Yontoo 2.05

Zpráva

Turess · #1 Příspěvek od **Turess** » 16 bře 2013 13:59

Dobrý deň,
dnes sa mi do počítaču nainštaloval program Yontoo 2.05 nedá sa odinštlovať, a jeden súbor sa nedá ani zmazať. Dosť mi to spomaľuje PC a NOD6 mi to našlo ako vírus, všetko dalo do karantény až na ten jeden súbor. Môžte mi nejako pomôcť prosím vás ?

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ado at 2013-03-16 13:53:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 264 GB (53%) free of 501 GB
Total RAM: 8144 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:57, on 16. 3. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Users\Ado\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ado.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT31769 ... 1DB173DEBF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe"
O4 - HKCU\..\Run: [SearchProtect] C:\Users\Ado\AppData\Roaming\SearchProtect\bin\cltmng.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-367341941-3459530842-4041588067-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-367341941-3459530842-4041588067-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12380 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\lxdncoms.exe -service
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe" "C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe"
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2068
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe"
"C:\Users\Ado\AppData\Roaming\SearchProtect\bin\cltmng.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "https://www.facebook.com/photo.php?fbid ... se_friends"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4868.0.1311082450\2132900803" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.697 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/2/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4868.1.168415053\1828846680" /prefetch:3
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4868.3.1048034393\639176813" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/2/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4868.12.1943947578\1352555918" /prefetch:3
taskeng.exe {45995746-C34C-4D45-8496-99413F1415FF}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Ado\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0fa2b08c940c.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 551400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 209384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 6325936]
"lxdnmon.exe"=C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [2009-01-29 660136]
"lxdnamon"=C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [2009-01-29 16040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-02-25 1602984]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Yontoo Desktop"=C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe [2013-03-13 42784]
"SearchProtect"=C:\Users\Ado\AppData\Roaming\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088]
"FaxCenterServer"=C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [2009-01-29 320168]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
"SearchProtectAll"=C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2013-03-06 2731296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-03-16 13:53:52 ----D---- C:\rsit
2013-03-16 13:53:52 ----D---- C:\Program Files\trend micro
2013-03-16 12:15:33 ----D---- C:\Lexmark ToolBar
2013-03-16 12:14:20 ----D---- C:\Program Files (x86)\Conduit
2013-03-16 12:13:54 ----D---- C:\Program Files (x86)\SearchProtect
2013-03-16 12:13:34 ----D---- C:\Users\Ado\AppData\Roaming\SearchProtect
2013-03-16 12:13:29 ----D---- C:\Users\Ado\AppData\Roaming\Yontoo
2013-03-16 12:13:29 ----D---- C:\Program Files (x86)\Yontoo
2013-03-16 12:13:18 ----D---- C:\Users\Ado\AppData\Roaming\ExpressFiles
2013-03-16 12:13:18 ----D---- C:\ProgramData\Tarma Installer
2013-03-13 22:52:38 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-13 22:52:37 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-13 22:52:37 ----A---- C:\Windows\system32\ieui.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-13 22:52:36 ----A---- C:\Windows\system32\urlmon.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\url.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\jscript9.dll
2013-03-13 22:52:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-13 22:52:35 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\wininet.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\vbscript.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-13 22:52:34 ----A---- C:\Windows\system32\jscript.dll
2013-03-13 22:52:34 ----A---- C:\Windows\system32\iertutil.dll
2013-03-13 22:52:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-13 22:52:32 ----A---- C:\Windows\system32\mshtml.dll
2013-03-13 22:52:32 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 19:07:16 ----D---- C:\Users\Ado\AppData\Roaming\TS3Client
2013-03-13 18:57:22 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2013-03-12 23:34:10 ----D---- C:\ProgramData\vsosdk
2013-03-12 23:23:07 ----D---- C:\Users\Ado\AppData\Roaming\Vso
2013-03-12 23:23:07 ----A---- C:\Users\Ado\AppData\Roaming\pcouffin.sys
2013-03-12 23:23:07 ----A---- C:\Users\Ado\AppData\Roaming\inst.exe
2013-03-12 23:22:51 ----D---- C:\Windows\SYSWOW64\sysdir
2013-03-12 23:22:51 ----D---- C:\ProgramData\Aviosoft
2013-03-12 23:22:51 ----D---- C:\Program Files (x86)\CloneDVD6
2013-03-12 14:39:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-09 12:44:04 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2013-03-09 12:44:04 ----A---- C:\Windows\system32\uxtuneup.dll
2013-03-09 12:41:45 ----A---- C:\Windows\system32\TURegOpt.exe
2013-03-09 12:41:44 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2013-03-09 12:41:44 ----A---- C:\Windows\system32\authuitu.dll
2013-03-09 12:41:23 ----D---- C:\Users\Ado\AppData\Roaming\TuneUp Software
2013-03-09 12:41:09 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013
2013-03-09 12:40:59 ----D---- C:\ProgramData\TuneUp Software
2013-03-09 12:39:20 ----SHD---- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-09 12:39:20 ----HD---- C:\ProgramData\Common Files
2013-03-02 13:10:11 ----D---- C:\Program Files (x86)\SlySoft
2013-02-24 14:08:28 ----D---- C:\ProgramData\Electronic Arts
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\vxblock.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxwave.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxsfs.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxmas.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxinsa64.exe
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxhpinst.exe
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxdrv.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxcpya64.exe
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\pxafs.dll
2013-02-17 14:31:32 ----N---- C:\Windows\SYSWOW64\px.dll
2013-02-17 14:31:31 ----D---- C:\Users\Ado\AppData\Roaming\Winamp
2013-02-17 14:31:31 ----D---- C:\Program Files (x86)\Winamp

