-01-12 01:14 - 00000000 ____D C:\Users\Admin\Documents\CodecSettingsBackup20140112
2014-01-24 19:07 - 2014-01-21 21:58 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2014-01-24 19:05 - 2014-01-19 19:46 - 00000000 ____D C:\Users\Administrator
2014-01-24 19:05 - 2013-10-04 17:46 - 00000000 ____D C:\Users\Admin\Desktop\fotky zuzka
2014-01-24 19:05 - 2012-09-16 00:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-01-24 19:04 - 2014-01-22 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 19:04 - 2014-01-21 21:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-24 19:04 - 2014-01-21 21:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-24 19:04 - 2013-12-03 11:57 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-24 19:04 - 2013-09-16 19:10 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-24 19:04 - 2013-04-13 20:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2014-01-24 19:04 - 2012-12-19 01:15 - 00000000 ____D C:\Program Files\CCleaner
2014-01-24 19:04 - 2012-08-11 21:45 - 00000000 ____D C:\RO
2014-01-24 19:04 - 2012-05-04 14:56 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2014-01-24 19:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-24 18:54 - 2014-01-19 20:24 - 00000000 ____D C:\ProgramData\T-Mobile
2014-01-24 18:54 - 2014-01-19 19:46 - 00000000 ____D C:\Program Files (x86)\T-Mobile
2014-01-24 18:53 - 2013-03-09 16:19 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-24 18:37 - 2013-04-13 20:21 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2014-01-24 18:31 - 2012-08-15 22:58 - 00000000 ____D C:\Users\Admin\AppData\Roaming\VitySoft
2014-01-24 06:51 - 2012-09-16 00:19 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000Core.job
2014-01-23 23:55 - 2014-01-23 23:55 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-23 22:43 - 2014-01-21 18:45 - 00000000 ____D C:\ProgramData\Oracle
2014-01-21 22:17 - 2014-01-21 22:25 - 00450669 ____R C:\Windows\system32\Drivers\etc\hosts.20140121-222504.backup
2014-01-21 21:57 - 2014-01-21 21:57 - 00001382 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-21 21:54 - 2014-01-21 21:53 - 00031922 _____ C:\Users\Admin\Documents\cc_20140121_215352.reg
2014-01-21 21:52 - 2012-12-19 01:15 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-21 19:04 - 2012-08-11 22:59 - 00000668 _____ C:\Users\Public\Desktop\Reborn.lnk
2014-01-21 18:43 - 2014-01-21 18:41 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-21 01:52 - 2009-07-14 05:45 - 00371016 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 08:52 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2014-01-20 08:50 - 2013-08-08 11:25 - 00000000 ____D C:\Windows\system32\MRT
2014-01-20 08:41 - 2012-07-24 07:04 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 23:04 - 2014-01-02 22:26 - 00022739 _____ C:\Users\Admin\Desktop\niborea ulohy.txt
2014-01-19 20:23 - 2014-01-19 20:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\T-Mobile
2014-01-19 20:23 - 2014-01-19 20:23 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2014-01-19 19:47 - 2014-01-19 19:47 - 00001207 _____ C:\Users\Admin\Desktop\T-Mobile Internet Manager.lnk
2014-01-19 19:47 - 2014-01-19 19:46 - 00001207 _____ C:\Users\Administrator\Desktop\T-Mobile Internet Manager.lnk
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-19 00:55 - 2014-01-19 00:46 - 00000000 ____D C:\dvd
2014-01-14 23:06 - 2011-04-12 09:34 - 00669116 _____ C:\Windows\system32\perfh005.dat
2014-01-14 23:06 - 2011-04-12 09:34 - 00141744 _____ C:\Windows\system32\perfc005.dat
2014-01-14 23:06 - 2009-07-14 06:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-12 01:43 - 2014-01-12 01:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MPC-HC
2014-01-11 11:13 - 2013-11-17 21:09 - 00007389 _____ C:\Users\Admin\Desktop\Nový textový dokument.txt
2014-01-11 02:18 - 2013-11-05 00:59 - 00285696 _____ C:\Users\Admin\Desktop\ikariam.xls
2014-01-04 21:48 - 2014-01-04 21:48 - 00013858 _____ C:\Users\Admin\Documents\cc_20140104_214808.reg
2014-01-04 21:00 - 2012-05-04 12:26 - 01560204 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-01 23:18 - 2013-12-05 20:29 - 00000000 ____D C:\zaloha
2014-01-01 16:04 - 2013-10-21 12:06 - 00001124 _____ C:\Users\Admin\Desktop\MyHeritage Family Tree Builder.lnk
2013-12-31 01:57 - 2013-12-30 01:34 - 00000000 ____D C:\Users\Admin\brickstore-cache
2013-12-30 01:32 - 2013-12-30 01:32 - 00002505 _____ C:\Users\Public\Desktop\BrickStore.lnk
2013-12-30 01:32 - 2013-12-30 01:32 - 00000000 ____D C:\Program Files (x86)\SoftForge

