Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Zpráva

Tom77 · #1 Příspěvek od **Tom77** » 02 kvě 2014 07:54

Zdravím,
poslední cca měsíc mě trápí vir/malware či něco takového... Ve všech prohlížečích mi zobrazuje reklamu. Na každé stránce jí prostě někam nacpe a často mě po kliknutí na odkaz přesměruje někam jinam. Zároveň se objevuje reklama přímo v textu na stránce ( např. zvýraznění slova Kolo a po najetí přes slovo vyskočí reklama na horské kola... )
Zkoušel jsem pár různých antivirů, cleanerů apod... ale nic nepomohlo. Program Spybot - Search & Destroy však nalezl b]Win32.Downloader.gen[/b] a za boha ho nedokáže odstranit.

Doufal jsem, že problém dokážu vyřešit sám, ale po dvou dnech intenzivního zkoumání jsem to vzdal a rozhodl se požádat o pomoc tady. Zde na fóru jsem našel topic http://forum.viry.cz/viewtopic.php?f=13&t=129919 kde to někomu také našlo stejný soubor. Ale nezmiňuje se o tom, že by měl stejný problém jako já...
Na závěr bych jen rád dodal, že jsem použil program ComboFix. Ze začátku jsem váhal zda to stojí za ten risk. Kdykoliv jsem si o tom programu něco četl, tak všude bylo fakt milion varování, ale dneska jsem se rozhodl že ho vyzkouším. Byl jsem odhodlaný přeinstalovat winy kdyby se náhodou něco podělalo. ComboFix scanoval cca 5 min, resetoval PC a vyhodil log. Reklamy stále naskakují, horské kolo stále nechci a rád bych se toho zbavil.
Budu rád za jakoukoliv pomoc!

Přikládám logy z programů ComboFix, Junkware Removal Tool a AdwCleaner.

EDIT: Pro zodpovězení dotazů, které by se mohli objevit ještě doplním pár věcí. Všechny programy jsem spouštěl jako správce a antivir i firewall jsem vypnul. Spybota jsem odinstaloval, stejně tak všechny antiviry, cleanery apod... co jsem stahoval na vlastní pěst. Celkově jsem se snažil odinstalovat z PC všechno o co nemám zájem.