======List of files/folders modified in the last 1 months======

2013-03-16 13:53:54 ----D---- C:\Windows\Temp
2013-03-16 13:53:52 ----RD---- C:\Program Files
2013-03-16 13:49:20 ----D---- C:\Users\Ado\AppData\Roaming\Skype
2013-03-16 13:46:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-16 13:46:54 ----RD---- C:\Program Files (x86)
2013-03-16 13:43:26 ----D---- C:\Windows\System32
2013-03-16 13:43:26 ----D---- C:\Windows\inf
2013-03-16 13:43:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-16 13:40:42 ----D---- C:\Windows\system32\config
2013-03-16 13:39:44 ----A---- C:\Windows\SYSWOW64\log.txt
2013-03-16 13:38:10 ----D---- C:\Program Files (x86)\Steam
2013-03-16 13:37:27 ----D---- C:\ProgramData\NVIDIA
2013-03-16 13:37:23 ----D---- C:\Windows
2013-03-16 13:36:58 ----D---- C:\Users\Ado\AppData\Roaming\uTorrent
2013-03-16 12:33:02 ----D---- C:\Windows\SysWOW64
2013-03-16 12:32:57 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-03-16 12:15:33 ----D---- C:\Program Files (x86)\Lexmark Toolbar
2013-03-16 12:13:30 ----D---- C:\Windows\Prefetch
2013-03-16 12:13:18 ----HD---- C:\ProgramData
2013-03-16 12:13:18 ----D---- C:\Windows\system32\Tasks
2013-03-15 18:09:10 ----SHD---- C:\System Volume Information
2013-03-15 18:01:54 ----D---- C:\Windows\rescache
2013-03-14 18:41:22 ----SD---- C:\Users\Ado\AppData\Roaming\Microsoft
2013-03-14 15:56:09 ----D---- C:\ProgramData\Steam
2013-03-14 12:39:45 ----D---- C:\Windows\winsxs
2013-03-14 12:39:19 ----D---- C:\Windows\SYSWOW64\migration
2013-03-14 12:39:19 ----D---- C:\Windows\system32\migration
2013-03-14 12:39:19 ----D---- C:\Windows\AppPatch
2013-03-14 12:39:19 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 12:39:18 ----D---- C:\Program Files\Internet Explorer
2013-03-13 22:53:35 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 22:53:09 ----D---- C:\Windows\system32\catroot2
2013-03-13 22:53:09 ----D---- C:\Windows\system32\catroot
2013-03-13 20:37:46 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-12 17:30:55 ----D---- C:\Program Files (x86)\Elaborate Bytes
2013-03-09 13:12:47 ----SHD---- C:\Windows\Installer
2013-03-08 17:39:59 ----D---- C:\ProgramData\Lx_cats
2013-03-02 18:05:44 ----D---- C:\Windows\system32\drivers
2013-03-02 13:10:13 ----D---- C:\Windows\SYSWOW64\drivers
2013-02-22 23:37:31 ----RSD---- C:\Windows\assembly
2013-02-20 20:44:26 ----D---- C:\Windows\Tasks
2013-02-17 19:56:01 ----SHD---- C:\$Recycle.Bin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 568600]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-11 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 CltMngSvc;Search Protect by Conduit Updater; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-03-06 93984]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 lxdn_device;lxdn_device; C:\Windows\system32\lxdncoms.exe [2008-02-28 1044648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-04 1258856]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-01-25 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-31 2402080]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-03-13 23552]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 116648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [2008-02-28 33960]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-12 115608]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-12-26 4814568]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-08 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 16 bře 2013 14:19

