PC-HELP.CZ

Dobrý den, poslední dobou mi poměrně často zamrzá PC když ho probouzím z režimu hibernace. PC zamrzne u modré obrazovky ještě před tím, než se objeví nabídka pro výběr uživatele.

Zkoušel jsem test operační paměti tim nástrojem, který je ve Windows a bez problému.

PC: Acer Extensa 5235
Procesor: Celeron(R) Dual-Core CPU T3500 2.10GHz 2.09GHz
RAM: 4 GB
OS: Windows 7 (64bitový)

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:53, on 14.7.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Users\Petr\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3281348
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=irtest ... =752121837
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Dropbox.lnk = Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10882 bytes

Předem děkuji všem profíkům, za jejich čas.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.14.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Petr :: PETR-PC [administrátor]

Ochrana: Povolena

14.7.2013 23:20:41
MBAM-log-2013-07-14 (23-34-15).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 299072
Uplynulý čas: 4 minut, 18 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 7
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Users\Petr\AppData\Local\funmoods.crx (PUP.Funmoods) -> Nebyla provedena žádná instrukce.
C:\Users\Petr\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Nebyla provedena žádná instrukce.
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Nebyla provedena žádná instrukce.

(konec)

# AdwCleaner v2.305 - Log vytvooen 14/07/2013 v 23:49:04
# Aktualizováno 11/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : Petr - PETR-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Petr\Downloads\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\ProgramData\Ask
Složka Nalezeno : C:\ProgramData\InstallMate
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Složka Nalezeno : C:\ProgramData\ParetoLogic
Složka Nalezeno : C:\ProgramData\Partner
Složka Nalezeno : C:\ProgramData\SoftSafe
Složka Nalezeno : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Složka Nalezeno : C:\Users\Petr\AppData\Local\PackageAware
Složka Nalezeno : C:\Users\Petr\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\DriverCure
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Funmoods
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Media Finder
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\extensions\{94193c2f-e73f-4feb-b393-2b95f0a01430}
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\extensions\ffxtlbr@funmoods.com
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\Petr\AppData\Roaming\ParetoLogic
Soubor Nalezeno : C:\END
Soubor Nalezeno : C:\Users\Petr\AppData\Local\funmoods.crx
Soubor Nalezeno : C:\Users\Petr\AppData\Local\funmoods-speeddial.crx
Soubor Nalezeno : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Soubor Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\Askcom.xml
Soubor Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\Conduit.xml
Soubor Nalezeno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\search.xml
Soubor Nalezeno : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\AppDataLow\SProtector
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Funmoods
Klíe Nalezeno : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Nalezeno : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Klíe Nalezeno : HKCU\Software\InstallCore
Klíe Nalezeno : HKCU\Software\MediaFinder
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\MF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Klíe Nalezeno : HKLM\Software\SP Global
Klíe Nalezeno : HKLM\Software\SProtector
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT3281348
[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT2786678
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest ... =752121837
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest ... =752121837

-\\ Mozilla Firefox v15.0.1 (cs)

