Pomoc s infiltraci Kryptik

Zpráva

Orion · #1 Příspěvek od **Orion** » 12 led 2014 23:15

Prosim o pomoc

zde log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Orion at 2014-01-12 23:12:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (25%) free of 114 GB
Total RAM: 8157 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:49, on 12.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Orion.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATworks] regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: EPUHelp.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9770 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
"C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe" -Embedding
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2024
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\System32\regsvr32.exe" C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
KHALMNPR.EXE /API
"C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"C:\Users\Orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe"
"C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3956.0.383387152\1923931840" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2e32 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="3956.1.1564846123\1764005241" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="3956.3.330919783\238040197" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="3956.4.1079434185\1598371968" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="3956.5.688684414\1357385438" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="3956.6.1763806349\65239230" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3956.7.181454691\1147984168" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="3956.8.1720850196\1280652912" /prefetch:673131151
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"D:\Download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31 364824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28 6126680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28 4438104]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-08 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-08 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-08 417304]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5618456]
"AutoKMS"=C:\Windows\AutoKMS.exe [2013-12-08 615936]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 3091224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
""= []
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"ATworks"=regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-09-23 3477640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATworks]
regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\dkkjivbgs.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe [2011-10-21 2193000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-10-02 1090912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2013-12-08 3019376]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
""= []

C:\Users\Orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EPUHelp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-12-08 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-12 23:12:46 ----D---- C:\rsit
2014-01-12 23:12:46 ----D---- C:\Program Files\trend micro
2014-01-10 20:35:25 ----D---- C:\ProgramData\vsosdk
2014-01-10 17:29:06 ----D---- C:\Users\Orion\AppData\Roaming\12192
2014-01-09 19:26:13 ----D---- C:\Program Files (x86)\ESET
2014-01-09 19:25:19 ----A---- C:\Windows\ntbtlog.txt
2014-01-02 11:23:50 ----D---- C:\Program Files (x86)\Magical Jelly Bean
2013-12-28 20:45:36 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-12-28 10:45:09 ----D---- C:\ProgramData\Nokia
2013-12-28 10:44:49 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2013-12-28 10:44:04 ----D---- C:\ProgramData\NokiaInstallerCache
2013-12-28 10:16:07 ----D---- C:\ProgramData\NokiaMusic
2013-12-28 10:13:20 ----D---- C:\Users\Orion\AppData\Roaming\PC Suite
2013-12-28 10:13:20 ----D---- C:\Users\Orion\AppData\Roaming\Nokia
2013-12-28 10:13:20 ----D---- C:\ProgramData\PC Suite
2013-12-28 10:13:02 ----D---- C:\Program Files\DIFX
2013-12-28 10:13:02 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2013-12-28 10:12:46 ----D---- C:\Program Files (x86)\Nokia
2013-12-28 10:12:46 ----A---- C:\Windows\system32\nmwcdclsX64.dll
2013-12-28 10:12:15 ----D---- C:\ProgramData\Installations
2013-12-26 21:01:20 ----D---- C:\Users\Orion\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-12-18 22:22:59 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2013-12-18 22:22:45 ----DC---- C:\Windows\system32\DRVSTORE
2013-12-18 22:22:45 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2013-12-18 22:22:38 ----D---- C:\Program Files\Oracle
2013-12-18 21:20:28 ----D---- C:\Users\Orion\AppData\Roaming\VMware
2013-12-18 20:59:30 ----D---- C:\ProgramData\VMware
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxUSB.sys
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxNetFlt.sys
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxNetAdp.sys
2013-12-18 17:13:30 ----A---- C:\Windows\system32\VBoxNetFltNobj.dll
2013-12-17 14:28:15 ----D---- C:\Program Files (x86)\IDOS