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Turess · #3 Příspěvek od **Turess** » 16 bře 2013 14:44

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 14:45:16
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ado - ADO-PC
# Boot Mode : Normal
# Running from : C:\Users\Ado\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : CltMngSvc
Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Ado\AppData\Local\Conduit
Folder Found : C:\Users\Ado\AppData\Local\Temp\CT3176921
Folder Found : C:\Users\Ado\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\CT3176921
Folder Found : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d}
Folder Found : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\Smartbar
Folder Found : C:\Users\Ado\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Ado\AppData\Roaming\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN92925013319189249&UM=2&UP=SP1DC3AC70-14A6-4464-AF80-F61DB173DEBF

-\\ Mozilla Firefox v19.0 (sk)

File : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\prefs.js

Found : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Found : user_pref("CT3176921.1000082.muteState", "off");
Found : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3176921.FF19Solved", "true");
Found : user_pref("CT3176921.FirstTime", "true");
Found : user_pref("CT3176921.FirstTimeFF3", "true");
Found : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3176921.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT317[...]
Found : user_pref("CT3176921.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Found : user_pref("CT3176921.UserID", "UN23649505732872117");
Found : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3176921.autoDisableScopes", -1);
Found : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3176921.defaultSearch", "true");
Found : user_pref("CT3176921.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Found : user_pref("CT3176921.enableAlerts", "always");
Found : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Found : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Found : user_pref("CT3176921.firstTimeDialogOpened", "true");
Found : user_pref("CT3176921.fixPageNotFoundError", "true");
Found : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3176921.fixUrls", true);
Found : user_pref("CT3176921.homepageuserchanged", true);
Found : user_pref("CT3176921.installDate", "16/3/2013 12:13:33");
Found : user_pref("CT3176921.installId", "stub.exe");
Found : user_pref("CT3176921.installType", "conduitnsisintegration");
Found : user_pref("CT3176921.isCheckedStartAsHidden", true);
Found : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3176921.keyword", "true");
Found : user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3176921.lastVersion", "10.14.65.43");
Found : user_pref("CT3176921.mam_gk_CouponBuddy_appState.enc", "b24=");
Found : user_pref("CT3176921.mam_gk_PriceGong_appState.enc", "b24=");
Found : user_pref("CT3176921.mam_gk_appStateReportTime.enc", "MTM2MzQzODAzMTI0Ng==");
Found : user_pref("CT3176921.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3176921.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Found : user_pref("CT3176921.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3176921.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Found : user_pref("CT3176921.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Found : user_pref("CT3176921.mam_gk_lastLoginTime.enc", "MTM2MzQzODAyNzIzMQ==");
Found : user_pref("CT3176921.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3176921.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3176921.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3176921.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3176921.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3176921.mam_gk_userId.enc", "ZTUwYzY3YjctYjFiNS00ZDIxLTg2ODMtZTE5M2U5YTAwMjk3");
Found : user_pref("CT3176921.mam_gk_user_apps_selection.enc", "");
Found : user_pref("CT3176921.migrateAppsAndComponents", true);
Found : user_pref("CT3176921.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...]
Found : user_pref("CT3176921.openThankYouPage", "false");
Found : user_pref("CT3176921.openUninstallPage", "true");
Found : user_pref("CT3176921.price-gong.isManagedApp", "true");
Found : user_pref("CT3176921.revertSettingsEnabled", "false");
Found : user_pref("CT3176921.search.searchAppId", "10000002");
Found : user_pref("CT3176921.search.searchCount", "0");
Found : user_pref("CT3176921.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363438023738");
Found : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1363438023588");
Found : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363438023470");
Found : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1363438023084");
Found : user_pref("CT3176921.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363438023677");
Found : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363438023562");
Found : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1363438023104");
Found : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1363438022895");
Found : user_pref("CT3176921.serviceLayer_services_setupAPI_lastUpdate", "1363438023371");
Found : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363438023425");
Found : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1363438023112");
Found : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1363438023593");
Found : user_pref("CT3176921.settingsINI", true);
Found : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Found : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Found : user_pref("CT3176921.smartbar.Uninstall", "0");
Found : user_pref("CT3176921.smartbar.homepage", true);
Found : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Found : user_pref("CT3176921.startPage", "true");
Found : user_pref("CT3176921.toolbarBornServerTime", "16-3-2013");
Found : user_pref("CT3176921.toolbarCurrentServerTime", "16-3-2013");
Found : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
Found : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&Sea[...]
Found : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Found : user_pref("extentions.y2layers.installId", "3b60c5f9-f11c-41da-bc7d-551ff67d52a2");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CU[...]
Found : user_pref("smartBar.searchInNewTabOwner", "CT3176921");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalHomepage", "about:home");
Found : user_pref("smartbar.originalSearchAddressUrl", "");
Found : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2613] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=48&CUI=UN42130145901624519&UM=2" ]