Soubor : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\prefs.js

Nalezeno : user_pref("CT3281348.FF19Solved", "true");
Nalezeno : user_pref("CT3281348.UserID", "UN91511774114496232");
Nalezeno : user_pref("CT3281348.addressUrlXPETakeover", "true");
Nalezeno : user_pref("CT3281348.autoDisableScopes", -1);
Nalezeno : user_pref("CT3281348.browser.search.defaultthis.engineName", "true");
Nalezeno : user_pref("CT3281348.defaultSearchXPETakeover", "true");
Nalezeno : user_pref("CT3281348.installDate", "22/4/2013 23:03:54");
Nalezeno : user_pref("CT3281348.installSessionId", "7258652c-b174-4f75-9cad-0d6a87ea5bdd");
Nalezeno : user_pref("CT3281348.installSp", "true");
Nalezeno : user_pref("CT3281348.installerVersion", "1.4.1.3");
Nalezeno : user_pref("CT3281348.keyword", "true");
Nalezeno : user_pref("CT3281348.searchRevert", "false");
Nalezeno : user_pref("CT3281348.searchUserMode", "2");
Nalezeno : user_pref("CT3281348.smartbar.homepage", "true");
Nalezeno : user_pref("CT3281348.startPageXPETakeover", "true");
Nalezeno : user_pref("CT3281348.versionFromInstaller", "10.15.2.23");
Nalezeno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Nalezeno : user_pref("aol_toolbar.default.homepage.check", false);
Nalezeno : user_pref("aol_toolbar.default.search.check", false);
Nalezeno : user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
Nalezeno : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme2 B1 Customized Web Search");
Nalezeno : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&CUI[...]
Nalezeno : user_pref("browser.search.order.1", "Ask.com");
Nalezeno : user_pref("browser.search.selectedEngine", "BrotherSoft Extreme2 B1 Customized Web Search");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3281348&octid=CT3281348&Sea[...]
Nalezeno : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Nalezeno : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Nalezeno : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.0,{81BF1D23-5F17-408D-AC6B-BD6DF7CAF[...]
Nalezeno : user_pref("extensions.funmoods.aflt", "irtest1");
Nalezeno : user_pref("extensions.funmoods.autoRvrt", false);
Nalezeno : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Nalezeno : user_pref("extensions.funmoods.cntry", "CZ");
Nalezeno : user_pref("extensions.funmoods.cv", "cv5");
Nalezeno : user_pref("extensions.funmoods.dfltLng", "");
Nalezeno : user_pref("extensions.funmoods.dfltSrch", true);
Nalezeno : user_pref("extensions.funmoods.dfltlng", "en");
Nalezeno : user_pref("extensions.funmoods.dfltsrch", "false");
Nalezeno : user_pref("extensions.funmoods.dnsErr", true);
Nalezeno : user_pref("extensions.funmoods.envrmnt", "production");
Nalezeno : user_pref("extensions.funmoods.excTlbr", false);
Nalezeno : user_pref("extensions.funmoods.fmupdtFirst", false);
Nalezeno : user_pref("extensions.funmoods.hdrMd5", "546A5A38EDFB074F0C15E6A63960E6CE");
Nalezeno : user_pref("extensions.funmoods.hmpg", true);
Nalezeno : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2[...]
Nalezeno : user_pref("extensions.funmoods.hrdid", "52e25b970000000000005aac4c1e050b");
Nalezeno : user_pref("extensions.funmoods.id", "52e25b970000000000005aac4c1e050b");
Nalezeno : user_pref("extensions.funmoods.instlDay", "15523");
Nalezeno : user_pref("extensions.funmoods.instlRef", "irtest1");
Nalezeno : user_pref("extensions.funmoods.instlday", "15523");
Nalezeno : user_pref("extensions.funmoods.instlref", "irtest1");
Nalezeno : user_pref("extensions.funmoods.isdcmntcmplt", true);
Nalezeno : user_pref("extensions.funmoods.keywordurl", "");
Nalezeno : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:34:11");
Nalezeno : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Nalezeno : user_pref("extensions.funmoods.newTab", true);
Nalezeno : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=irtest1&chnl=irtest1&cd[...]
Nalezeno : user_pref("extensions.funmoods.newtab", true);
Nalezeno : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=irtest1&chnl=irtest1&cd[...]
Nalezeno : user_pref("extensions.funmoods.prdct", "funmoods");
Nalezeno : user_pref("extensions.funmoods.prtnrId", "funmoods");
Nalezeno : user_pref("extensions.funmoods.prtnrid", "funmoods");
Nalezeno : user_pref("extensions.funmoods.savedVrsnTs", "1");
Nalezeno : user_pref("extensions.funmoods.sg", "none");
Nalezeno : user_pref("extensions.funmoods.smplGrp", "none");
Nalezeno : user_pref("extensions.funmoods.smplgrp", "none");
Nalezeno : user_pref("extensions.funmoods.srch", "");
Nalezeno : user_pref("extensions.funmoods.srchPrvdr", "Search");
Nalezeno : user_pref("extensions.funmoods.srchprvdr", "Search");
Nalezeno : user_pref("extensions.funmoods.tlbrId", "base");
Nalezeno : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Nalezeno : user_pref("extensions.funmoods.tlbrid", "base");
Nalezeno : user_pref("extensions.funmoods.tlbrsrchurl", "");
Nalezeno : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Nalezeno : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:34:11");
Nalezeno : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Nalezeno : user_pref("extensions.funmoods.vrsnts", "1.5.23.2223:34:11");
Nalezeno : user_pref("extensions.funmoods_i.newTab", true);
Nalezeno : user_pref("extensions.funmoods_i.smplGrp", "none");
Nalezeno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:34:11");
Nalezeno : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&SearchSource=2&CU[...]
Nalezeno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281348&CUI=UN915117741[...]
Nalezeno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Nalezeno : user_pref("smartbar.originalHomepage", "about:home");
Nalezeno : user_pref("smartbar.originalSearchAddressUrl", "");
Nalezeno : user_pref("smartbar.originalSearchEngine", "Ask.com");
Nalezeno : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Nalezeno : user_pref("sweetim.toolbar.searchguard.enable", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Nalezeno : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Nalezeno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.2225] : homepage = "hxxp://search.conduit.com/?ctid=CT3281348&SearchSource=48&CUI=UN23712766576466119&UM=2",
Nalezeno [l.2837] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3281348&SearchSource=48&CUI=UN23712766576466119&UM=2" ]

*************************

AdwCleaner[R1].txt - [16346 octets] - [14/07/2013 23:49:04]

########## EOF - C:\AdwCleaner[R1].txt - [16407 octets] ##########

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.14.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Petr :: PETR-PC [administrátor]

Ochrana: Povolena

15.7.2013 20:35:09
mbam-log-2013-07-15 (20-35-09).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 299205
Uplynulý čas: 4 minut, 10 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 7
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Přesun do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 3
C:\Users\Petr\AppData\Local\funmoods.crx (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Petr\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.