======List of files/folders modified in the last 1 month======

2014-01-12 23:12:47 ----D---- C:\Windows\Temp
2014-01-12 23:12:46 ----RD---- C:\Program Files
2014-01-12 23:08:41 ----D---- C:\Windows\System32
2014-01-12 23:08:41 ----D---- C:\Windows\inf
2014-01-12 23:08:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-12 23:06:32 ----D---- C:\Windows\system32\config
2014-01-12 22:12:36 ----D---- C:\Users\Orion\AppData\Roaming\Adobe
2014-01-12 19:53:40 ----D---- C:\Windows\rescache
2014-01-12 19:53:11 ----D---- C:\Windows\Logs
2014-01-10 20:40:59 ----D---- C:\Users\Orion\AppData\Roaming\Vso
2014-01-10 20:35:25 ----HD---- C:\ProgramData
2014-01-10 20:23:15 ----D---- C:\Users\Orion\AppData\Roaming\vlc
2014-01-10 20:16:26 ----D---- C:\ProgramData\VSO
2014-01-10 12:54:07 ----SHD---- C:\System Volume Information
2014-01-09 19:26:13 ----RD---- C:\Program Files (x86)
2014-01-09 19:25:34 ----D---- C:\Program Files\totalcmd
2014-01-09 19:25:19 ----D---- C:\Windows
2014-01-09 19:22:06 ----D---- C:\Users\Orion\AppData\Roaming\uTorrent
2014-01-05 19:06:58 ----D---- C:\Windows\system32\NDF
2014-01-04 18:10:00 ----D---- C:\Users\Orion\AppData\Roaming\dvdcss
2014-01-02 22:33:19 ----D---- C:\Users\Orion\AppData\Roaming\Skype
2014-01-02 16:18:42 ----SD---- C:\ProgramData\Microsoft
2013-12-30 21:10:52 ----D---- C:\Windows\system32\Tasks
2013-12-28 20:45:40 ----SHD---- C:\Windows\Installer
2013-12-28 20:45:40 ----D---- C:\Windows\winsxs
2013-12-28 20:45:40 ----D---- C:\Windows\SysWOW64
2013-12-28 10:46:26 ----D---- C:\Windows\system32\drivers
2013-12-28 10:44:54 ----D---- C:\Windows\system32\catroot
2013-12-28 10:44:53 ----D---- C:\Windows\system32\DriverStore
2013-12-28 10:44:44 ----D---- C:\Windows\system32\catroot2
2013-12-28 10:16:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-12-28 10:16:14 ----D---- C:\Windows\Globalization
2013-12-28 10:16:12 ----RSD---- C:\Windows\assembly
2013-12-28 10:16:11 ----RSD---- C:\Windows\Fonts
2013-12-28 10:13:09 ----D---- C:\Program Files (x86)\Common Files
2013-12-26 20:51:56 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-12-26 20:50:49 ----D---- C:\ProgramData\Adobe
2013-12-26 20:50:38 ----D---- C:\Program Files (x86)\Adobe
2013-12-24 14:54:54 ----SD---- C:\Users\Orion\AppData\Roaming\Microsoft
2013-12-24 14:54:10 ----D---- C:\Windows\system32\FxsTmp
2013-12-19 09:41:46 ----D---- C:\Windows\system32\wdi
2013-12-18 22:19:02 ----D---- C:\Program Files\Common Files
2013-12-18 22:19:01 ----D---- C:\Windows\SYSWOW64\drivers
2013-12-18 22:11:06 ----D---- C:\Windows\twain_32
2013-12-13 14:56:36 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2011-11-07 17192]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 126736]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 157432]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-12-08 10628640]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2013-12-08 145408]
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2013-05-23 30488]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2013-05-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2013-05-23 13080]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 76568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 59160]
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 154896]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2013-12-08 2153072]
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2013-12-18 113936]
S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-09-12 1337752]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2013-12-08 27760]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 357144]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 50921648]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

diky moc

#2 Příspěvek od **JaRon** » 13 led 2014 07:16

ahoj,
vycisti PC s MBAM - kompletna kontrola

Orion · #3 Příspěvek od **Orion** » 13 led 2014 22:52

udelano ale asi nepomohlo.
zde vypis

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.13.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Orion :: ORION-PC [administrátor]