*************************

AdwCleaner[R1].txt - [13952 octets] - [16/03/2013 14:43:42]
AdwCleaner[R2].txt - [13888 octets] - [16/03/2013 14:45:16]

########## EOF - C:\AdwCleaner[R2].txt - [13949 octets] ##########

#4 Příspěvek od **Márty84** » 16 bře 2013 14:51

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Delete
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

Turess · #5 Příspěvek od **Turess** » 16 bře 2013 14:57

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 14:55:42
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ado - ADO-PC
# Boot Mode : Normal
# Running from : C:\Users\Ado\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Ado\AppData\Local\Conduit
Folder Deleted : C:\Users\Ado\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\Smartbar
Folder Deleted : C:\Users\Ado\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Ado\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921&SearchSource=61&CUI=UN92925013319189249&UM=2&UP=SP1DC3AC70-14A6-4464-AF80-F61DB173DEBF --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (sk)

File : C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\prefs.js

C:\Users\Ado\AppData\Roaming\Mozilla\Firefox\Profiles\ni5yp6oj.default\user.js ... Deleted !

Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3176921.1000082.muteState", "off");
Deleted : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3176921.1000234.TWC_TMP_city", "NITRA");
Deleted : user_pref("CT3176921.1000234.TWC_TMP_country", "SK");
Deleted : user_pref("CT3176921.1000234.TWC_country", "SLOVAKIA");
Deleted : user_pref("CT3176921.1000234.TWC_locId", "LOXX0021");
Deleted : user_pref("CT3176921.1000234.TWC_location", "Nitra, Slovakia");
Deleted : user_pref("CT3176921.1000234.TWC_region", "OT");
Deleted : user_pref("CT3176921.1000234.TWC_temp_dis", "c");
Deleted : user_pref("CT3176921.1000234.TWC_wind_dis", "kmh");
Deleted : user_pref("CT3176921.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"1°C\",\"temperatu[...]
Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3176921.FF19Solved", "true");
Deleted : user_pref("CT3176921.FirstTime", "true");
Deleted : user_pref("CT3176921.FirstTimeFF3", "true");
Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT317[...]
Deleted : user_pref("CT3176921.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3176921.UserID", "UN23649505732872117");
Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3176921.autoDisableScopes", -1);
Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3176921.defaultSearch", "true");
Deleted : user_pref("CT3176921.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3176921.enableAlerts", "always");
Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3176921.fixUrls", true);
Deleted : user_pref("CT3176921.homepageuserchanged", true);
Deleted : user_pref("CT3176921.installDate", "16/3/2013 12:13:33");
Deleted : user_pref("CT3176921.installId", "stub.exe");
Deleted : user_pref("CT3176921.installType", "conduitnsisintegration");
Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3176921.keyword", "true");
Deleted : user_pref("CT3176921.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3176921.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3176921.mam_gk_CouponBuddy_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_PriceGong_appState.enc", "b24=");
Deleted : user_pref("CT3176921.mam_gk_appStateReportTime.enc", "MTM2MzQzODAzMTI0Ng==");
Deleted : user_pref("CT3176921.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3176921.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3176921.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3176921.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Deleted : user_pref("CT3176921.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_lastLoginTime.enc", "MTM2MzQzODAyNzIzMQ==");
Deleted : user_pref("CT3176921.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3176921.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3176921.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3176921.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3176921.mam_gk_userId.enc", "ZTUwYzY3YjctYjFiNS00ZDIxLTg2ODMtZTE5M2U5YTAwMjk3");