ComboFix
ComboFix 14-04-30.01 - Tom 02.05.2014 8:09.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8153.6463 [GMT 2:00]
Spuštěný z: c:\users\Tom\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\tWefVKfyHIf.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\QKDD4gF94.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\hOW.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\dH1iFErm.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\FBekp.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\tWefVKfyHIf.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\QKDD4gF94.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\hOW.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\dH1iFErm.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\FBekp.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\tWefVKfyHIf.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\icon48.png
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\QKDD4gF94.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\hOW.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\dH1iFErm.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\FBekp.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlanpmhnkadmkfkgkdfppicfhkkggjll\1.0\tWefVKfyHIf.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\icon48.png
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\fekndhmgknpngldmldagggcjkaiabjml\1.1\QKDD4gF94.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\hOW.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcomfgcnglinfbmdacdbkpjogleejek\2.7\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\dH1iFErm.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\manifest.json
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\newtab.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\background.html
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\content.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\FBekp.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\lsdb.js
c:\users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipopodflddngcbmefgnnmfggjpknepha\161\manifest.json
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\background.html
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\content.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\lsdb.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\manifest.json
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\nXAaTet0VOD.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\background.html
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\content.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\dH1iFErm.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\lsdb.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\manifest.json
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgcphbhapbeejlhjhplmmhfffgkbmnf\2.1\newtab.html
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efmdjbiceagbmomlmanlmfokhocllcfk_0.localstorage-journal
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efmdjbiceagbmomlmanlmfokhocllcfk_0.localstorage
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idgcphbhapbeejlhjhplmmhfffgkbmnf_0.localstorage-journal
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idgcphbhapbeejlhjhplmmhfffgkbmnf_0.localstorage
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Tom\AppData\Local\Temp\7zS4302\HPSLPSVC64.DLL
c:\windows\iun6002.exe
c:\windows\SysWow64\Core.dll
c:\windows\SysWow64\X86
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-02 do 2014-05-02 )))))))))))))))))))))))))))))))
.
.
2014-05-02 04:10 . 2014-05-02 04:10 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D93409F-B444-486C-889B-53F36AEA8807}\gapaengine.dll
2014-05-02 04:10 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BA2E002-3CC3-4E10-84E0-9BBFAE558D2D}\mpengine.dll
2014-04-30 14:25 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-20 21:37 . 2014-04-20 21:37 -------- d-----w- c:\program files (x86)\Common Files\BitSpirit
2014-04-20 21:37 . 2014-04-20 21:37 -------- d-----w- c:\program files\BitSpirit
2014-04-16 12:39 . 2014-04-16 12:39 -------- d-sh--w- c:\users\Tom\AppData\Local\EmieUserList
2014-04-16 12:39 . 2014-04-16 12:39 -------- d-sh--w- c:\users\Tom\AppData\Local\EmieSiteList
2014-04-16 12:38 . 2014-04-16 12:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-04-14 15:58 . 2014-04-14 15:58 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-14 15:50 . 2014-04-14 15:50 -------- d-sh--w- c:\windows\ftpcache
2014-04-14 15:22 . 2014-04-14 15:22 -------- d-----w- c:\program files (x86)\MP4 Converter
2014-04-14 15:18 . 2014-04-14 15:18 -------- d-----w- c:\users\Tom\AppData\Roaming\Sony Creative Software Inc
2014-04-14 15:07 . 2014-04-08 20:51 169984 ----a-w- c:\windows\system32\xvid.ax
2014-04-14 15:07 . 2014-04-08 20:51 251392 ----a-w- c:\windows\system32\xvidvfw.dll
2014-04-14 15:07 . 2014-04-08 20:51 706048 ----a-w- c:\windows\system32\xvidcore.dll
2014-04-14 15:07 . 2014-04-08 20:50 147456 ----a-w- c:\windows\SysWow64\xvid.ax
2014-04-14 15:07 . 2014-04-08 20:50 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2014-04-14 15:07 . 2014-04-08 20:50 632320 ----a-w- c:\windows\SysWow64\xvidcore.dll
2014-04-14 15:07 . 2014-04-14 15:07 -------- d-----w- c:\program files (x86)\Xvid
2014-04-14 15:02 . 2014-04-27 01:49 -------- d-----w- C:\shimmy
2014-04-14 14:45 . 2014-04-25 19:44 -------- d-----w- C:\Downloads
2014-04-14 14:44 . 2014-04-14 14:44 -------- d-----w- c:\users\Tom\AppData\Roaming\BitSpirit
2014-04-10 07:38 . 2014-04-10 07:38 -------- d-----w- c:\users\Tom\AppData\Local\CrashRpt
2014-04-10 07:38 . 2014-04-10 07:38 -------- d-----w- c:\programdata\RegClean
2014-04-10 07:35 . 2014-04-10 07:35 -------- d-----w- c:\users\Tom\AppData\Roaming\Lavasoft
2014-04-10 07:18 . 2014-04-10 07:36 -------- d-----w- C:\AdwCleaner
2014-04-10 07:13 . 2014-04-10 07:13 -------- d-----w- c:\windows\ERUNT
2014-04-09 19:06 . 2014-04-09 19:06 -------- d-----w- C:\foto
2014-04-09 16:03 . 2014-04-09 16:03 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-04-09 16:03 . 2014-04-10 07:20 -------- d-----w- c:\program files (x86)\Spyware Terminator
2014-04-08 21:28 . 2014-04-08 21:39 -------- d-----w- c:\users\Tom\AppData\Roaming\My Battle for Middle-earth Files
2014-04-07 19:20 . 2014-04-07 19:21 -------- d-----w- C:\Minecraft mody
2014-04-05 12:20 . 2014-04-05 12:20 499712 ----a-w- c:\windows\SysWow64\phatk121016Pitcairnv1w256l4.bin
2014-04-04 12:51 . 2014-04-17 02:43 -------- d-----w- c:\users\Tom\AppData\Roaming\.minecraft
2014-04-03 18:13 . 2014-04-03 18:13 -------- d-----w- c:\users\Tom\AppData\Roaming\logs
2014-04-03 17:49 . 2014-04-05 21:19 -------- d-----w- C:\mc server
2014-04-03 17:02 . 2014-04-03 17:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-03 16:30 . 2014-04-03 16:30 -------- d-----w- c:\program files\Mozilla Firefox
2014-04-02 13:08 . 2014-04-02 13:08 -------- d-----w- c:\windows\jre
2014-04-02 13:08 . 2014-04-02 13:08 -------- d--h--w- c:\program files (x86)\Zero G Registry
2014-04-02 13:07 . 2014-04-02 13:07 -------- d--h--w- c:\users\Tom\InstallAnywhere
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 01:24 . 2013-08-08 17:35 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-02 01:24 . 2013-08-08 16:24 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-02 00:58 . 2013-08-08 16:24 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-29 11:36 . 2013-06-30 13:55 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 11:36 . 2013-06-18 20:34 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-07 19:21 . 2014-04-07 19:21 33428759 ----a-w- C:\Minecraft mody.zip
2014-03-27 06:04 . 2013-06-17 12:18 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-03-27 06:04 . 2013-06-17 12:18 25640 ----a-w- c:\windows\gdrv.sys
2014-03-20 18:17 . 2014-03-20 18:17 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2014-03-18 23:32 . 2013-06-17 12:44 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 15:08 . 2014-03-13 15:08 25640 ----a-w- c:\windows\etdrv.sys
2014-03-11 07:52 . 2013-01-20 13:59 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:17 . 2014-04-09 13:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-21 14:59 . 2013-07-17 10:03 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-07 21:51 . 2014-02-07 21:51 260 ----a-w- c:\users\Tom\AppData\Roaming\Civ5Network.bin
2014-02-07 01:23 . 2014-03-14 12:06 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-14 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 12:06 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 12:06 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}]
2014-01-31 00:13 427520 ----a-w- c:\programdata\BlocckUTuboeAd\4LgrQmtUV.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-01-23 866584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GamingMouseEditor"="c:\program files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" [2012-08-17 3333120]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"icq"="c:\users\Tom\AppData\Roaming\ICQM\icq.exe" [2013-06-17 28682088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]
"Nástroj WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSStp"="c:\windows\inf\msstp.vbe" [2014-03-05 1584]
"mncvkyolaSrv"="c:\windows\system32\mncvkyola.vbe" [2014-03-05 7670]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe -minimize [2013-9-13 526336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe;d:\program files\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVerRECentral;AVerRECentral;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [x]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;d:\program files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe;d:\program files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVer330;AVer330;c:\windows\system32\DRIVERS\AVer330.sys;c:\windows\SYSNATIVE\DRIVERS\AVer330.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-28 18:03 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 11:36]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 12:31]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 12:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}]
2014-01-31 00:13 476160 ----a-w- c:\programdata\BlocckUTuboeAd\4LgrQmtUV.x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"AdAwareTray"="d:\program files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" [2014-01-23 4114264]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ymbjrnc.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-BattlEye for A2 - c:\hry\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Borderlands 2 - d:\hry\Borderlands 2\Uninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-FixMyRegistry - c:\program files (x86)\SmartTweak\FixMyRegistry\uninst.exe
AddRemove-Minecraft 1.7.2 1.00 - c:\users\Tom\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-strife - d:\hry\Strife\uninstall.exe
AddRemove-{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1 - d:\hry\WarThunderDev\unins000.exe
AddRemove-BitMinter Client - c:\windows\system32\javaws.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3404850598-2521911625-2363163390-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,9f,65,bc,bc,21,6e,84,68,ee,16,9c,de,39,32,48,f6,23,02,12,52,8d,fc,
c0,bb,a5,9d,db,ec,fe,81,46,8d,14,c8,7d,c0,f7,b8,06,99,92,24,28,53,10,2d,95,\
"??"=hex:89,27,f1,57,ca,b0,af,4e,91,94,98,19,de,e3,45,7b
.
[HKEY_USERS\S-1-5-21-3404850598-2521911625-2363163390-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,72,87,64,e5,86,9a,11,91,dd,2f,a7,67,15,b7,53,df,50,1f,94,89,
20,1e,0d,3b,49,74,88,c0,0e,28,6c,08,25,4c,b1,d8,3e,c9,62,77,f7,3a,e6,16,4f,\
"rkeysecu"=hex:fb,2d,06,d9,39,bf,a8,2d,ce,8c,e4,da,eb,0e,16,56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
d:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
d:\program files\WMware Player\vmware-authd.exe
c:\program files\LOLReplay\LOLRecorder.exe
c:\windows\SysWOW64\WScript.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Celkový čas: 2014-05-02 08:17:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-02 06:17
.
Před spuštěním: Volných bajtů: 11 068 588 032
Po spuštění: Volných bajtů: 11 435 642 880
.
- - End Of File - - A9A72F7CBC911EA6D5FF5BEFCB67694D