Ochrana: Povolena

13.1.2014 10:49:13
mbam-log-2014-01-13 (10-49-13).txt

Typ: Kompletní kontrola (C:\|D:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 901585
Uplynulý čas: 2 hodin, 7 minut, 32 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 58
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\dvd.x.player.5.5.3.5.rar (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Adobe Photoshop CS6 13.0 Final CZ\patch - PainteR\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Daemon tools\DAEMON.Tools.Pro.Advanced.v5.1.0.0333-Admin_Crack\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\VSO ConvertXtoDVD 5.0.0.74 Final (CZ,SK)\convertxtodvd.5.x.patch.v4.0.final-Cerberus.ZIP (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Zoner Photo Studio 14.0.1.2 Pro CZ\Keygen.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\stara flash neprustrelna\000152115465\IncrediMail 2 6.29 Build 5203\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\stara flash neprustrelna\000152115465\IncrediMail 2 6.29 Build 5203\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\DAEMONToolsUltra110-0103.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO Downloader 3.0.3.5 Ultimate.rar (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO ConvertXtoDVD 5.0.0.50 Beta\convertxtodvd.5.x.patch.v2.9-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO ConvertXtoDVD 5.1.0.2 Final\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO Downloader Ultimate 2.9.7.8\vso.downloader.2-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\Youwave Android 2.1.2 (patch-RES) [ChingLiu]\Youwave.Android.v2.x.x.Generic.patch-RES.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\Zoner v15.0.1.7\keygen.zip (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
D:\Download\VSO Downloader 3.0.3.5 Ultimate.rar (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO ConvertXtoDVD 5.0.0.50 Beta\convertxtodvd.5.x.patch.v2.9-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO ConvertXtoDVD 5.1.0.2 Final\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO Downloader Ultimate 2.9.7.8\vso.downloader.2-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\Download\Youwave Android 2.1.2 (patch-RES) [ChingLiu]\Youwave.Android.v2.x.x.Generic.patch-RES.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\Zoner v15.0.1.7\keygen.zip (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp8C68.exe (Trojan.Dorkbot.ED) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\AppData\Roaming\Adobe\acupx217.dll (Trojan.Agent.ED) -> Bude smazán při restartu.
C:\Users\Orion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EPUHelp.exe (Trojan.Agent.ED) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\IVT_BlueSoleil_v6.4.314.3_Activator.zip (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Office.Instructions.And.Validation.rar (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Photofiltre Studio v.10.6.2.zip (Trojan.Dropper.PGen) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Aktivátory - Legalizátory\Windows 7 Legalizátor\Windows 7 Legalizátor.exe (Riskware.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Bluesoleil\Aktivace\KeyGen.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Bluesoleil\Bluesoleil_pro spojeni sluchatek s neetbookem\funkcni na win 7\IVT_BlueSoleil_v6.4.249.0_by_Embrace.zip (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\nero 7 premium\Nero 7 Premium 7.11.6.0+Keygen\KeyGen.exe (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\VMware.Workstation.v9.0.0.812388+Keygen[Korke]\keygen.exe (Riskware.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\zuma\zumadeluxe_demo.exe (Adware.TryMedia) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Orion\Desktop\data\Zuma Deluxe\PopUninstall.exe (Trojan.FakeAlert.RRE) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Public\Downloads\PhotoFiltre Studio X 10.8.0 (CZ,SK)\keygen.exe (Trojan.Dropper.PGen) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Public\Downloads\PhotoFiltre Studio X 10.8.0 (CZ,SK)\Keygen.rar (Trojan.Dropper.PGen) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Přesun do karantény a smazání se zdařilo.
D:\Download\DAEMONToolsUltra110-0103.exe (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
D:\Download\PhotoFiltre Studio X 10.8.0 (CZ,SK)\Keygen.rar (Trojan.Dropper.PGen) -> Přesun do karantény a smazání se zdařilo.
D:\Download\VMware Workstation 10.0.1 Build 1379776\keygen.exe (Riskware.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\keygen.exe (Trojan.Agent.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Adobe\Adobe Photoshop CS6\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Aviosoft\DVD X Player 5.5 Professional\dvd.x.player.professional.v5.5-patch.exe (PUP.Hacktool.Patcher) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\Inbox Toolbar\Inbox.exe (PUP.Optional.Inbox) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\IncrediMail\Bin\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\QIP 2012\qip.exe (Trojan.Agent) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\VSO\ConvertX\5\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\VSO\VSO Downloader\3\vso.downloader.ultimate.3.x-patch.exe (PUP.Riskware.Patcher) -> Přesun do karantény a smazání se zdařilo.
G:\Program Files (x86)\VSO\VSO Downloader\3\VSO Downloader 3.0.3.5 Ultimate\medicine\patch\vso.downloader.ultimate.3.x-patch.exe (PUP.Riskware.Patcher) -> Přesun do karantény a smazání se zdařilo.
G:\Users\Orion\AppData\Local\Temp\is-B5KAD.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
G:\Users\Orion\AppData\Local\Temp\is-CFIVH.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
G:\Users\Orion\AppData\Local\Temp\is-MMBMA.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
G:\Users\Orion\Downloads\VSO ConvertXtoDVD 5.1.0.2 Final\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Přesun do karantény a smazání se zdařilo.