(konec)

# AdwCleaner v2.305 - Log vytvooen 15/07/2013 v 20:54:26
# Aktualizováno 11/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium (64 bits)
# Uživatel : Petr - PETR-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Petr\Downloads\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Conduit
Složka Vymazáno : C:\ProgramData\Ask
Složka Vymazáno : C:\ProgramData\InstallMate
Složka Vymazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Složka Vymazáno : C:\ProgramData\ParetoLogic
Složka Vymazáno : C:\ProgramData\Partner
Složka Vymazáno : C:\ProgramData\SoftSafe
Složka Vymazáno : C:\Users\Petr\AppData\Local\PackageAware
Složka Vymazáno : C:\Users\Petr\AppData\LocalLow\Conduit
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\DriverCure
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\Funmoods
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\Media Finder
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\extensions\{94193c2f-e73f-4feb-b393-2b95f0a01430}
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\extensions\ffxtlbr@funmoods.com
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\OpenCandy
Složka Vymazáno : C:\Users\Petr\AppData\Roaming\ParetoLogic
Soubor Vymazáno : C:\END
Soubor Vymazáno : C:\Users\Petr\AppData\Local\funmoods-speeddial.crx
Soubor Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\Askcom.xml
Soubor Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\Conduit.xml
Soubor Vymazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\searchplugins\search.xml
Soubor Vymazáno : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\AppDataLow\SProtector
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Klíe Vymazáno : HKCU\Software\InstallCore
Klíe Vymazáno : HKCU\Software\MediaFinder
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\MF
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Klíe Vymazáno : HKLM\Software\SP Global
Klíe Vymazáno : HKLM\Software\SProtector
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource= ... =CT3281348 --> hxxp://www.google.com
Vymazáno : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Zaminino : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest ... =752121837 --> hxxp://www.google.com
Zaminino : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest ... =752121837 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (cs)

Soubor : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\prefs.js

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\user.js ... Vymazáno !

Vymazáno : user_pref("CT3281348.FF19Solved", "true");
Vymazáno : user_pref("CT3281348.UserID", "UN91511774114496232");
Vymazáno : user_pref("CT3281348.addressUrlXPETakeover", "true");
Vymazáno : user_pref("CT3281348.autoDisableScopes", -1);
Vymazáno : user_pref("CT3281348.browser.search.defaultthis.engineName", "true");
Vymazáno : user_pref("CT3281348.defaultSearchXPETakeover", "true");
Vymazáno : user_pref("CT3281348.installDate", "22/4/2013 23:03:54");
Vymazáno : user_pref("CT3281348.installSessionId", "7258652c-b174-4f75-9cad-0d6a87ea5bdd");
Vymazáno : user_pref("CT3281348.installSp", "true");
Vymazáno : user_pref("CT3281348.installerVersion", "1.4.1.3");
Vymazáno : user_pref("CT3281348.keyword", "true");
Vymazáno : user_pref("CT3281348.searchRevert", "false");
Vymazáno : user_pref("CT3281348.searchUserMode", "2");
Vymazáno : user_pref("CT3281348.smartbar.homepage", "true");
Vymazáno : user_pref("CT3281348.startPageXPETakeover", "true");
Vymazáno : user_pref("CT3281348.versionFromInstaller", "10.15.2.23");
Vymazáno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Vymazáno : user_pref("aol_toolbar.default.homepage.check", false);
Vymazáno : user_pref("aol_toolbar.default.search.check", false);
Vymazáno : user_pref("backup.old.browser.search.selectedEngine", "Ask.com");
Vymazáno : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme2 B1 Customized Web Search");
Vymazáno : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&CUI[...]
Vymazáno : user_pref("browser.search.order.1", "Ask.com");
Vymazáno : user_pref("browser.search.selectedEngine", "BrotherSoft Extreme2 B1 Customized Web Search");
Vymazáno : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3281348&octid=CT3281348&Sea[...]
Vymazáno : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Vymazáno : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Vymazáno : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.0,{81BF1D23-5F17-408D-AC6B-BD6DF7CAF[...]