AdwCleaner

# AdwCleaner v3.205 - Report created 02/05/2014 at 08:36:02
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ymbjrnc.default\prefs.js ]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=1565&r=2014/01/21&hid=16959463485068646480&lg=EN&cc=CZ&unqvl=46
Deleted [Search Provider] : hxxp://anidb.net/perl-bin/animedb.pl?show=animelist&adb.search={searchTerms}&do.search=search

*************************

AdwCleaner[R0].txt - [6903 octets] - [10/04/2014 09:18:25]
AdwCleaner[R1].txt - [1257 octets] - [10/04/2014 09:36:16]
AdwCleaner[R2].txt - [1942 octets] - [02/05/2014 08:32:35]
AdwCleaner[S0].txt - [6603 octets] - [10/04/2014 09:19:17]
AdwCleaner[S1].txt - [1245 octets] - [10/04/2014 09:36:52]
AdwCleaner[S2].txt - [2149 octets] - [02/05/2014 08:36:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2209 octets] ##########

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Tom on p 02.05.2014 at 8:37:41,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 02.05.2014 at 8:40:57,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#2 Příspěvek od **JaRon** » 02 kvě 2014 08:00

ahoj,
poucenia si si precital a napriek tomu su CF pouzil

no nic, jeho log nebudem ani pozerat - zacbneme na cistej luke

odinstaluj:
AV: Ad-Aware Antivirus
AV: Microsoft Security Essentials
nainstaluj MBAM - spust kompletnu kontrolu - log vloz

Tom77 · #3 Příspěvek od **Tom77** » 02 kvě 2014 08:17

Děkuji za rychlou odpověď. Oba antiviry jsem odinstaloval. Log od MBAM přikládám. Reklamy stále vyskakují

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/02 09:09:27 +0200</date>
<log>mbam-log-2014-05-02 (09-04-43).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.02.03</rules-database>
<swissarmy-database>v2014.03.27.01</swissarmy-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Tom</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>355596</objects>
<time>281</time>
<processes>0</processes>
<modules>0</modules>
<keys>15</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>26</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\BloockUTubeAed.BloockUTubeAed</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\BloockUTubeAed.BloockUTubeAed.3.2</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\BloockUTubeAed.BloockUTubeAed</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\BloockUTubeAed.BloockUTubeAed.3.2</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKU\S-1-5-21-3404850598-2521911625-2363163390-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKU\S-1-5-21-3404850598-2521911625-2363163390-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{BA88EE03-E964-4232-E85D-0B2DC2503D4E}\INPROCSERVER32</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CB59E2C0-06A6-D3B1-5C99-240E857075D2}</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>dbc069e3f5869b9bdb5b16318b7614ec</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Apps Hat</path><vendor>PUP.Optional.AppsHat.A</vendor><action>success</action><hash>d4c76ddfb0cb83b3968d7b07cc3658a8</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>MSStp</valuename><vendor>Trojan.Agent.SCR</vendor><action>success</action><valuedata>C:\Windows\inf\msstp.vbe</valuedata><hash>3e5d9cb06e0dd3639d94195e8a786d93</hash></value>
<file><path>C:\ProgramData\BlocckUTuboeAd\4LgrQmtUV.x64.dll</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></file>
<file><path>C:\ProgramData\BlocckUTuboeAd\4LgrQmtUV.dll</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>6833fd4f0c6fe35368ce0e3924dd2dd3</hash></file>
<file><path>C:\ProgramData\BlocckUTuboeAd\4LgrQmtUV.exe</path><vendor>PUP.Optional.MultiPlug.A</vendor><action>success</action><hash>dbc069e3f5869b9bdb5b16318b7614ec</hash></file>
<file><path>C:\Windows\SysWOW64\acumncvkyola.exe</path><vendor>PUP.Optional.Bitcoin</vendor><action>success</action><hash>0a9119334d2e9c9a27798beab74a29d7</hash></file>
<file><path>C:\Windows\SysWOW64\dcgmncvkyola.exe</path><vendor>Trojan.BitMiner</vendor><action>success</action><hash>5f3ca8a4d8a378bec5da33531be641bf</hash></file>
<file><path>C:\Windows\SysWOW64\lcpmncvkyola.exe</path><vendor>PUP.BitCoinMiner</vendor><action>success</action><hash>455649035e1d61d5a04a24e69f621de3</hash></file>
<file><path>C:\Users\Tom\Downloads\Download (1).exe</path><vendor>PUP.Optional.Installex</vendor><action>success</action><hash>b4e72b21dd9e9e9810543323827f758b</hash></file>
<file><path>C:\Users\Tom\Downloads\Download (2).exe</path><vendor>PUP.Optional.Installex</vendor><action>success</action><hash>afeceb61ea91f343db8994c26c95f50b</hash></file>
<file><path>C:\Users\Tom\Downloads\Download.exe</path><vendor>PUP.Optional.InstalleRex</vendor><action>success</action><hash>bcdfbd8fb9c2b28421fc779e27da6b95</hash></file>
<file><path>C:\Users\Tom\Downloads\StarDock---Object-dock-Plus-+-keygen.zip</path><vendor>Trojan.Downloader</vendor><action>success</action><hash>3566123a07744beb8bbf9ab3c93729d7</hash></file>
<file><path>C:\Users\Tom\Downloads\Stardock-ObjectDock-Plus+keygen.rar</path><vendor>Trojan.Downloader</vendor><action>success</action><hash>702bc58722592412b298a7a6b05036ca</hash></file>
<file><path>C:\Users\Tom\Downloads\MediaInfo_Windows-setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>1e7d27259dde45f1436882d803014fb1</hash></file>
<file><path>C:\Users\Tom\Downloads\Game Of Thrones S01 Season 1 1 Downloader__3687_i582647609_il2380811.exe</path><vendor>PUP.Optional.Amonetize.A</vendor><action>success</action><hash>f3a8b59796e52016a7b517254db36799</hash></file>
<file><path>C:\Users\Tom\Downloads\Game Of Thrones S01 Season 1 1 Downloader__3687_i582647800_il2380811.exe</path><vendor>PUP.Optional.Amonetize.A</vendor><action>success</action><hash>84173a1246352f073c20fc40847c966a</hash></file>
<file><path>C:\Users\Tom\Downloads\xfire_installer_46025.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>cecdae9ebcbfa98d06a5e97117edde22</hash></file>
<file><path>C:\Users\Tom\Downloads\DTLite-setup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>e3b8123a8cefaa8c8e1de07aa2629a66</hash></file>
<file><path>C:\Users\Tom\Downloads\attsetup.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>702b4705c7b4b87e4d5efe5cb35134cc</hash></file>
<file><path>C:\Users\Tom\Downloads\attsetupb.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>e3b8fa52027995a1bdeebc9eaf5504fc</hash></file>
<file><path>C:\Users\Tom\Downloads\Tecknic_Launcher_downloader-dZqdF11L.exe</path><vendor>PUP.Optional.Somoto.A</vendor><action>success</action><hash>15869dafadceb2846ca6bb5401036a96</hash></file>
<file><path>C:\Users\Tom\Downloads\Tecknic_Launcher_downloader-efl9L9j7.exe</path><vendor>PUP.Optional.Somoto.A</vendor><action>success</action><hash>a5f6ba92fe7d76c0a36f0807867e07f9</hash></file>
<file><path>C:\Users\Tom\Downloads\D-manComplete_downloader-8NPBuRem.exe</path><vendor>PUP.Optional.Somoto</vendor><action>success</action><hash>405ba4a8a5d6cd690879209e3bc8eb15</hash></file>
<file><path>C:\Users\Tom\Downloads\iMeshSetup-r1012-n-bc.exe</path><vendor>PUP.Optional.Bandoo.A</vendor><action>success</action><hash>faa1420a32493006b9bcf6346f92fe02</hash></file>
<file><path>C:\Users\Tom\Downloads\winamp564_full_emusic-7plus_all.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>851682ca0c6fe3536a41ef6baa5a31cf</hash></file>
<file><path>C:\Users\Tom\Downloads\bsplayer-setup.exe</path><vendor>PUP.Optional.Conduit</vendor><action>success</action><hash>13880b41cead80b695c4ff610afa9a66</hash></file>
<file><path>C:\Users\Tom\Downloads\SkypeSetup-fdu.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>b0eb5def04775fd7a00b481223e18977</hash></file>
<file><path>C:\Windows\inf\msstp.vbe</path><vendor>Trojan.Agent.SCR</vendor><action>success</action><hash>3e5d9cb06e0dd3639d94195e8a786d93</hash></file>
</items>
</mbam-log>