(konec)
a zde vypis s rsit

Logfile of random's system information tool 1.09 (written by random/random)
Run by Orion at 2014-01-13 22:46:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 28 GB (25%) free of 114 GB
Total RAM: 8157 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:38, on 13.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Orion.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATworks] regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9944 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe" -Embedding
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1976
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\System32\regsvr32.exe" C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
KHALMNPR.EXE /API
"C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2604.0.1897447130\1053941785" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x2e32 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="2604.1.1447456554\757542863" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2604.3.757968064\840945391" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2604.4.1533001528\1173222161" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2604.6.912726504\1281914364" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group2 pct:10a stable:r5 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-1-Percent/group_32/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="2604.8.296769860\775017815" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2604.9.478860023\492497881" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
taskhost.exe $(Arg0)
"D:\Download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31 364824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28 6126680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28 4438104]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-12-08 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-12-08 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-12-08 417304]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-09-12 5618456]
"AutoKMS"=C:\Windows\AutoKMS.exe []
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 3091224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
""= []
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"ATworks"=regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\nrapi20.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-09-23 3477640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATworks]
regsvr32.exe C:\Users\Orion\AppData\Local\ATworks\dkkjivbgs.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe [2011-10-21 2193000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-10-02 1090912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2013-12-08 3019376]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
""= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-12-08 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 6669000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-13 10:47:23 ----D---- C:\Users\Orion\AppData\Roaming\Malwarebytes
2014-01-13 10:47:13 ----D---- C:\ProgramData\Malwarebytes
2014-01-13 10:47:12 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-13 10:47:12 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-01-12 23:12:46 ----D---- C:\rsit
2014-01-12 23:12:46 ----D---- C:\Program Files\trend micro
2014-01-10 20:35:25 ----D---- C:\ProgramData\vsosdk
2014-01-10 17:29:06 ----D---- C:\Users\Orion\AppData\Roaming\12192
2014-01-09 19:26:13 ----D---- C:\Program Files (x86)\ESET
2014-01-09 19:25:19 ----A---- C:\Windows\ntbtlog.txt
2014-01-02 11:23:50 ----D---- C:\Program Files (x86)\Magical Jelly Bean
2013-12-28 20:45:36 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-12-28 10:45:09 ----D---- C:\ProgramData\Nokia
2013-12-28 10:44:49 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2013-12-28 10:44:04 ----D---- C:\ProgramData\NokiaInstallerCache
2013-12-28 10:16:07 ----D---- C:\ProgramData\NokiaMusic
2013-12-28 10:13:20 ----D---- C:\Users\Orion\AppData\Roaming\PC Suite
2013-12-28 10:13:20 ----D---- C:\Users\Orion\AppData\Roaming\Nokia
2013-12-28 10:13:20 ----D---- C:\ProgramData\PC Suite
2013-12-28 10:13:02 ----D---- C:\Program Files\DIFX
2013-12-28 10:13:02 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2013-12-28 10:12:46 ----D---- C:\Program Files (x86)\Nokia
2013-12-28 10:12:46 ----A---- C:\Windows\system32\nmwcdclsX64.dll
2013-12-28 10:12:15 ----D---- C:\ProgramData\Installations
2013-12-26 21:01:20 ----D---- C:\Users\Orion\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-12-18 22:22:59 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2013-12-18 22:22:45 ----DC---- C:\Windows\system32\DRVSTORE
2013-12-18 22:22:45 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2013-12-18 22:22:38 ----D---- C:\Program Files\Oracle
2013-12-18 21:20:28 ----D---- C:\Users\Orion\AppData\Roaming\VMware
2013-12-18 20:59:30 ----D---- C:\ProgramData\VMware
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxUSB.sys
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxNetFlt.sys
2013-12-18 17:16:44 ----A---- C:\Windows\system32\drivers\VBoxNetAdp.sys
2013-12-18 17:13:30 ----A---- C:\Windows\system32\VBoxNetFltNobj.dll
2013-12-17 14:28:15 ----D---- C:\Program Files (x86)\IDOS