Vymazáno : user_pref("extensions.funmoods.aflt", "irtest1");
Vymazáno : user_pref("extensions.funmoods.autoRvrt", false);
Vymazáno : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Vymazáno : user_pref("extensions.funmoods.cntry", "CZ");
Vymazáno : user_pref("extensions.funmoods.cv", "cv5");
Vymazáno : user_pref("extensions.funmoods.dfltLng", "");
Vymazáno : user_pref("extensions.funmoods.dfltSrch", true);
Vymazáno : user_pref("extensions.funmoods.dfltlng", "en");
Vymazáno : user_pref("extensions.funmoods.dfltsrch", "false");
Vymazáno : user_pref("extensions.funmoods.dnsErr", true);
Vymazáno : user_pref("extensions.funmoods.envrmnt", "production");
Vymazáno : user_pref("extensions.funmoods.excTlbr", false);
Vymazáno : user_pref("extensions.funmoods.fmupdtFirst", false);
Vymazáno : user_pref("extensions.funmoods.hdrMd5", "546A5A38EDFB074F0C15E6A63960E6CE");
Vymazáno : user_pref("extensions.funmoods.hmpg", true);
Vymazáno : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2[...]
Vymazáno : user_pref("extensions.funmoods.hrdid", "52e25b970000000000005aac4c1e050b");
Vymazáno : user_pref("extensions.funmoods.id", "52e25b970000000000005aac4c1e050b");
Vymazáno : user_pref("extensions.funmoods.instlDay", "15523");
Vymazáno : user_pref("extensions.funmoods.instlRef", "irtest1");
Vymazáno : user_pref("extensions.funmoods.instlday", "15523");
Vymazáno : user_pref("extensions.funmoods.instlref", "irtest1");
Vymazáno : user_pref("extensions.funmoods.isdcmntcmplt", true);
Vymazáno : user_pref("extensions.funmoods.keywordurl", "");
Vymazáno : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2223:34:11");
Vymazáno : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Vymazáno : user_pref("extensions.funmoods.newTab", true);
Vymazáno : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=irtest1&chnl=irtest1&cd[...]
Vymazáno : user_pref("extensions.funmoods.newtab", true);
Vymazáno : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=irtest1&chnl=irtest1&cd[...]
Vymazáno : user_pref("extensions.funmoods.prdct", "funmoods");
Vymazáno : user_pref("extensions.funmoods.prtnrId", "funmoods");
Vymazáno : user_pref("extensions.funmoods.prtnrid", "funmoods");
Vymazáno : user_pref("extensions.funmoods.savedVrsnTs", "1");
Vymazáno : user_pref("extensions.funmoods.sg", "none");
Vymazáno : user_pref("extensions.funmoods.smplGrp", "none");
Vymazáno : user_pref("extensions.funmoods.smplgrp", "none");
Vymazáno : user_pref("extensions.funmoods.srch", "");
Vymazáno : user_pref("extensions.funmoods.srchPrvdr", "Search");
Vymazáno : user_pref("extensions.funmoods.srchprvdr", "Search");
Vymazáno : user_pref("extensions.funmoods.tlbrId", "base");
Vymazáno : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Vymazáno : user_pref("extensions.funmoods.tlbrid", "base");
Vymazáno : user_pref("extensions.funmoods.tlbrsrchurl", "");
Vymazáno : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Vymazáno : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2223:34:11");
Vymazáno : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Vymazáno : user_pref("extensions.funmoods.vrsnts", "1.5.23.2223:34:11");
Vymazáno : user_pref("extensions.funmoods_i.newTab", true);
Vymazáno : user_pref("extensions.funmoods_i.smplGrp", "none");
Vymazáno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:34:11");
Vymazáno : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281348&SearchSource=2&CU[...]
Vymazáno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281348&CUI=UN915117741[...]
Vymazáno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Vymazáno : user_pref("smartbar.originalHomepage", "about:home");
Vymazáno : user_pref("smartbar.originalSearchAddressUrl", "");
Vymazáno : user_pref("smartbar.originalSearchEngine", "Ask.com");
Vymazáno : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Vymazáno : user_pref("sweetim.toolbar.searchguard.enable", "");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Vymazáno : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Vymazáno : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.2183] : homepage = "hxxp://search.conduit.com/?ctid=CT3281348&SearchSource=48&CUI=UN23712766576466119&UM[...]
Vymazáno [l.2806] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3281348&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [16441 octets] - [14/07/2013 23:49:04]
AdwCleaner[S1].txt - [15480 octets] - [15/07/2013 20:54:26]