#4 Příspěvek od **JaRon** » 02 kvě 2014 08:22

nuz vsetko najdene nechaj v MBAM odstranit - restart - zopakuj kontrolu a ak nic nenajde vloz log RSIT a budeme pokracovat

Tom77 · #5 Příspěvek od **Tom77** » 02 kvě 2014 08:36

MBAM již znovu nic nenašel. RSIT při prvním spuštění přestal pracovat, ale napodruhý se již spustil v pohodě.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tom at 2014-05-02 09:34:24
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 11 GB (5%) free of 244 GB
Total RAM: 8153 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:25, on 2.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
C:\Users\Tom\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Hry\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [Nástroj WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mncvkyolaSrv] C:\Windows\system32\mncvkyola.vbe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GamingMouseEditor] "C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" Minimum
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [icq] C:\Users\Tom\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKUS\S-1-5-21-3404850598-2521911625-2363163390-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-3404850598-2521911625-2363163390-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Tom\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Tom\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVerRECentral - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - D:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\WMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15439 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe"
"C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe"
\??\C:\Windows\system32\conhost.exe "-1745694261-787797289549385467-49466829812718877967318239271136508805-634643948
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe"
"C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
atieclxx
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"D:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"D:\Program Files\WMware Player\vmware-authd.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" Minimum
"C:\Users\Tom\AppData\Roaming\ICQM\icq.exe" -CU
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files\LOLReplay\LOLRecorder.exe" -minimize
"C:\Program Files\Rainmeter\Rainmeter.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
"C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
"C:\Program Files\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4468.0.1291138569\509098912" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=0x1002 --gpu-device-id=0x6818 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.104.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.2.2018242845\672589509" /prefetch:673131151
taskeng.exe {6B20C5EE-24BB-4CFD-8F3C-7CABC3D4AAF0}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4100 series#1374006820" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.4.768899660\1642855697" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4468.5.217416459\1340478407" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.6.1060558926\1498335423" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.10.1321776354\1109656388" /prefetch:673131151
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.12.1777640629\1206259997" /prefetch:673131151
"C:\Hry\Steam\Steam.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.14.1767812169\1211898030" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.16.883125120\1823075726" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.18.547207702\575096657" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.20.2014539986\945045987" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.23.1113082774\1891347321" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.25.1237218252\7422382" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/ManagedModeLaunch/Active/Prerender/Prerender15minTTL/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4468.27.1601272298\536229305" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Tom\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ymbjrnc.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-01-23 866584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"GamingMouseEditor"=C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe [2012-08-17 3333120]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"icq"=C:\Users\Tom\AppData\Roaming\ICQM\icq.exe [2013-06-17 28682088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
C:\Program Files\ATI Tray Tools\atitray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry]
C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
C:\Users\Tom\AppData\Roaming\ICQM\icq.exe [2013-06-17 28682088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-04-15 3814736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
D:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-12-20 5179880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server]
D:\Program Files\Plex Media Server\Plex Media Server.exe [2013-06-03 3997832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Link]
D:\Program Files\Samsung Link\utils\Samsung Link Launcher.exe [2013-05-09 407384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20922016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Hry\Steam\steam.exe [2014-04-24 1825984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]
D:\Program Files\WhatPulse2\whatpulse.exe [2013-12-11 3126272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk]
C:\Users\Tom\AppData\Roaming\GAMERA~1\GAMERA~2\GAMERA~1.EXE [2014-04-29 1800352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Psi.lnk]
C:\PROGRA~1\Psi\Psi.exe [2012-10-04 7033344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
C:\PROGRA~1\Trillian\trillian.exe [2011-12-15 2362720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-03-28 642656]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Nástroj WD Drive Unlocker"=C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-09-06 1688008]
"Nástroj WD Quick View"=C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [2012-09-19 5236664]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"mncvkyolaSrv"=C:\Windows\system32\mncvkyola.vbe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe

C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2014-05-02 09:32:47 ----D---- C:\Program Files\trend micro
2014-05-02 09:32:46 ----D---- C:\rsit
2014-05-02 09:04:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 09:04:06 ----D---- C:\ProgramData\Malwarebytes
2014-05-02 09:04:06 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 09:04:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-05-02 09:04:06 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-02 09:04:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-02 08:32:49 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-05-02 08:25:58 ----A---- C:\AVScanner.ini
2014-05-02 08:17:08 ----A---- C:\ComboFix.txt
2014-05-02 08:16:03 ----D---- C:\$RECYCLE.BIN
2014-05-02 08:08:50 ----A---- C:\Windows\zip.exe
2014-05-02 08:08:50 ----A---- C:\Windows\SWSC.exe
2014-05-02 08:08:50 ----A---- C:\Windows\SWREG.exe
2014-05-02 08:08:50 ----A---- C:\Windows\sed.exe
2014-05-02 08:08:50 ----A---- C:\Windows\PEV.exe
2014-05-02 08:08:50 ----A---- C:\Windows\NIRCMD.exe
2014-05-02 08:08:50 ----A---- C:\Windows\MBR.exe
2014-05-02 08:08:50 ----A---- C:\Windows\grep.exe
2014-05-02 08:08:48 ----AD---- C:\Qoobox
2014-05-02 08:08:42 ----D---- C:\Windows\erdnt
2014-04-20 23:37:37 ----D---- C:\Program Files\BitSpirit
2014-04-16 14:38:34 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-04-16 00:32:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-16 00:32:46 ----A---- C:\Windows\system32\ieui.dll
2014-04-16 00:32:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-16 00:32:45 ----A---- C:\Windows\system32\vbscript.dll
2014-04-16 00:32:42 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-16 00:32:42 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-16 00:32:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-16 00:32:42 ----A---- C:\Windows\system32\iernonce.dll
2014-04-16 00:32:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-16 00:32:42 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-16 00:32:41 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\msrating.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-16 00:32:41 ----A---- C:\Windows\system32\iesetup.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-16 00:32:41 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-16 00:32:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-16 00:32:40 ----A---- C:\Windows\system32\mshtml.dll
2014-04-16 00:32:39 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-16 00:32:39 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-16 00:32:39 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-16 00:32:39 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-16 00:32:39 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-16 00:32:39 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-16 00:32:39 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-16 00:32:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-16 00:32:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-16 00:32:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-16 00:32:38 ----A---- C:\Windows\system32\wininet.dll
2014-04-16 00:32:38 ----A---- C:\Windows\system32\urlmon.dll
2014-04-16 00:32:38 ----A---- C:\Windows\system32\iertutil.dll
2014-04-16 00:32:38 ----A---- C:\Windows\system32\ieframe.dll
2014-04-16 00:32:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-16 00:32:37 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-16 00:32:37 ----A---- C:\Windows\system32\jscript9.dll
2014-04-16 00:32:36 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-14 17:58:27 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2014-04-14 17:50:12 ----SHD---- C:\Windows\ftpcache
2014-04-14 17:22:59 ----D---- C:\Program Files (x86)\MP4 Converter
2014-04-14 17:18:38 ----D---- C:\Users\Tom\AppData\Roaming\Sony Creative Software Inc
2014-04-14 17:07:30 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2014-04-14 17:07:30 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2014-04-14 17:07:30 ----A---- C:\Windows\system32\xvidvfw.dll
2014-04-14 17:07:30 ----A---- C:\Windows\system32\xvidcore.dll
2014-04-14 17:07:27 ----D---- C:\Program Files (x86)\Xvid
2014-04-14 17:02:22 ----D---- C:\shimmy
2014-04-14 16:45:41 ----D---- C:\Downloads
2014-04-14 16:44:30 ----D---- C:\Users\Tom\AppData\Roaming\BitSpirit
2014-04-10 09:38:10 ----D---- C:\ProgramData\RegClean
2014-04-10 09:18:21 ----D---- C:\AdwCleaner
2014-04-10 09:13:49 ----D---- C:\Windows\ERUNT
2014-04-09 21:06:15 ----D---- C:\foto
2014-04-09 18:03:20 ----A---- C:\Windows\system32\drivers\stflt.sys
2014-04-09 18:03:16 ----D---- C:\Program Files (x86)\Spyware Terminator
2014-04-09 15:23:12 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-09 15:23:12 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-09 15:23:12 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-09 15:23:12 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 15:23:12 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-09 15:23:11 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-09 15:23:11 ----A---- C:\Windows\system32\wow64win.dll
2014-04-09 15:23:11 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-09 15:23:11 ----A---- C:\Windows\system32\wow64.dll
2014-04-09 15:23:11 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-09 15:23:11 ----A---- C:\Windows\system32\kernel32.dll
2014-04-09 15:23:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-08 23:28:46 ----D---- C:\Users\Tom\AppData\Roaming\My Battle for Middle-earth Files
2014-04-07 21:20:43 ----D---- C:\Minecraft mody
2014-04-04 14:51:41 ----D---- C:\Users\Tom\AppData\Roaming\.minecraft
2014-04-04 14:38:41 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-04-04 14:38:41 ----D---- C:\Program Files (x86)\Minecraft 1.7.2 warez Launcher
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\zlib1.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\ssleay32.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\pthreadVC2.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\pthreadGC2.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\libssh2.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\librtmp.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\libidn-11.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\libeay32.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\libcurl-4.dll
2014-04-04 14:38:41 ----AS---- C:\Windows\SYSWOW64\cudart32_50_35.dll
2014-04-03 20:13:34 ----D---- C:\Users\Tom\AppData\Roaming\logs
2014-04-03 20:13:34 ----A---- C:\Users\Tom\AppData\Roaming\optionsshaders.txt
2014-04-03 20:13:34 ----A---- C:\Users\Tom\AppData\Roaming\optionsof.txt
2014-04-03 20:13:34 ----A---- C:\Users\Tom\AppData\Roaming\options.txt
2014-04-03 20:13:34 ----A---- C:\Users\Tom\AppData\Roaming\launcher.jar
2014-04-03 19:49:10 ----D---- C:\mc server
2014-04-03 19:02:54 ----D---- C:\ProgramData\Mozilla
2014-04-03 19:02:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 18:30:43 ----D---- C:\Program Files\Mozilla Firefox
2014-04-02 15:08:42 ----D---- C:\Windows\jre
2014-04-02 15:08:02 ----HD---- C:\Program Files (x86)\Zero G Registry
2014-04-01 17:56:30 ----ASH---- C:\pagefile.sys
2014-04-01 14:45:35 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-01 14:45:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-29 03:38:15 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2014-03-24 23:04:40 ----D---- C:\ProgramData\RELOADED
2014-03-20 20:17:56 ----A---- C:\Windows\SYSWOW64\CmdLineExt03.dll
2014-03-20 20:13:01 ----A---- C:\Program Files (x86)\Readme.txt
2014-03-20 20:13:01 ----A---- C:\Program Files (x86)\EULA.txt
2014-03-14 15:27:19 ----D---- C:\Users\Tom\AppData\Roaming\LavasoftStatistics
2014-03-14 14:58:28 ----D---- C:\ProgramData\Lavasoft
2014-03-14 14:06:45 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-03-14 14:06:45 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-14 14:06:45 ----A---- C:\Windows\system32\win32k.sys
2014-03-14 14:06:45 ----A---- C:\Windows\system32\wer.dll
2014-03-14 14:06:16 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-03-14 14:06:16 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-03-14 14:06:16 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-14 14:06:16 ----A---- C:\Windows\system32\qedit.dll
2014-03-13 20:55:13 ----D---- C:\Users\Tom\AppData\Roaming\NBOS
2014-03-13 20:55:06 ----D---- C:\Program File
2014-03-13 17:08:55 ----A---- C:\Windows\etdrv.sys
2014-03-12 13:00:07 ----RD---- C:\Program Files (x86)\Skype
2014-03-10 11:53:31 ----D---- C:\Users\Tom\AppData\Roaming\Seeing Machines
2014-03-10 11:53:31 ----D---- C:\ProgramData\Seeing Machines
2014-03-10 11:50:43 ----D---- C:\Program Files (x86)\NaturalPoint
2014-03-10 11:47:42 ----A---- C:\Windows\system32\drivers\vjoy.sys
2014-03-07 03:09:39 ----D---- C:\Users\Tom\AppData\Roaming\OpenOffice
2014-03-07 03:09:06 ----D---- C:\Program Files (x86)\OpenOffice 4
2014-03-01 18:16:11 ----D---- C:\Users\Tom\AppData\Roaming\Seznam.cz
2014-03-01 18:11:24 ----D---- C:\Users\Tom\AppData\Roaming\.technic
2014-02-28 01:27:36 ----D---- C:\Windows\Migration
2014-02-16 20:53:38 ----D---- C:\Users\Tom\AppData\Roaming\WizardWars
2014-02-12 13:23:00 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 13:23:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 13:23:00 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 13:23:00 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 13:22:57 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 13:22:57 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 13:22:57 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 13:22:57 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 13:22:57 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 13:22:57 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 13:22:57 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 13:22:57 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 13:22:57 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 13:22:57 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 13:22:57 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 13:22:57 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 13:22:56 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 13:22:56 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 13:22:56 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 13:22:56 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 13:22:56 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 13:22:56 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 13:22:50 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 13:22:50 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 13:22:50 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 13:22:50 ----A---- C:\Windows\system32\d2d1.dll
2014-02-08 00:03:15 ----A---- C:\Users\Tom\AppData\Roaming\Civ5Launcher.ini
2014-02-07 23:51:05 ----D---- C:\Program Files\OpenVPN
2014-02-07 23:50:42 ----D---- C:\Program Files\TAP-Windows
2014-02-07 23:50:41 ----D---- C:\Program Files (x86)\OpenVPN
2014-02-07 23:17:04 ----D---- C:\Users\Tom\AppData\Roaming\uTorrent
2014-02-04 08:41:36 ----D---- C:\Users\Tom\AppData\Roaming\RIFT
2014-02-04 00:44:45 ----D---- C:\Program Files\Rainmeter
2014-02-03 14:29:27 ----D---- C:\Users\Tom\AppData\Roaming\Bitcoin
2014-02-03 14:29:01 ----D---- C:\Program Files\Bitcoin