Deleted : user_pref("CT3176921.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);
Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3176921.openThankYouPage", "false");
Deleted : user_pref("CT3176921.openUninstallPage", "true");
Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");
Deleted : user_pref("CT3176921.search.searchAppId", "10000002");
Deleted : user_pref("CT3176921.search.searchCount", "0");
Deleted : user_pref("CT3176921.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363438023738");
Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1363438023588");
Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363438023470");
Deleted : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1363438023084");
Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363438023677");
Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363438023562");
Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1363438023104");
Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1363438022895");
Deleted : user_pref("CT3176921.serviceLayer_services_setupAPI_lastUpdate", "1363438023371");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363438023425");
Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1363438023112");
Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1363438023593");
Deleted : user_pref("CT3176921.settingsINI", true);
Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Deleted : user_pref("CT3176921.smartbar.Uninstall", "0");
Deleted : user_pref("CT3176921.smartbar.homepage", true);
Deleted : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Deleted : user_pref("CT3176921.startPage", "true");
Deleted : user_pref("CT3176921.toolbarBornServerTime", "16-3-2013");
Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "16-3-2013");
Deleted : user_pref("CT3176921.toolbarDisabled", "true");
Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3176921");
Deleted : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&Sea[...]
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "3b60c5f9-f11c-41da-bc7d-551ff67d52a2");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CU[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3176921");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3176921&octid=CT3176921[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Ado\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2609] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [13952 octets] - [16/03/2013 14:43:42]
AdwCleaner[R2].txt - [14011 octets] - [16/03/2013 14:45:16]
AdwCleaner[S1].txt - [14676 octets] - [16/03/2013 14:55:42]

########## EOF - C:\AdwCleaner[S1].txt - [14737 octets] ##########

#6 Příspěvek od **Márty84** » 16 bře 2013 15:58

Jak to vypada? Je ten soubor pryc? Pokud ne, napiste o ktery soubor se jedna (presny nazev a umisteni)

Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Turess · #7 Příspěvek od **Turess** » 16 bře 2013 16:05

Súbor je preč... ďakujem

#8 Příspěvek od **Márty84** » 16 bře 2013 16:15

OK, neni zac

Jestli to chcete docistit, pokracujte s MBAM. Jestli ne, dejte vedet a tema uzavrem

Turess · #9 Příspěvek od **Turess** » 16 bře 2013 16:31

No mohol by som to dočistiť radšej.

#10 Příspěvek od **Márty84** » 16 bře 2013 17:05

Dobra, pockam tedy na log z MBAM a podle vysledku napisu dalsi postup.

Turess · #11 Příspěvek od **Turess** » 16 bře 2013 23:42

alwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.03.16.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ado :: ADO-PC [administrátor]

Ochrana: Povolena

16. 3. 2013 23:15:14
MBAM-log-2013-03-16 (23-41-46).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 377716
Uplynulý čas: 25 minut, 50 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
D:\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> Nebyla provedena žádná instrukce.

(konec)

#12 Příspěvek od **Márty84** » 17 bře 2013 08:20

Nalezy doporucuji odstranit, pak MBAM odinstalujte.