########## EOF - C:\AdwCleaner[S1].txt - [15541 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Petr on po 15.07.2013 at 21:02:44,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70F02603-9BC1-4E1E-8268-4FCEDF8EF319}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{743B2DBF-536D-47B5-8FBF-A51E3F23321F}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\browse2save"

~~~ FireFox

Emptied folder: C:\Users\Petr\AppData\Roaming\mozilla\firefox\profiles\0f48g9z5.default\minidumps [144 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 15.07.2013 at 21:14:01,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://www.adlice.com/forum/
Webové stránky : hxxp://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Petr [Práva správce]
Mód : Kontrola -- Datum : 07/15/2013 21:19:42
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[BROK VAL] HKCR\[...]\command : () -> CHYBÍ

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Funmoods : C:\Users\Petr\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0f48g9z5.default : user_pref("network.proxy.hxxp", "217.195.169.113"); -> NALEZENO
[FF][PROXY] 0f48g9z5.default : user_pref("network.proxy.hxxp_port", 8080); -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] a19f55afb745f3be060679a42e66b31b
[BSP] dae651990d8bda2e7c8783837f6e2aef : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 235028 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 508807168 | Size: 228498 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_07152013_211942.txt >>

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : hxxp://www.adlice.com/forum/
Webové stránky : hxxp://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Petr [Práva správce]
Mód : Odebrat -- Datum : 07/15/2013 22:07:44
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[BROK VAL] HKCR\[...]\command : () -> vytvořené ("%1" %*)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] Funmoods : C:\Users\Petr\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0f48g9z5.default : user_pref("network.proxy.hxxp", "217.195.169.113"); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX
[FF][PROXY] 0f48g9z5.default : user_pref("network.proxy.hxxp_port", 8080); -> NEBYLO ODSTRANĚNO, POUŽIJTE PROXYFIX

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] a19f55afb745f3be060679a42e66b31b
[BSP] dae651990d8bda2e7c8783837f6e2aef : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 235028 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 508807168 | Size: 228498 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_07152013_220743.txt >>
RKreport[0]_S_07152013_211942.txt;RKreport[0]_S_07152013_220736.txt

ComboFix 13-07-15.01 - Petr 15.07.2013 22:13:59.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3997.2764 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Petr\calculator.exe
c:\windows\SysWow64\Chip.dll
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\Pvt.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-15 do 2013-07-15 )))))))))))))))))))))))))))))))
.
.
2013-07-15 20:24 . 2013-07-15 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-15 19:02 . 2013-07-15 19:02 -------- d-----w- c:\windows\ERUNT
2013-07-15 18:40 . 2013-07-15 18:40 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\programdata\Malwarebytes
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-14 21:18 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\users\Petr\AppData\Local\Programs
2013-07-14 16:57 . 2013-07-14 16:57 -------- d-----w- c:\programdata\VST3 Presets
2013-07-14 16:28 . 2013-07-15 19:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72BB2985-D1FD-4021-8784-A45CED95FBDE}\offreg.dll
2013-07-14 15:34 . 2013-07-14 15:34 -------- d-----w- c:\users\Petr\AppData\Local\Thinstall
2013-07-06 17:05 . 2013-07-14 16:24 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2013-06-24 18:02 . 2013-06-24 18:13 -------- d-----w- c:\users\Petr\AppData\Roaming\TeamViewer
2013-06-24 17:53 . 2013-06-24 17:53 -------- d-----w- c:\program files (x86)\TeamViewer
2013-06-20 16:34 . 2013-06-20 16:34 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-16 21:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72BB2985-D1FD-4021-8784-A45CED95FBDE}\mpengine.dll
2013-06-16 18:46 . 2013-06-16 18:47 -------- d-----w- c:\program files (x86)\nLite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 20:01 . 2013-05-31 20:11 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:01 . 2011-07-11 22:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:01 . 2011-07-11 22:22 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 20:50 . 2012-04-20 19:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 20:50 . 2012-04-20 19:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-19 10:24 . 2013-05-13 21:09 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 19:07 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-05-31 20:12 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-31 20:11 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2011-07-11 22:22 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-07-11 22:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-07-11 22:22 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-07-11 22:22 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-07-11 22:22 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2011-07-11 18:28 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 22:23 . 2013-04-28 22:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-28 22:23 . 2013-04-28 22:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-04-28 22:23 . 2013-04-28 22:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-28 22:23 . 2013-04-28 22:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-28 22:23 . 2013-04-28 22:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-04-28 22:23 . 2013-04-28 22:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-28 22:23 . 2013-04-28 22:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-28 22:23 . 2013-04-28 22:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-28 22:23 . 2013-04-28 22:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-04-28 22:23 . 2013-04-28 22:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-28 22:23 . 2013-04-28 22:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-04-28 22:23 . 2013-04-28 22:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-28 22:23 . 2013-04-28 22:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-28 22:23 . 2013-04-28 22:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-28 22:23 . 2013-04-28 22:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-28 22:23 . 2013-04-28 22:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-28 22:23 . 2013-04-28 22:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-28 22:23 . 2013-04-28 22:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-28 22:23 . 2013-04-28 22:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-04-28 22:23 . 2013-04-28 22:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-28 22:23 . 2013-04-28 22:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-28 22:23 . 2013-04-28 22:23 222208 ----a-w- c:\windows\system32\msls31.dll