======List of files/folders modified in the last 3 months======

2014-05-02 09:34:25 ----D---- C:\Windows\Temp
2014-05-02 09:32:47 ----RD---- C:\Program Files
2014-05-02 09:23:45 ----D---- C:\Windows\system32\config
2014-05-02 09:21:56 ----D---- C:\Users\Tom\AppData\Roaming\Skype
2014-05-02 09:18:54 ----D---- C:\ProgramData\PMB Files
2014-05-02 09:16:55 ----D---- C:\Windows\System32
2014-05-02 09:16:55 ----D---- C:\Windows\inf
2014-05-02 09:16:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-02 09:12:38 ----A---- C:\Windows\SYSWOW64\log.txt
2014-05-02 09:10:36 ----D---- C:\ProgramData\VMware
2014-05-02 09:10:28 ----D---- C:\Windows\system32\drivers
2014-05-02 09:10:28 ----D---- C:\Windows\ShellNew
2014-05-02 09:09:28 ----D---- C:\Windows\SysWOW64
2014-05-02 09:09:28 ----D---- C:\ProgramData\BlocckUTuboeAd
2014-05-02 09:04:06 ----RD---- C:\Program Files (x86)
2014-05-02 09:04:06 ----D---- C:\ProgramData
2014-05-02 09:03:27 ----SHD---- C:\Windows\Installer
2014-05-02 09:03:27 ----D---- C:\Config.Msi
2014-05-02 08:27:13 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2014-05-02 08:26:45 ----D---- C:\Users\Tom\AppData\Roaming\DVDVideoSoft
2014-05-02 08:26:45 ----D---- C:\Program Files (x86)\Common Files
2014-05-02 08:26:44 ----RSD---- C:\Windows\assembly
2014-05-02 08:25:37 ----D---- C:\Program Files\Common Files
2014-05-02 08:25:36 ----SHD---- C:\System Volume Information
2014-05-02 08:16:33 ----D---- C:\Windows\system32\Tasks
2014-05-02 08:16:32 ----D---- C:\Windows\Tasks
2014-05-02 08:16:06 ----N---- C:\Windows\system.ini
2014-05-02 08:16:06 ----D---- C:\Windows
2014-05-02 08:16:02 ----D---- C:\Windows\system32\drivers\etc
2014-05-02 08:11:32 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-02 08:11:32 ----D---- C:\Windows\AppPatch
2014-05-02 04:43:21 ----D---- C:\Users\Tom\AppData\Roaming\TS3Client
2014-05-02 03:24:55 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-05-01 22:43:42 ----D---- C:\Program Files (x86)\osu!
2014-05-01 19:28:36 ----D---- C:\Users\Tom\AppData\Roaming\vlc
2014-05-01 02:16:31 ----D---- C:\ProgramData\Tunngle
2014-05-01 02:16:30 ----D---- C:\Users\Tom\AppData\Roaming\Tunngle
2014-04-29 13:36:44 ----D---- C:\Program Files\The KMPlayer
2014-04-29 13:36:44 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-28 22:32:18 ----D---- C:\Windows\pss
2014-04-26 22:44:22 ----D---- C:\Users\Tom\AppData\Roaming\Awesomium
2014-04-22 23:43:51 ----D---- C:\Windows\system32\drivers\UMDF
2014-04-20 23:36:46 ----D---- C:\Users\Tom\AppData\Roaming\BitTorrent
2014-04-18 07:39:13 ----D---- C:\Windows\rescache
2014-04-18 07:02:39 ----D---- C:\Windows\system32\catroot2
2014-04-18 02:15:37 ----D---- C:\icons
2014-04-16 23:46:20 ----D---- C:\ProgramData\Media Center Programs
2014-04-16 14:38:02 ----D---- C:\Windows\winsxs
2014-04-16 14:37:39 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-16 14:37:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-16 14:37:39 ----D---- C:\Windows\system32\en-US
2014-04-16 14:37:39 ----D---- C:\Windows\system32\cs-CZ
2014-04-16 14:37:39 ----D---- C:\Windows\PolicyDefinitions
2014-04-16 14:37:39 ----D---- C:\Program Files\Internet Explorer
2014-04-16 14:37:39 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-16 00:32:55 ----D---- C:\Windows\system32\catroot
2014-04-14 17:51:50 ----D---- C:\Hry
2014-04-10 09:18:25 ----D---- C:\ProgramData\ba6a7f9d21bcaf64
2014-04-10 08:45:01 ----D---- C:\Windows\system32\DriverStore
2014-04-10 00:40:03 ----D---- C:\ProgramData\Microsoft Help
2014-04-09 20:06:04 ----SD---- C:\Users\Tom\AppData\Roaming\Microsoft
2014-04-03 14:27:24 ----D---- C:\Users\Tom\AppData\Roaming\Audacity
2014-04-02 19:51:06 ----D---- C:\ProgramData\Elder Scrolls Online
2014-03-29 03:40:12 ----D---- C:\Windows\Logs
2014-03-19 01:34:18 ----D---- C:\Windows\system32\MRT
2014-03-19 01:32:59 ----A---- C:\Windows\system32\MRT.exe
2014-03-12 13:00:11 ----D---- C:\ProgramData\Skype
2014-03-07 03:09:12 ----RSD---- C:\Windows\Fonts
2014-03-05 15:52:00 ----D---- C:\Windows\Microsoft.NET
2014-03-01 04:00:45 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-02-28 01:27:36 ----SD---- C:\ProgramData\Microsoft
2014-02-20 11:47:21 ----D---- C:\ProgramData\InstallMate
2014-02-13 14:25:04 ----D---- C:\Users\Tom\AppData\Roaming\OBS
2014-02-13 01:40:29 ----A---- C:\Windows\win.ini
2014-02-07 23:51:26 ----D---- C:\Windows\SYSWOW64\directx
2014-02-04 00:55:31 ----D---- C:\Users\Tom\AppData\Roaming\Rainmeter