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 17678 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent
"C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravim

Velikost plochy by nemala prekrocit 200 - 300 MB. Vy mate 17678 MB. Udelejte tam poradek

Odinstalujte Spybota, program je zastaraly a v podstate k nicemu.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

- plocha uklizena
- spybot odinstalovan
- zde je log adw cleaner

# AdwCleaner v3.017 - Report created 25/01/2014 at 11:16:29
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\searchplugins\Ask.xml
Folder Found C:\Program Files (x86)\optimizer pro
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\Users\Admin\AppData\Local\thinstall
Folder Found C:\Users\Admin\AppData\Roaming\thinstall
Folder Found C:\Users\Admin\Documents\optimizer pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\BI
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BI
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SafetyNut
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=n9602-150&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5170222146584100&o=APN10640&q=");

-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4717 octets] - [25/01/2014 11:16:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4777 octets] ##########

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zase zkopirujte.


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

zde je log z AdwCleaner:

# AdwCleaner v3.017 - Report created 25/01/2014 at 21:55:06
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Users\Admin\AppData\Local\thinstall
Folder Deleted : C:\Users\Admin\AppData\Roaming\thinstall
Folder Deleted : C:\Users\Admin\Documents\optimizer pro
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=100&systemid=473&v=n9602-150&apn_dtid=BND473&apn_ptnrs=AG1&apn_uid=5170222146584100&o=APN10640&q=");

-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4869 octets] - [25/01/2014 11:16:29]
AdwCleaner[S0].txt - [4829 octets] - [25/01/2014 21:55:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4889 octets] ##########

Toto je OK, tak jeste ten MBAM

tak uz mam i ten MBAM... trosku se to protahlo a i me samotneho ty 4 hodiny scanu prekvapily
kazdopadne z tech 4 nalezenych souboru je nejnovejsi tento Photofunstudio-8.1-Premium-Edition_downloader.exe,
ktery by cca podle datumu vytvoreni odpovidal zmenam vykonu v systemu
ostatni jsou rok a dele stare a to jsem zadny problem s vykonem nezaznamenaval...


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrátor]

Ochrana: Povolena

25.1.2014 22:15:21
MBAM-log-2014-01-26 (02-20-20).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 447300
Uplynulý čas: 4 hodin, 5 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Downloads\FOTO\fotky zuzka\Photofunstudio-8.1-Premium-Edition_downloader.exe (PUP.Optional.GoForFiles.A) -> Nebyla provedena žádná instrukce.
C:\Downloads\movie managery\Extreme Movie Manager 7.2.2.9\Keygen\Keygen.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files\Applian Technologies\Replay Media Catcher 4\kg.exe (Packer.ModifiedUPX) -> Nebyla provedena žádná instrukce.
C:\Users\Admin\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.

(konec)

To, ze jste predtim nepocitoval zadne priznaky, jeste neznamena, ze ty soubory nedelaly neplechu.

Proto doporucuji odstranit vsechno, pak MBAM odinstalujte.


Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

zde je log MBAM po smazani souboru:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Admin :: ADMIN-PC [administrátor]

Ochrana: Povolena

25.1.2014 22:15:21
mbam-log-2014-01-25 (22-15-21).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 447300
Uplynulý čas: 4 hodin, 5 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Downloads\FOTO\fotky zuzka\Photofunstudio-8.1-Premium-Edition_downloader.exe (PUP.Optional.GoForFiles.A) -> Přesun do karantény a smazání se zdařilo.
C:\Downloads\movie managery\Extreme Movie Manager 7.2.2.9\Keygen\Keygen.exe (Trojan.Agent.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\Applian Technologies\Replay Media Catcher 4\kg.exe (Packer.ModifiedUPX) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Admin\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

a tady je log z RogueKiller:

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Admin [Práva správce]
Mód : Kontrola -- Datum : 01/26/2014 12:05:46
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] {EB3549B9-2F8A-4961-B2FF-F61C372CB264} : C:\Users\Admin\Desktop\nokia hry\nokia_map_ovi\NokiaSoftwareUpdaterSetup_cs.exe [x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5075GSX ATA Device +++++
--- User ---
[MBR] 95aee5fcfb363f791f567ad168f70965
[BSP] e4ce1e6750b3106c73db2ba54b33b8dc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 476738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_01262014_120546.txt >>

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

log po smazani:

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Admin [Práva správce]
Mód : Odebrat -- Datum : 01/26/2014 12:41:16
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [x]) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] {EB3549B9-2F8A-4961-B2FF-F61C372CB264} : C:\Users\Admin\Desktop\nokia hry\nokia_map_ovi\NokiaSoftwareUpdaterSetup_cs.exe [x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5075GSX ATA Device +++++
--- User ---
[MBR] 95aee5fcfb363f791f567ad168f70965
[BSP] e4ce1e6750b3106c73db2ba54b33b8dc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 476738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_D_01262014_124116.txt >>
RKreport[0]_S_01262014_120546.txt


projeto jeste jednou:

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Admin [Práva správce]
Mód : Kontrola -- Datum : 01/26/2014 12:49:07
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5075GSX ATA Device +++++
--- User ---
[MBR] 95aee5fcfb363f791f567ad168f70965
[BSP] e4ce1e6750b3106c73db2ba54b33b8dc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 476738 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_01262014_124907.txt >>
RKreport[0]_D_01262014_124116.txt;RKreport[0]_S_01262014_120546.txt

log po oprave host:


RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Admin [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/26/2014 12:54:08
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost


Dokončeno : << RKreport[0]_H_01262014_125408.txt >>
RKreport[0]_D_01262014_124116.txt;RKreport[0]_S_01262014_120546.txt;RKreport[0]_S_01262014_124907.txt

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix log:

ComboFix 14-01-23.02 - Admin 26.01.2014 19:19:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.7655.6110 [GMT 1:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-26 do 2014-01-26 )))))))))))))))))))))))))))))))
.
.
2014-01-26 18:28 . 2014-01-26 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 10:59 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA5E2ABF-F634-4C2C-A735-ABE52C954224}\mpengine.dll
2014-01-25 21:11 . 2014-01-25 21:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2014-01-25 21:10 . 2014-01-25 21:10 -------- d-----w- c:\programdata\Malwarebytes
2014-01-25 10:16 . 2014-01-25 20:55 -------- d-----w- C:\AdwCleaner
2014-01-25 10:12 . 2013-10-18 01:45 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696CA5BD-85FD-4E74-BA22-9131C01D955B}\gapaengine.dll
2014-01-25 10:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-24 21:52 . 2014-01-24 21:52 -------- d-----w- C:\FRST
2014-01-23 21:43 . 2014-01-24 20:04 -------- d-----w- c:\users\Admin\AppData\Roaming\Media Player Classic
2014-01-21 20:56 . 2014-01-25 09:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-21 20:55 . 2014-01-25 09:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-21 17:45 . 2014-01-23 21:43 -------- d-----w- c:\programdata\Oracle
2014-01-21 17:43 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-19 19:24 . 2014-01-24 17:54 -------- d-----w- c:\programdata\T-Mobile
2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\users\Admin\AppData\Roaming\T-Mobile
2014-01-19 19:23 . 2014-01-19 19:23 -------- d-----w- c:\programdata\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2014-01-19 18:46 . 2014-01-24 18:05 -------- d-----w- c:\users\Administrator
2014-01-19 18:46 . 2014-01-24 18:09 -------- d-----w- c:\program files (x86)\T-Mobile
2014-01-18 23:46 . 2014-01-18 23:55 -------- d-----w- C:\dvd
2014-01-14 23:43 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-14 23:43 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-14 23:43 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-14 23:43 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-14 23:43 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-14 23:43 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-14 23:43 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-14 23:42 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-12 00:43 . 2014-01-12 00:43 -------- d-----w- c:\users\Admin\AppData\Roaming\MPC-HC
2014-01-04 20:05 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-04 20:05 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-04 20:05 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-04 20:05 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-04 20:05 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-04 19:54 . 2014-01-24 18:07 -------- d-----w- c:\windows\Migration
2014-01-04 19:51 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-01-04 19:51 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-04 19:51 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-04 19:51 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-04 19:02 . 2013-11-26 09:16 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-12-30 00:34 . 2013-12-31 00:57 -------- d-----w- c:\users\Admin\brickstore-cache
2013-12-30 00:32 . 2013-12-30 00:32 -------- d-----w- c:\program files (x86)\SoftForge
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 10:48 . 2013-07-04 08:16 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2014-01-26 10:47 . 2013-07-04 08:15 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2014-01-26 10:47 . 2013-07-04 08:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2014-01-20 07:41 . 2012-07-24 06:04 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 22:11 . 2012-07-31 20:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:11 . 2012-05-04 13:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-01 13:10 . 2012-05-04 13:56 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2013-11-19 20:52 . 2013-11-19 20:52 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 20:52 . 2013-11-19 20:52 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 20:52 . 2013-11-19 20:52 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 20:52 . 2013-11-19 20:52 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 20:52 . 2013-11-19 20:52 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 20:52 . 2013-11-19 20:52 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 20:52 . 2013-11-19 20:52 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 20:52 . 2013-11-19 20:52 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 20:52 . 2013-11-19 20:52 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 20:52 . 2013-11-19 20:52 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 20:52 . 2013-11-19 20:52 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 20:52 . 2013-11-19 20:52 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 20:52 . 2013-11-19 20:52 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 20:52 . 2013-11-19 20:52 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 20:52 . 2013-11-19 20:52 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 20:52 . 2013-11-19 20:52 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 20:52 . 2013-11-19 20:52 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 20:52 . 2013-11-19 20:52 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 20:52 . 2013-11-19 20:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 20:52 . 2013-11-19 20:52 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 20:52 . 2013-11-19 20:52 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 20:52 . 2013-11-19 20:52 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 20:52 . 2013-11-19 20:52 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 20:52 . 2013-11-19 20:52 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 20:52 . 2013-11-19 20:52 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 20:52 . 2013-11-19 20:52 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 20:52 . 2013-11-19 20:52 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 20:52 . 2013-11-19 20:52 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 20:52 . 2013-11-19 20:52 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 20:52 . 2013-11-19 20:52 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 20:52 . 2013-11-19 20:52 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 20:52 . 2013-11-19 20:52 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 20:52 . 2013-11-19 20:52 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 20:52 . 2013-11-19 20:52 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 20:52 . 2013-11-19 20:52 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 20:52 . 2013-11-19 20:52 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 20:52 . 2013-11-19 20:52 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 20:52 . 2013-11-19 20:52 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 20:52 . 2013-11-19 20:52 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 20:52 . 2013-11-19 20:52 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 20:52 . 2013-11-19 20:52 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 20:52 . 2013-11-19 20:52 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 20:52 . 2013-11-19 20:52 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 20:52 . 2013-11-19 20:52 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 20:52 . 2013-11-19 20:52 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 20:52 . 2013-11-19 20:52 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 20:52 . 2013-11-19 20:52 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 20:52 . 2013-11-19 20:52 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 20:52 . 2013-11-19 20:52 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 20:52 . 2013-11-19 20:52 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 20:52 . 2013-11-19 20:52 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 20:52 . 2013-11-19 20:52 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 20:52 . 2013-11-19 20:52 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 20:52 . 2013-11-19 20:52 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 20:52 . 2013-11-19 20:52 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 20:52 . 2013-11-19 20:52 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 20:52 . 2013-11-19 20:52 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 20:52 . 2013-11-19 20:52 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 20:52 . 2013-11-19 20:52 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 14:22 . 2013-11-12 14:22 930848 ----a-w- c:\windows\SysWow64\FTBSaver.scr
2013-11-12 02:23 . 2013-12-11 07:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 07:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-5-9 2750376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 rpcnetp;rpcnetp;rpcnetp [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 22:12]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 23:55]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-27 23:55]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 23:19]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-22969171-3203031601-223140152-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 23:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4dirlbcq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-FotoMagica_FotoMagica - c:\windows\system32\FotoMagica_FotoMagica_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-26 19:32:48
ComboFix-quarantined-files.txt 2014-01-26 18:32
.
Před spuštěním: Volných bajtů: 153 437 634 560
Po spuštění: Volných bajtů: 153 928 818 688
.
- - End Of File - - EF65BBD7BC85830AF2B4FD5A8B1D618E
A36C5E4F47E84449FF07ED3517B43A31