======List of files/folders modified in the last 1 month======

2014-01-13 22:46:37 ----D---- C:\Windows\Temp
2014-01-13 22:41:28 ----D---- C:\Windows\System32
2014-01-13 22:41:28 ----D---- C:\Windows\inf
2014-01-13 22:41:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-13 22:39:33 ----D---- C:\Windows\system32\config
2014-01-13 13:01:38 ----D---- C:\Users\Orion\AppData\Roaming\Adobe
2014-01-13 13:00:35 ----D---- C:\Windows
2014-01-13 10:47:13 ----HD---- C:\ProgramData
2014-01-13 10:47:12 ----RD---- C:\Program Files (x86)
2014-01-13 10:47:12 ----D---- C:\Windows\system32\drivers
2014-01-12 23:12:46 ----RD---- C:\Program Files
2014-01-12 19:53:40 ----D---- C:\Windows\rescache
2014-01-12 19:53:11 ----D---- C:\Windows\Logs
2014-01-10 20:40:59 ----D---- C:\Users\Orion\AppData\Roaming\Vso
2014-01-10 20:23:15 ----D---- C:\Users\Orion\AppData\Roaming\vlc
2014-01-10 20:16:26 ----D---- C:\ProgramData\VSO
2014-01-10 12:54:07 ----SHD---- C:\System Volume Information
2014-01-09 19:25:34 ----D---- C:\Program Files\totalcmd
2014-01-09 19:22:06 ----D---- C:\Users\Orion\AppData\Roaming\uTorrent
2014-01-05 19:06:58 ----D---- C:\Windows\system32\NDF
2014-01-04 18:10:00 ----D---- C:\Users\Orion\AppData\Roaming\dvdcss
2014-01-02 22:33:19 ----D---- C:\Users\Orion\AppData\Roaming\Skype
2014-01-02 16:18:42 ----SD---- C:\ProgramData\Microsoft
2013-12-30 21:10:52 ----D---- C:\Windows\system32\Tasks
2013-12-28 20:45:40 ----SHD---- C:\Windows\Installer
2013-12-28 20:45:40 ----D---- C:\Windows\winsxs
2013-12-28 20:45:40 ----D---- C:\Windows\SysWOW64
2013-12-28 10:44:54 ----D---- C:\Windows\system32\catroot
2013-12-28 10:44:53 ----D---- C:\Windows\system32\DriverStore
2013-12-28 10:44:44 ----D---- C:\Windows\system32\catroot2
2013-12-28 10:16:15 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-12-28 10:16:14 ----D---- C:\Windows\Globalization
2013-12-28 10:16:12 ----RSD---- C:\Windows\assembly
2013-12-28 10:16:11 ----RSD---- C:\Windows\Fonts
2013-12-28 10:13:09 ----D---- C:\Program Files (x86)\Common Files
2013-12-26 20:51:56 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-12-26 20:50:49 ----D---- C:\ProgramData\Adobe
2013-12-26 20:50:38 ----D---- C:\Program Files (x86)\Adobe
2013-12-24 14:54:54 ----SD---- C:\Users\Orion\AppData\Roaming\Microsoft
2013-12-24 14:54:10 ----D---- C:\Windows\system32\FxsTmp
2013-12-19 09:41:46 ----D---- C:\Windows\system32\wdi
2013-12-18 22:19:02 ----D---- C:\Program Files\Common Files
2013-12-18 22:19:01 ----D---- C:\Windows\SYSWOW64\drivers
2013-12-18 22:11:06 ----D---- C:\Windows\twain_32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2011-11-07 17192]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 126736]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 157432]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-12-08 10628640]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2013-12-08 145408]
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2013-05-23 30488]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2013-05-23 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2013-05-23 13080]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 76568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 59160]
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 154896]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2013-12-08 2153072]
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2013-12-18 113936]
S3 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-09-12 1337752]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2013-12-08 27760]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 357144]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 50921648]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-12-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
co dal??please

Orion · #4 Příspěvek od **Orion** » 13 led 2014 22:55

taky me to pise ze modul c:/users/...../ATworks/nrapi20.dll nepodarilo nacist.Pred dvema dny tam bylo
nevo podobneho ale s jinou knihovnou.To jsem nejak odtranil a ted se to obevuje znova a navic jak jsem nainstaloval a provedl sken v Malwarebytes' Anti-Malware tak to porad blokuje nejake ip adresy

#5 Příspěvek od **JaRon** » 14 led 2014 09:33

to co naslo MBAM si nechal odstranit

je uz log po kontrole MBAM cisty

Orion · #6 Příspěvek od **Orion** » 14 led 2014 10:12

nechal ale jeste zkontroluji jednou

#7 Příspěvek od **JaRon** » 14 led 2014 10:54

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ATworks"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATworks]

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

Orion · #8 Příspěvek od **Orion** » 14 led 2014 11:10

Tak zde je vysledek

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Orion :: ORION-PC [administrátor]