2013-04-28 22:23 . 2013-04-28 22:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-04-28 22:23 . 2013-04-28 22:23 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-04-28 22:23 . 2013-04-28 22:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-28 22:23 . 2013-04-28 22:23 816640 ----a-w- c:\windows\system32\jscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-28 22:23 . 2013-04-28 22:23 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-28 22:23 . 2013-04-28 22:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-28 22:23 . 2013-04-28 22:23 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-04-28 22:23 . 2013-04-28 22:23 248320 ----a-w- c:\windows\system32\ieui.dll
2013-04-28 22:23 . 2013-04-28 22:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-28 22:23 . 2013-04-28 22:23 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-28 22:23 . 2013-04-28 22:23 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-28 22:23 . 2013-04-28 22:23 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-28 22:23 . 2013-04-28 22:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-28 22:23 . 2013-04-28 22:23 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-04-28 22:23 . 2013-04-28 22:23 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-04-28 22:23 . 2013-04-28 22:23 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-28 22:23 . 2013-04-28 22:23 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-04-28 22:23 . 2013-04-28 22:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-28 22:23 . 2013-04-28 22:23 12288 ----a-w- c:\windows\system32\mshta.exe
2013-04-28 22:23 . 2013-04-28 22:23 114176 ----a-w- c:\windows\system32\admparse.dll
2013-04-28 22:23 . 2013-04-28 22:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-28 22:23 . 2013-04-28 22:23 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-28 22:23 . 2013-04-28 22:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-28 22:23 . 2013-04-28 22:23 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-04-28 22:23 . 2013-04-28 22:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-04-28 22:23 . 2013-04-28 22:23 82432 ----a-w- c:\windows\system32\icardie.dll
2013-04-28 22:23 . 2013-04-28 22:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-04-28 22:23 . 2013-04-28 22:23 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-28 22:23 . 2013-04-28 22:23 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-28 22:23 . 2013-04-28 22:23 448512 ----a-w- c:\windows\system32\html.iec
2013-04-28 22:23 . 2013-04-28 22:23 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-28 22:23 . 2013-04-28 22:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-04-28 22:23 . 2013-04-28 22:23 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-28 22:23 . 2013-04-28 22:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-28 22:23 . 2013-04-28 22:23 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-28 22:23 . 2013-04-28 22:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-04-28 22:23 . 2013-04-28 22:23 237056 ----a-w- c:\windows\system32\url.dll
2013-04-28 22:23 . 2013-04-28 22:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-28 22:23 . 2013-04-28 22:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-28 22:23 . 2013-04-28 22:23 103936 ----a-w- c:\windows\system32\inseng.dll
2013-04-28 22:23 . 2013-04-28 22:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-04-28 22:23 . 2013-04-28 22:23 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-04-28 22:23 . 2013-04-28 22:23 160256 ----a-w- c:\windows\system32\wextract.exe
2013-04-22 21:45 . 2013-04-22 21:45 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-01-07 451656]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-5 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:50]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 18:20]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 18:20]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000Core.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:16]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000UA.job
- c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 18:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-26 818720]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-14 206072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\
FF - prefs.js: network.proxy.ftp - 217.195.169.113
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 217.195.169.113
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 217.195.169.113
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 217.195.169.113
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{09D72D3B-14F9-0629-05A4-F1F14D70221C} - c:\progra~3\INSTAL~1\{33533~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-07-15 22:27:23
ComboFix-quarantined-files.txt 2013-07-15 20:27
.
Před spuštěním: Volných bajtů: 182 688 006 144
Po spuštění: Volných bajtů: 182 393 008 128
.
- - End Of File - - 0BC60F5330BFE265EE7AA81B3F0246F5
A36C5E4F47E84449FF07ED3517B43A31

Odinstaluj:
Spyware Terminator

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\DRIVERS\stflt.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000UA.job

Folder::
c:\program files (x86)\Spyware Terminator
c:\program files (x86)\Google\Update
c:\users\Petr\AppData\Local\Google\Update

Driver::
sp_rsdrv2
ST2012_Svc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorShield"=-
"SpywareTerminatorUpdater"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

ComboFix 13-07-15.01 - Petr 16.07.2013 21:35:59.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3997.2698 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\DRIVERS\stflt.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.153\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.153\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.153\psuser.dll
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-7.0.3.8542.exe
c:\program files (x86)\Google\Update\Download\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\0.0.0.0\gsync.msi
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{A32C8EBF-B165-4686-B65C-E1D0C240F50B}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4209.2358\GoogleToolbarInstaller_updater_signed.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\Petr\AppData\Local\Google\Update
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_am.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_da.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_de.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_el.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_en.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_es.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_et.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_id.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_is.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_it.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_no.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_te.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_th.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\psmachine.dll
c:\users\Petr\AppData\Local\Google\Update\1.3.21.153\psuser.dll
c:\users\Petr\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\users\Petr\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.72\28.0.1500.72_28.0.1500.71_chrome_updater.exe
c:\users\Petr\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\system32\DRIVERS\stflt.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229535671-2874666191-3641557215-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SP_RSDRV2
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-16 do 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\Mixcraft8\AppData\Local\temp