Dejte novy log z RSIT

Turess · #13 Příspěvek od **Turess** » 17 bře 2013 13:39

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ado at 2013-03-17 13:38:51
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 264 GB (53%) free of 501 GB
Total RAM: 8144 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:38:53, on 17. 3. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ado.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-367341941-3459530842-4041588067-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-367341941-3459530842-4041588067-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11499 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"taskhost.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\system32\lxdncoms.exe -service
C:\Windows\SysWOW64\PnkBstrA.exe
taskeng.exe {EB4C2482-242C-4B8E-A54B-23B038EA49A7}
"C:\Windows\system32\Dwm.exe"
taskeng.exe {BD1C87D9-BF41-4C80-AE7C-BADA276F9369}
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2068
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Steam\steam.exe" -silent
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4788.0.708796350\1039323418" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.697 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/2/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/SideloadWipeout/Enabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4788.2.839971287\369086338" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4788.3.2003730223\758455897" --lang=sk --ignored=" --type=renderer " /prefetch:13
taskhost.exe $(Arg0)
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Ado\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0fa2b08c940c.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-12 551400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-12 209384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll [2011-08-19 528384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 6325936]
"lxdnmon.exe"=C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [2009-01-29 660136]
"lxdnamon"=C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [2009-01-29 16040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-02-25 1602984]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Yontoo Desktop"=C:\Users\Ado\AppData\Roaming\Yontoo\YontooDesktop.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088]
"FaxCenterServer"=C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [2009-01-29 320168]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2008-09-12 36352]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-03-17 13:37:59 ----D---- C:\Program Files (x86)\trend micro
2013-03-16 23:14:17 ----D---- C:\Users\Ado\AppData\Roaming\Malwarebytes
2013-03-16 23:13:59 ----D---- C:\ProgramData\Malwarebytes
2013-03-16 14:55:42 ----A---- C:\AdwCleaner[S1].txt
2013-03-16 14:45:16 ----A---- C:\AdwCleaner[R2].txt
2013-03-16 14:43:42 ----A---- C:\AdwCleaner[R1].txt
2013-03-16 13:53:52 ----D---- C:\rsit
2013-03-16 13:53:52 ----D---- C:\Program Files\trend micro
2013-03-16 12:15:33 ----D---- C:\Lexmark ToolBar
2013-03-16 12:13:18 ----D---- C:\Users\Ado\AppData\Roaming\ExpressFiles
2013-03-13 22:52:38 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-13 22:52:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-13 22:52:37 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-13 22:52:37 ----A---- C:\Windows\system32\ieui.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-13 22:52:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-13 22:52:36 ----A---- C:\Windows\system32\urlmon.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\url.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-13 22:52:36 ----A---- C:\Windows\system32\jscript9.dll
2013-03-13 22:52:35 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-13 22:52:35 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\wininet.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\vbscript.dll
2013-03-13 22:52:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-13 22:52:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-13 22:52:34 ----A---- C:\Windows\system32\jscript.dll
2013-03-13 22:52:34 ----A---- C:\Windows\system32\iertutil.dll
2013-03-13 22:52:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-13 22:52:32 ----A---- C:\Windows\system32\mshtml.dll
2013-03-13 22:52:32 ----A---- C:\Windows\system32\ieframe.dll
2013-03-13 19:07:16 ----D---- C:\Users\Ado\AppData\Roaming\TS3Client
2013-03-13 18:57:22 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2013-03-12 23:34:10 ----D---- C:\ProgramData\vsosdk
2013-03-12 23:23:07 ----D---- C:\Users\Ado\AppData\Roaming\Vso
2013-03-12 23:23:07 ----A---- C:\Users\Ado\AppData\Roaming\pcouffin.sys
2013-03-12 23:23:07 ----A---- C:\Users\Ado\AppData\Roaming\inst.exe
2013-03-12 23:22:51 ----D---- C:\Windows\SYSWOW64\sysdir
2013-03-12 23:22:51 ----D---- C:\ProgramData\Aviosoft
2013-03-12 23:22:51 ----D---- C:\Program Files (x86)\CloneDVD6
2013-03-12 14:39:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-03-09 12:44:04 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2013-03-09 12:44:04 ----A---- C:\Windows\system32\uxtuneup.dll
2013-03-09 12:41:45 ----A---- C:\Windows\system32\TURegOpt.exe
2013-03-09 12:41:44 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2013-03-09 12:41:44 ----A---- C:\Windows\system32\authuitu.dll
2013-03-09 12:41:23 ----D---- C:\Users\Ado\AppData\Roaming\TuneUp Software
2013-03-09 12:41:09 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013
2013-03-09 12:40:59 ----D---- C:\ProgramData\TuneUp Software
2013-03-09 12:39:20 ----SHD---- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-09 12:39:20 ----HD---- C:\ProgramData\Common Files
2013-03-02 13:10:11 ----D---- C:\Program Files (x86)\SlySoft
2013-02-24 14:08:28 ----D---- C:\ProgramData\Electronic Arts