Ochrana: Povolena

14.1.2014 10:12:22
MBAM-log-2014-01-14 (11-09-28).txt

Typ: Kompletní kontrola (C:\|D:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 456049
Uplynulý čas: 54 minut, 38 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 22
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\dvd.x.player.5.5.3.5.rar (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Adobe Photoshop CS6 13.0 Final CZ\patch - PainteR\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Daemon tools\DAEMON.Tools.Pro.Advanced.v5.1.0.0333-Admin_Crack\DAEMONToolsPro510-0333.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\VSO ConvertXtoDVD 5.0.0.74 Final (CZ,SK)\convertxtodvd.5.x.patch.v4.0.final-Cerberus.ZIP (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\data\Zoner Photo Studio 14.0.1.2 Pro CZ\Keygen.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\stara flash neprustrelna\000152115465\IncrediMail 2 6.29 Build 5203\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
C:\Users\Orion\Desktop\stara flash neprustrelna\000152115465\IncrediMail 2 6.29 Build 5203\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\DAEMONToolsUltra110-0103.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO Downloader 3.0.3.5 Ultimate.rar (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO ConvertXtoDVD 5.0.0.50 Beta\convertxtodvd.5.x.patch.v2.9-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO ConvertXtoDVD 5.1.0.2 Final\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\VSO Downloader Ultimate 2.9.7.8\vso.downloader.2-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\Youwave Android 2.1.2 (patch-RES) [ChingLiu]\Youwave.Android.v2.x.x.Generic.patch-RES.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\data se systemu pred instalaci ssd disku\Downloads\Zoner v15.0.1.7\keygen.zip (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
D:\Download\VSO Downloader 3.0.3.5 Ultimate.rar (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO ConvertXtoDVD 5.0.0.50 Beta\convertxtodvd.5.x.patch.v2.9-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO ConvertXtoDVD 5.1.0.2 Final\Patch\convertxtodvd.5.x.patch.v4.0.final-Cerberus.exe (PUP.Riskware.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\VSO Downloader Ultimate 2.9.7.8\vso.downloader.2-patch.exe (PUP.RiskwareTool.CK) -> Nebyla provedena žádná instrukce.
D:\Download\Youwave Android 2.1.2 (patch-RES) [ChingLiu]\Youwave.Android.v2.x.x.Generic.patch-RES.exe (PUP.Hacktool.Patcher) -> Nebyla provedena žádná instrukce.
D:\Download\Zoner v15.0.1.7\keygen.zip (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.

(konec)