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\mixcraft7\AppData\Local\temp
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\mixcraft6\AppData\Local\temp
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\Mixcraft2\AppData\Local\temp
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\Mixcraft 5\AppData\Local\temp
2013-07-16 19:48 . 2013-07-16 19:48 -------- d-----w- c:\users\mixcraft 4\AppData\Local\temp
2013-07-15 19:02 . 2013-07-15 19:02 -------- d-----w- c:\windows\ERUNT
2013-07-15 18:40 . 2013-07-15 18:40 -------- d-----w- c:\users\Petr\AppData\Local\Apple
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\programdata\Malwarebytes
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-14 21:18 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-14 21:18 . 2013-07-14 21:18 -------- d-----w- c:\users\Petr\AppData\Local\Programs
2013-07-14 16:57 . 2013-07-14 16:57 -------- d-----w- c:\programdata\VST3 Presets
2013-07-14 15:34 . 2013-07-14 15:34 -------- d-----w- c:\users\Petr\AppData\Local\Thinstall
2013-07-06 17:05 . 2013-07-14 16:24 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2013-06-24 18:02 . 2013-06-24 18:13 -------- d-----w- c:\users\Petr\AppData\Roaming\TeamViewer
2013-06-24 17:53 . 2013-06-24 17:53 -------- d-----w- c:\program files (x86)\TeamViewer
2013-06-20 16:34 . 2013-06-20 16:34 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-16 21:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72BB2985-D1FD-4021-8784-A45CED95FBDE}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 20:01 . 2013-05-31 20:11 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:01 . 2011-07-11 22:22 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:01 . 2011-07-11 22:22 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-12 20:50 . 2012-04-20 19:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 20:50 . 2012-04-20 19:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-19 10:24 . 2013-05-13 21:09 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 19:07 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-05-31 20:12 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-31 20:11 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2011-07-11 22:22 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-07-11 22:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-07-11 22:22 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-07-11 22:22 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-07-11 22:22 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2011-07-11 18:28 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 22:23 . 2013-04-28 22:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-28 22:23 . 2013-04-28 22:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-04-28 22:23 . 2013-04-28 22:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-28 22:23 . 2013-04-28 22:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-28 22:23 . 2013-04-28 22:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-04-28 22:23 . 2013-04-28 22:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-28 22:23 . 2013-04-28 22:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-28 22:23 . 2013-04-28 22:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-28 22:23 . 2013-04-28 22:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-04-28 22:23 . 2013-04-28 22:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-28 22:23 . 2013-04-28 22:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-04-28 22:23 . 2013-04-28 22:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-28 22:23 . 2013-04-28 22:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-28 22:23 . 2013-04-28 22:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-28 22:23 . 2013-04-28 22:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-28 22:23 . 2013-04-28 22:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-28 22:23 . 2013-04-28 22:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-28 22:23 . 2013-04-28 22:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-28 22:23 . 2013-04-28 22:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-04-28 22:23 . 2013-04-28 22:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-28 22:23 . 2013-04-28 22:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-28 22:23 . 2013-04-28 22:23 222208 ----a-w- c:\windows\system32\msls31.dll
2013-04-28 22:23 . 2013-04-28 22:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-04-28 22:23 . 2013-04-28 22:23 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-04-28 22:23 . 2013-04-28 22:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-28 22:23 . 2013-04-28 22:23 816640 ----a-w- c:\windows\system32\jscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-28 22:23 . 2013-04-28 22:23 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-28 22:23 . 2013-04-28 22:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-28 22:23 . 2013-04-28 22:23 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-04-28 22:23 . 2013-04-28 22:23 248320 ----a-w- c:\windows\system32\ieui.dll
2013-04-28 22:23 . 2013-04-28 22:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-28 22:23 . 2013-04-28 22:23 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-28 22:23 . 2013-04-28 22:23 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-04-28 22:23 . 2013-04-28 22:23 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-28 22:23 . 2013-04-28 22:23 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-04-28 22:23 . 2013-04-28 22:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-28 22:23 . 2013-04-28 22:23 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-04-28 22:23 . 2013-04-28 22:23 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-04-28 22:23 . 2013-04-28 22:23 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-28 22:23 . 2013-04-28 22:23 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-04-28 22:23 . 2013-04-28 22:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-28 22:23 . 2013-04-28 22:23 12288 ----a-w- c:\windows\system32\mshta.exe
2013-04-28 22:23 . 2013-04-28 22:23 114176 ----a-w- c:\windows\system32\admparse.dll
2013-04-28 22:23 . 2013-04-28 22:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-28 22:23 . 2013-04-28 22:23 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-28 22:23 . 2013-04-28 22:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-28 22:23 . 2013-04-28 22:23 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-04-28 22:23 . 2013-04-28 22:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-04-28 22:23 . 2013-04-28 22:23 82432 ----a-w- c:\windows\system32\icardie.dll
2013-04-28 22:23 . 2013-04-28 22:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-04-28 22:23 . 2013-04-28 22:23 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-28 22:23 . 2013-04-28 22:23 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-28 22:23 . 2013-04-28 22:23 448512 ----a-w- c:\windows\system32\html.iec
2013-04-28 22:23 . 2013-04-28 22:23 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-28 22:23 . 2013-04-28 22:23 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-04-28 22:23 . 2013-04-28 22:23 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-28 22:23 . 2013-04-28 22:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-28 22:23 . 2013-04-28 22:23 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-28 22:23 . 2013-04-28 22:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-04-28 22:23 . 2013-04-28 22:23 237056 ----a-w- c:\windows\system32\url.dll