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2012-10-24 70296]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2012-10-25 22680]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-20 283200]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-12-11 314016]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-10-11 52376]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-12-11 43680]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2013-02-26 45720]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2013-02-26 30800]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2013-02-26 67664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
R3 AVer330;AVer330; C:\Windows\system32\DRIVERS\AVer330.sys [2013-06-05 1503744]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-07-18 358896]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-07-18 795632]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-04-03 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-02 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-04-03 63192]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-02-08 36736]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 vhidmini;VJoy Virtual Joystick; C:\Windows\system32\DRIVERS\vjoy.sys [2012-10-15 15104]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2013-02-26 33360]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2013-02-26 20120]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2014-03-13 25640]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-03-27 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2014-03-27 30528]
S3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-12-02 239208]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2012-09-06 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AllShare Framework DMS;AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [2013-05-03 405896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 AVerRECentral;AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [2013-05-09 355840]
R2 AVerUpdateServer;AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-10-31 167936]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-04-15 2227536]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-08 377616]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; D:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [2012-12-20 518632]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-04 76888]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 VMAuthdService;VMware Authorization Service; D:\Program Files\WMware Player\vmware-authd.exe [2013-02-26 87120]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2013-02-26 357456]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2013-02-26 436304]
R2 WDBackup;WD Backup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-19 1157056]
R2 WDDriveService;WD Drive Manager; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-06 248248]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 257712]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-06-18 49152]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 116648]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-04-03 119408]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2013-08-08 34520]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-25 568512]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TunngleService;TunngleService; D:\Program Files\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-17 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#6 Příspěvek od **JaRon** » 02 kvě 2014 09:52