#9 Příspěvek od **JaRon** » 14 led 2014 11:51

na moj vkus privela crackov a podobnych nezmyslov

co z toho zmazes necham na Tebe
cakam na log CF

Orion · #10 Příspěvek od **Orion** » 14 led 2014 13:08

tak zde je log

ComboFix 14-01-13.01 - Orion 14.01.2014 12:56:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8157.5606 [GMT 1:00]
Spuštěný z: c:\users\Orion\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Orion\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Orion\AppData\Roaming\inst.exe
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . nemohl být smazán
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . nemohl být smazán
.
Nakažená kopie c:\windows\SysWow64\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-14 do 2014-01-14 )))))))))))))))))))))))))))))))
.
.
2014-01-14 08:52 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D4BEAE8-D07D-4C30-A0B5-BE25A424615E}\mpengine.dll
2014-01-13 09:47 . 2014-01-13 09:47 -------- d-----w- c:\users\Orion\AppData\Roaming\Malwarebytes
2014-01-13 09:47 . 2014-01-13 09:47 -------- d-----w- c:\programdata\Malwarebytes
2014-01-13 09:47 . 2014-01-13 09:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-13 09:47 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-12 22:12 . 2014-01-14 11:43 -------- d-----w- c:\program files\trend micro
2014-01-12 22:12 . 2014-01-12 22:12 -------- d-----w- C:\rsit
2014-01-10 19:35 . 2014-01-10 19:35 -------- d-----w- c:\programdata\vsosdk
2014-01-10 16:29 . 2014-01-10 16:29 -------- d-----w- c:\users\Orion\AppData\Roaming\12192
2014-01-09 18:26 . 2014-01-09 18:26 -------- d-----w- c:\program files (x86)\ESET
2014-01-08 14:44 . 2014-01-12 17:13 -------- d-----w- c:\users\Orion\AppData\Local\ATworks
2014-01-02 15:18 . 2014-01-02 15:18 2179072 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll
2014-01-02 10:23 . 2014-01-02 10:23 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2013-12-28 19:45 . 2013-12-28 19:45 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-12-28 09:12 . 2013-01-23 09:31 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2013-12-28 09:12 . 2013-12-28 09:37 -------- d-----w- c:\programdata\Installations
2013-12-26 20:01 . 2013-12-26 20:01 -------- d-----w- c:\users\Orion\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-12-18 22:03 . 2014-01-10 19:09 -------- d-----w- c:\users\Orion\.VirtualBox
2013-12-18 22:03 . 2013-12-18 22:03 -------- d-----w- c:\users\Orion\VirtualBox VMs
2013-12-18 21:22 . 2013-12-18 16:19 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-12-18 21:22 . 2013-12-28 09:44 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-18 21:22 . 2013-12-18 16:16 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-12-18 21:22 . 2013-12-18 21:22 -------- d-----w- c:\program files\Oracle
2013-12-18 20:20 . 2013-12-18 21:07 -------- d-----w- c:\users\Orion\AppData\Local\VMware
2013-12-18 20:20 . 2013-12-18 21:17 -------- d-----w- c:\users\Orion\AppData\Roaming\VMware
2013-12-18 19:59 . 2013-12-18 21:19 -------- d-----w- c:\programdata\VMware
2013-12-18 16:16 . 2013-12-18 16:16 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-12-18 16:16 . 2013-12-18 16:16 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-12-18 16:16 . 2013-12-18 16:16 113936 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2013-12-18 16:13 . 2013-12-18 16:13 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-12-17 13:28 . 2013-12-17 13:33 -------- d-----w- c:\program files (x86)\IDOS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 18:17 . 2013-12-08 17:44 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-09 20:22 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-08 23:21 . 2013-12-08 23:21 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-08 23:21 . 2013-12-08 23:21 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-08 23:21 . 2013-12-08 23:21 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-08 23:21 . 2013-12-08 23:21 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-08 23:21 . 2013-12-08 23:21 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-08 23:21 . 2013-12-08 23:21 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-08 23:21 . 2013-12-08 23:21 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-08 23:21 . 2013-12-08 23:21 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-08 23:21 . 2013-12-08 23:21 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-08 23:21 . 2013-12-08 23:21 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-08 23:21 . 2013-12-08 23:21 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-08 23:21 . 2013-12-08 23:21 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-08 23:21 . 2013-12-08 23:21 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-08 23:21 . 2013-12-08 23:21 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-08 23:21 . 2013-12-08 23:21 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-08 23:21 . 2013-12-08 23:21 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-08 23:21 . 2013-12-08 23:21 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-08 23:21 . 2013-12-08 23:21 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-08 23:21 . 2013-12-08 23:21 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-08 23:21 . 2013-12-08 23:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-08 23:21 . 2013-12-08 23:21 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-08 23:21 . 2013-12-08 23:21 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-08 23:21 . 2013-12-08 23:21 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-08 23:21 . 2013-12-08 23:21 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-08 23:21 . 2013-12-08 23:21 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-08 23:21 . 2013-12-08 23:21 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-08 23:21 . 2013-12-08 23:21 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-08 23:21 . 2013-12-08 23:21 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-08 23:21 . 2013-12-08 23:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-08 23:21 . 2013-12-08 23:21 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-08 23:21 . 2013-12-08 23:21 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-08 23:21 . 2013-12-08 23:21 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-08 23:21 . 2013-12-08 23:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-08 23:21 . 2013-12-08 23:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-08 23:21 . 2013-12-08 23:21 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-08 23:20 . 2013-12-08 23:20 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-08 23:20 . 2013-12-08 23:20 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-08 23:20 . 2013-12-08 23:20 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-08 23:20 . 2013-12-08 23:20 413696 ----a-w- c:\windows\system32\html.iec