2013-04-28 22:23 . 2013-04-28 22:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-28 22:23 . 2013-04-28 22:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-04-28 22:23 . 2013-04-28 22:23 103936 ----a-w- c:\windows\system32\inseng.dll
2013-04-28 22:23 . 2013-04-28 22:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-04-28 22:23 . 2013-04-28 22:23 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-04-28 22:23 . 2013-04-28 22:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-04-28 22:23 . 2013-04-28 22:23 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-01-07 451656]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-5-5 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-26 818720]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-14 206072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\
FF - prefs.js: network.proxy.ftp - 217.195.169.113
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 217.195.169.113
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 217.195.169.113
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 217.195.169.113
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{09D72D3B-14F9-0629-05A4-F1F14D70221C} - c:\progra~3\INSTAL~1\{33533~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Celkový čas: 2013-07-16 21:56:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-16 19:56
ComboFix2.txt 2013-07-15 20:27
.
Před spuštěním: Volných bajtů: 182 048 899 072
Po spuštění: Volných bajtů: 181 459 173 376
.
- - End Of File - - 78CE70DD12C522959401F7849CB2DD97
A36C5E4F47E84449FF07ED3517B43A31

Nový log z Hjt:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:00:02, on 16.7.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Users\Petr\Downloads\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Dropbox.lnk = Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9536 bytes

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-16 22:04:24
-----------------------------
22:04:24.874 OS Version: Windows x64 6.1.7600
22:04:24.874 Number of processors: 2 586 0x170A
22:04:24.874 ComputerName: PETR-PC UserName: Petr
22:04:25.592 Initialize success
22:04:25.701 AVAST engine defs: 13071600
22:04:31.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:04:31.301 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:04:31.442 Disk 0 MBR read successfully
22:04:31.457 Disk 0 MBR scan
22:04:31.457 Disk 0 Windows 7 default MBR code
22:04:31.473 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
22:04:31.489 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
22:04:31.489 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 235028 MB offset 27469824
22:04:31.489 Disk 0 Partition - 00 0F Extended LBA 228498 MB offset 508807168
22:04:31.520 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 228497 MB offset 508809216
22:04:31.676 Disk 0 scanning C:\Windows\system32\drivers
22:04:39.538 Service scanning
22:05:02.143 Modules scanning
22:05:02.143 Disk 0 trace - called modules:
22:05:02.189 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:05:02.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579c060]
22:05:02.205 3 CLASSPNP.SYS[fffff880013cd43f] -> nt!IofCallDriver -> [0xfffffa8003cf7be0]
22:05:02.205 5 ACPI.sys[fffff88000f69781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004730050]
22:05:02.829 AVAST engine scan C:\Windows
22:05:05.543 AVAST engine scan C:\Windows\system32
22:07:10.780 AVAST engine scan C:\Windows\system32\drivers
22:07:20.452 AVAST engine scan C:\Users\Petr
22:08:56.705 AVAST engine scan C:\ProgramData
22:22:33.912 Scan finished successfully
22:31:17.137 Disk 0 MBR has been saved successfully to "C:\Users\Petr\Desktop\MBR.dat"
22:31:17.148 The log file has been saved successfully to "C:\Users\Petr\Desktop\aswMBR.txt"

----------------------------------------------------------------------------
CrystalDiskInfo 5.6.1 Shizuku Edition (C) 2008-2013 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium [6.1 Build 7600] (x64)
Date : 2013/07/16 22:36:46

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- WDC WD5000BEVT-22A0RT0
- MATSHITA DVD-RAM UJ890AS
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000BEVT-22A0RT0 : 500,1 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD5000BEVT-22A0RT0
----------------------------------------------------------------------------
Model : WDC WD5000BEVT-22A0RT0
Firmware : 01.01A01
Serial Number : WD-WXM1E60ND689
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 1187 hod.
Power On Count : 1193 krát
Temparature : 41 C (105 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0060h [ON]
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 187 151 _21 000000000648 Čas na roztočení ploten
04 _95 _95 __0 000000001530 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _99 _99 __0 0000000004A3 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 0000000004A9 Počet cyklů zapnutí zařízení
BF _68 _68 __0 000000000020 Počet udalostí zaznamenaných otřesovým senzorem
C0 200 200 __0 000000000022 Počet vypnutí disku
C1 156 156 __0 00000002049B Počet cyklů načítání/vymazání
C2 106 _98 __0 000000000029 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4D31 4536 304E 4436 3839
020: 0000 4000 0032 3031 2E30 3141 3031 5744 4320 5744
030: 3530 3030 4245 5654 2D32 3241 3052 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0000 004C 004C
080: 01FE 0000 746B 7F09 6163 7469 BC09 6163 407F 0043
090: 0043 0060 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5001 4EE6
110: 0057 4B8E 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16D3 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 31A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BB 97 48 06 00 00 00 00 00 04 32 00 5F 5F 30
020: 15 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 64 FD 00 00 00 00 00 00 00 09 32
040: 00 63 63 A3 04 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 A9 04 00 00 00 00 00 BF 32
070: 00 44 44 20 00 00 00 00 00 00 C0 32 00 C8 C8 22
080: 00 00 00 00 00 00 C1 32 00 9C 9C 9B 04 02 00 00
090: 00 00 C2 22 00 6A 62 29 00 00 00 00 00 00 C4 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C5 32 00 C8 C8 00
0B0: 00 00 00 00 00 00 C6 30 00 64 FD 00 00 00 00 00
0C0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 C8 08
0D0: 00 64 FD 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 90 33 01 7B
170: 03 00 01 00 02 9A 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 64 64 64 64 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 33 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 BF 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C4 00
0A0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0B0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0C0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 C8 33
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E8

Ten disk má zaznamenáno docela dost otřesů. Nespadl ti?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

V HJT fixni:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5i4761u36s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Provedeno.

Jinak je to notebook, který mám téměř stále doma na stole. Přenášel jsem ho za 2 roky asi celkem 4x. Ná žádný pád nebo otřes si nevzpomínám

Ok, jsou nějaké problémy? Pokud ne, tak poprosím zelenou fajku ;-)

PC-HELP.CZ

Časté zamrzání PC při probouzení

Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení

Re: Časté zamrzání PC při probouzení