======List of files/folders modified in the last 1 months======

2013-03-17 13:38:45 ----D---- C:\Windows\Temp
2013-03-17 13:38:07 ----A---- C:\Windows\SYSWOW64\log.txt
2013-03-17 13:37:59 ----RD---- C:\Program Files (x86)
2013-03-17 13:37:30 ----D---- C:\Windows\system32\drivers
2013-03-17 13:36:51 ----D---- C:\Windows\system32\config
2013-03-17 13:36:39 ----D---- C:\Users\Ado\AppData\Roaming\Skype
2013-03-17 13:36:13 ----D---- C:\Program Files (x86)\Steam
2013-03-17 13:35:43 ----D---- C:\ProgramData\NVIDIA
2013-03-17 13:35:38 ----D---- C:\Windows
2013-03-17 00:09:41 ----D---- C:\Windows\System32
2013-03-17 00:09:41 ----D---- C:\Windows\inf
2013-03-17 00:09:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-17 00:02:57 ----D---- C:\Users\Ado\AppData\Roaming\uTorrent
2013-03-16 23:13:59 ----HD---- C:\ProgramData
2013-03-16 14:56:17 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-16 13:53:52 ----RD---- C:\Program Files
2013-03-16 12:33:02 ----D---- C:\Windows\SysWOW64
2013-03-16 12:32:57 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-03-16 12:15:33 ----D---- C:\Program Files (x86)\Lexmark Toolbar
2013-03-16 12:13:30 ----D---- C:\Windows\Prefetch
2013-03-16 12:13:18 ----D---- C:\Windows\system32\Tasks
2013-03-15 18:09:10 ----SHD---- C:\System Volume Information
2013-03-15 18:01:54 ----D---- C:\Windows\rescache
2013-03-14 18:41:22 ----SD---- C:\Users\Ado\AppData\Roaming\Microsoft
2013-03-14 15:56:09 ----D---- C:\ProgramData\Steam
2013-03-14 12:39:45 ----D---- C:\Windows\winsxs
2013-03-14 12:39:19 ----D---- C:\Windows\SYSWOW64\migration
2013-03-14 12:39:19 ----D---- C:\Windows\system32\migration
2013-03-14 12:39:19 ----D---- C:\Windows\AppPatch
2013-03-14 12:39:19 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 12:39:18 ----D---- C:\Program Files\Internet Explorer
2013-03-13 22:53:35 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 22:53:09 ----D---- C:\Windows\system32\catroot2
2013-03-13 22:53:09 ----D---- C:\Windows\system32\catroot
2013-03-13 20:37:46 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-12 17:30:55 ----D---- C:\Program Files (x86)\Elaborate Bytes
2013-03-09 13:12:47 ----SHD---- C:\Windows\Installer
2013-03-08 17:39:59 ----D---- C:\ProgramData\Lx_cats
2013-03-02 13:10:13 ----D---- C:\Windows\SYSWOW64\drivers
2013-02-22 23:37:31 ----RSD---- C:\Windows\assembly
2013-02-20 20:44:26 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 568600]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-11 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 211344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 149592]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 138744]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 lxdn_device;lxdn_device; C:\Windows\system32\lxdncoms.exe [2008-02-28 1044648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-04 1258856]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-01-25 76888]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-31 2402080]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 116648]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [2008-02-28 33960]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08 116648]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-12-26 4814568]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-08 1255736]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-12 115608]

-----------------EOF-----------------

#14 Příspěvek od **Márty84** » 17 bře 2013 19:53

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce0fa2b08c940c.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
"Yontoo Desktop"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Turess · #15 Příspěvek od **Turess** » 20 bře 2013 15:23

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Ado
->Temp folder emptied: 49725806 bytes
->Temporary Internet Files folder emptied: 4308868 bytes
->FireFox cache emptied: 11956683 bytes
->Google Chrome cache emptied: 380519626 bytes
->Flash cache emptied: 2689 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14900598 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50453 bytes
RecycleBin emptied: 7643502253 bytes

Total Files Cleaned = 7 730,00 mb

VIRY.CZ

Yontoo 2.05

Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05

Re: Yontoo 2.05