2013-12-08 23:20 . 2013-12-08 23:20 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-08 23:20 . 2013-12-08 23:20 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-08 23:20 . 2013-12-08 23:20 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-08 23:20 . 2013-12-08 23:20 235520 ----a-w- c:\windows\system32\url.dll
2013-12-08 23:20 . 2013-12-08 23:20 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-08 23:20 . 2013-12-08 23:20 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-08 23:20 . 2013-12-08 23:20 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-08 23:20 . 2013-12-08 23:20 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-08 23:20 . 2013-12-08 23:20 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-08 23:20 . 2013-12-08 23:20 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-08 23:20 . 2013-12-08 23:20 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-08 23:20 . 2013-12-08 23:20 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-08 23:20 . 2013-12-08 23:20 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-08 23:20 . 2013-12-08 23:20 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-08 23:20 . 2013-12-08 23:20 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-08 23:20 . 2013-12-08 23:20 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-08 23:20 . 2013-12-08 23:20 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-08 23:20 . 2013-12-08 23:20 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-08 23:20 . 2013-12-08 23:20 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-08 23:20 . 2013-12-08 23:20 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-08 21:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-12-08 21:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-12-08 21:30 . 2013-12-08 21:30 53248 ----a-r- c:\users\Orion\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-08 21:29 . 2013-12-08 21:26 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-12-08 21:14 . 2013-12-08 21:14 82816 ----a-w- c:\users\Orion\AppData\Roaming\pcouffin.sys
2013-12-08 19:04 . 2013-12-08 18:40 15823872 ----a-w- c:\users\Orion\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
2013-12-08 19:04 . 2013-12-08 18:40 786492 ----a-w- c:\users\Orion\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
2013-12-08 19:04 . 2013-12-08 18:40 107008 ----a-w- c:\users\Orion\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
2013-12-08 17:16 . 2013-12-08 17:17 414632 ------w- c:\windows\difxapi.dll
2013-12-08 17:15 . 2011-02-17 21:51 2153072 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2013-12-08 17:15 . 2011-02-17 21:51 553072 ----a-w- c:\windows\system32\VIASysFx.dll
2013-12-08 17:15 . 2011-02-17 21:51 993392 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2013-12-08 17:15 . 2011-02-17 21:51 87152 ----a-w- c:\windows\system32\ViaMicArrayPropPageExt.dll
2013-12-08 17:15 . 2011-02-17 21:51 202864 ----a-w- c:\windows\system32\ViaMicArrayAPO.dll
2013-12-08 17:15 . 2011-02-17 21:51 27760 ----a-w- c:\windows\system32\ViakaraokeSrv.exe
2013-12-08 17:15 . 2011-02-17 21:51 116848 ----a-w- c:\windows\system32\ViaKaraokePropPageExt.dll
2013-12-08 17:15 . 2011-02-17 21:51 1161328 ----a-w- c:\windows\system32\ViaKaraokeApo.dll
2013-12-08 17:15 . 2010-10-26 17:55 74240 ----a-w- c:\windows\system32\VMWRP64.DLL
2013-12-08 17:15 . 2010-10-26 17:54 53760 ----a-w- c:\windows\system32\VMPPCN64.DLL
2013-12-08 17:15 . 2010-10-26 17:53 866304 ----a-w- c:\windows\system32\VMAPO64.DLL
2013-12-08 17:15 . 2010-10-26 17:53 57856 ----a-w- c:\windows\system32\VMPPLD64.DLL
2013-12-08 17:15 . 2010-10-26 17:53 732672 ----a-w- c:\windows\SysWow64\VMAPO32.DLL
2013-12-08 17:15 . 2007-12-04 10:28 86016 ----a-w- c:\windows\system32\nQPropPageExt.dll
2013-12-08 17:15 . 2007-12-04 10:28 82432 ----a-w- c:\windows\system32\nQAPO.dll
2013-12-08 17:15 . 2011-02-17 21:51 91760 ----a-w- c:\windows\system32\Dts2PropPageExt.dll
2013-12-08 17:15 . 2011-02-17 21:50 248944 ----a-w- c:\windows\system32\Dts2APO.dll
2013-12-08 16:57 . 2011-02-11 10:21 90112 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2013-12-08 16:57 . 2011-02-11 09:35 206336 ----a-w- c:\windows\system32\iglhsip64.dll
2013-12-08 16:57 . 2011-02-11 09:35 188416 ----a-w- c:\windows\system32\iglhcp64.dll
2013-12-08 16:57 . 2011-02-11 09:34 208896 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2013-12-08 16:57 . 2011-02-11 09:34 147456 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2013-12-08 16:57 . 2011-03-02 14:10 162328 ----a-w- c:\windows\system32\igfxtray.exe
2013-12-08 16:57 . 2011-03-02 14:10 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-12-08 16:57 . 2011-02-11 10:15 982240 ----a-w- c:\windows\system32\igkrng500.bin
2013-12-08 16:57 . 2011-02-11 09:47 88064 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-12-08 16:57 . 2011-02-11 09:47 87552 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-12-08 16:57 . 2011-02-11 09:47 87552 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-12-08 16:57 . 2011-02-11 09:47 88576 ----a-w- c:\windows\system32\igfxresn.lrc
2013-12-08 16:57 . 2011-02-11 09:47 88064 ----a-w- c:\windows\system32\igfxrrus.lrc
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-12-08 3019376]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-08 17:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 17:32]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 17:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BingDesktopOverlays]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2014-01-02 15:18 2492416 ----a-w- c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-08 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-08 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-08 417304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 178.17.80.66 178.17.80.67
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2014-01-14 13:07:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-01-14 12:07
.
Před spuštěním: Volných bajtů: 51 162 431 488
Po spuštění: Volných bajtů: 54 465 634 304
.
- - End Of File - - 1D68C63252068EB7E6E24221A780390D
A36C5E4F47E84449FF07ED3517B43A31

#11 Příspěvek od **JaRon** » 14 led 2014 13:38

citat:
Odinstalujte Combofix
• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

TFC http://oldtimer.geekstogo.com/TFC.exe
• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

a napis ci su este nejake problemy

Orion · #12 Příspěvek od **Orion** » 15 led 2014 12:54

vypada se je vse vpohode az na to ze Malwarebytes Anti-Malware casto blokuje ip adresy.odchozi na portu 6881.

#13 Příspěvek od **JaRon** » 15 led 2014 14:49

MBAM kludne odinstaluj, je vhodne ho pouzivat ako obcasny cleaner

Orion · #14 Příspěvek od **Orion** » 16 led 2014 11:06

ok diky moc

#15 Příspěvek od **JaRon** » 16 led 2014 11:11

za malo

VIRY.CZ

Pomoc s infiltraci Kryptik

Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik

Re: Pomoc s infiltraci Kryptik