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mncvkyolaSrv"=-

File::
C:\Windows\system32\mncvkyola.vbe

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

Tom77 · #7 Příspěvek od **Tom77** » 02 kvě 2014 15:04

Zde je log

ComboFix 14-04-30.01 - Tom 02.05.2014 15:58:01.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8153.6352 [GMT 2:00]
Spuštěný z: c:\users\Tom\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tom\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\mncvkyola.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\background.html
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\content.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\lsdb.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\manifest.json
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmdjbiceagbmomlmanlmfokhocllcfk\3.2_0\nXAaTet0VOD.js
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efmdjbiceagbmomlmanlmfokhocllcfk_0.localstorage-journal
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efmdjbiceagbmomlmanlmfokhocllcfk_0.localstorage
c:\users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-02 do 2014-05-02 )))))))))))))))))))))))))))))))
.
.
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-02 14:01 . 2014-05-02 14:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-02 13:55 . 2014-05-02 13:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5E99E4D-D97E-4FC0-84ED-6C8BBAFDE648}\offreg.dll
2014-05-02 09:19 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5E99E4D-D97E-4FC0-84ED-6C8BBAFDE648}\mpengine.dll
2014-05-02 07:32 . 2014-05-02 07:34 -------- d-----w- c:\program files\trend micro
2014-05-02 07:32 . 2014-05-02 07:34 -------- d-----w- C:\rsit
2014-05-02 07:04 . 2014-05-02 11:52 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-02 07:04 . 2014-05-02 07:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-02 07:04 . 2014-05-02 07:04 -------- d-----w- c:\programdata\Malwarebytes
2014-05-02 07:04 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-02 07:04 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-02 07:04 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 06:32 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-20 21:37 . 2014-04-20 21:37 -------- d-----w- c:\program files (x86)\Common Files\BitSpirit
2014-04-20 21:37 . 2014-04-20 21:37 -------- d-----w- c:\program files\BitSpirit
2014-04-16 12:39 . 2014-04-16 12:39 -------- d-sh--w- c:\users\Tom\AppData\Local\EmieUserList
2014-04-16 12:39 . 2014-04-16 12:39 -------- d-sh--w- c:\users\Tom\AppData\Local\EmieSiteList
2014-04-16 12:38 . 2014-04-16 12:38 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-04-14 15:58 . 2014-04-14 15:58 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2014-04-14 15:50 . 2014-04-14 15:50 -------- d-sh--w- c:\windows\ftpcache
2014-04-14 15:22 . 2014-04-14 15:22 -------- d-----w- c:\program files (x86)\MP4 Converter
2014-04-14 15:18 . 2014-04-14 15:18 -------- d-----w- c:\users\Tom\AppData\Roaming\Sony Creative Software Inc
2014-04-14 15:07 . 2014-04-08 20:51 169984 ----a-w- c:\windows\system32\xvid.ax
2014-04-14 15:07 . 2014-04-08 20:51 251392 ----a-w- c:\windows\system32\xvidvfw.dll
2014-04-14 15:07 . 2014-04-08 20:51 706048 ----a-w- c:\windows\system32\xvidcore.dll
2014-04-14 15:07 . 2014-04-08 20:50 147456 ----a-w- c:\windows\SysWow64\xvid.ax
2014-04-14 15:07 . 2014-04-08 20:50 235520 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2014-04-14 15:07 . 2014-04-08 20:50 632320 ----a-w- c:\windows\SysWow64\xvidcore.dll
2014-04-14 15:07 . 2014-04-14 15:07 -------- d-----w- c:\program files (x86)\Xvid
2014-04-14 15:02 . 2014-04-27 01:49 -------- d-----w- C:\shimmy
2014-04-14 14:45 . 2014-04-25 19:44 -------- d-----w- C:\Downloads
2014-04-14 14:44 . 2014-04-14 14:44 -------- d-----w- c:\users\Tom\AppData\Roaming\BitSpirit
2014-04-10 07:38 . 2014-04-10 07:38 -------- d-----w- c:\users\Tom\AppData\Local\CrashRpt
2014-04-10 07:38 . 2014-04-10 07:38 -------- d-----w- c:\programdata\RegClean
2014-04-10 07:18 . 2014-05-02 06:36 -------- d-----w- C:\AdwCleaner
2014-04-10 07:13 . 2014-04-10 07:13 -------- d-----w- c:\windows\ERUNT
2014-04-09 19:06 . 2014-04-09 19:06 -------- d-----w- C:\foto
2014-04-09 16:03 . 2014-04-09 16:03 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-04-09 16:03 . 2014-04-10 07:20 -------- d-----w- c:\program files (x86)\Spyware Terminator
2014-04-08 21:28 . 2014-04-08 21:39 -------- d-----w- c:\users\Tom\AppData\Roaming\My Battle for Middle-earth Files
2014-04-07 19:20 . 2014-04-07 19:21 -------- d-----w- C:\Minecraft mody
2014-04-05 12:20 . 2014-04-05 12:20 499712 ----a-w- c:\windows\SysWow64\phatk121016Pitcairnv1w256l4.bin
2014-04-04 12:51 . 2014-04-17 02:43 -------- d-----w- c:\users\Tom\AppData\Roaming\.minecraft
2014-04-03 18:13 . 2014-04-03 18:13 -------- d-----w- c:\users\Tom\AppData\Roaming\logs
2014-04-03 17:49 . 2014-04-05 21:19 -------- d-----w- C:\mc server
2014-04-03 17:02 . 2014-04-03 17:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-04-03 16:30 . 2014-04-03 16:30 -------- d-----w- c:\program files\Mozilla Firefox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 01:24 . 2013-08-08 17:35 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-02 01:24 . 2013-08-08 16:24 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-02 00:58 . 2013-08-08 16:24 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-29 11:36 . 2013-06-30 13:55 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 11:36 . 2013-06-18 20:34 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-07 19:21 . 2014-04-07 19:21 33428759 ----a-w- C:\Minecraft mody.zip
2014-03-31 07:35 . 2013-06-17 13:04 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-27 06:04 . 2013-06-17 12:18 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-03-27 06:04 . 2013-06-17 12:18 25640 ----a-w- c:\windows\gdrv.sys
2014-03-20 18:17 . 2014-03-20 18:17 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2014-03-18 23:32 . 2013-06-17 12:44 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-13 15:08 . 2014-03-13 15:08 25640 ----a-w- c:\windows\etdrv.sys
2014-03-04 09:17 . 2014-04-09 13:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 21:51 . 2014-02-07 21:51 260 ----a-w- c:\users\Tom\AppData\Roaming\Civ5Network.bin
2014-02-07 01:23 . 2014-03-14 12:06 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-14 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 12:06 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 12:06 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-01-23 866584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GamingMouseEditor"="c:\program files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe" [2012-08-17 3333120]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"icq"="c:\users\Tom\AppData\Roaming\ICQM\icq.exe" [2013-06-17 28682088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]
"Nástroj WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe -minimize [2013-9-13 526336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe;d:\program files\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVerRECentral;AVerRECentral;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [x]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVer330;AVer330;c:\windows\system32\DRIVERS\AVer330.sys;c:\windows\SYSNATIVE\DRIVERS\AVer330.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-28 18:03 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 11:36]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 12:31]
.
2014-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17 12:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [BU]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Stáhnout pomocí &BitSpiritu - c:\program files\BitSpirit\bsurl.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\0ymbjrnc.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-BattlEye for A2 - c:\hry\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Borderlands 2 - d:\hry\Borderlands 2\Uninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Minecraft 1.7.2 1.00 - c:\users\Tom\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-strife - d:\hry\Strife\uninstall.exe
AddRemove-{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1 - d:\hry\WarThunderDev\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3404850598-2521911625-2363163390-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,9f,65,bc,bc,21,6e,84,68,ee,16,9c,de,39,32,48,f6,23,02,12,52,8d,fc,
c0,bb,a5,9d,db,ec,fe,81,46,8d,14,c8,7d,c0,f7,b8,06,99,92,24,28,53,10,2d,95,\
"??"=hex:89,27,f1,57,ca,b0,af,4e,91,94,98,19,de,e3,45,7b
.
[HKEY_USERS\S-1-5-21-3404850598-2521911625-2363163390-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,72,87,64,e5,86,9a,11,91,dd,2f,a7,67,15,b7,53,df,50,1f,94,89,
20,1e,0d,3b,49,74,88,c0,0e,28,6c,08,25,4c,b1,d8,3e,c9,62,77,f7,3a,e6,16,4f,\
"rkeysecu"=hex:fb,2d,06,d9,39,bf,a8,2d,ce,8c,e4,da,eb,0e,16,56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-02 16:02:09
ComboFix-quarantined-files.txt 2014-05-02 14:02
ComboFix2.txt 2014-05-02 06:17
.
Před spuštěním: Volných bajtů: 11 126 349 824
Po spuštění: Volných bajtů: 11 049 824 256
.
- - End Of File - - D4A27C90C602C64A75A21E68E6B60AD5

#8 Příspěvek od **JaRon** » 02 kvě 2014 18:38

1. premenuj ComboFix na Uninstall - a spust, prebehne odinstalacia
2. odinstaluj STerminator a SpyBot
3. nainstaluj nejaky dobry AV - vyber si v sekcii AV - doporucene a prescanuj PC

VIRY.CZ

Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen

Re: Reklamy v prohlížeči. Nic nepomáhá. Win32.Downloader.gen