Ještě dotaz po kontrole PC....

[Kronos]

Dobrý den,
prosím o konzultaci. Dne 2014-04-27 11:44:52 mi pomáhal s PC Roli, téma mělo názevProsím o kontrolu, nejsem si jistý...
PC se zdá být v pořádku, používám Google Chrome a stává se mi, že když kliknu na nějaký odkaz v mailu otevře se mi informace o výhře nebo dotazník na četnost využívání prohlížeče. V adresním řádku se na chvíli vepíše jen Sup a pak jsem přesměrovaný třeba na hxxp://2pfzz.promorewards.xxxtoe.eu/?sov=342567705&hid=dlfplrnprhhrdd&nodl=nodl&id=XNSX. (print screen v příloze). Takto se mi to nechovalo, je to chyba?
Díky

[motji]

Dobrý večer

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[Kronos]

Dobrý den,
log 1:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by pc on po 19.05.2014 at 16:31:59,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ivapnetint_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ivapnetint_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\snt"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 19.05.2014 at 16:35:09,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


a druhý log:

# AdwCleaner v3.209 - Report created 19/05/2014 at 16:37:02
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : pc - I53570K
# Running from : C:\Users\pc\Desktop\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Rightapp software
Folder Deleted : C:\ProgramData\savEa net

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=498&a ... earchTerms}
Deleted [Search Provider] : hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=377&r=2014/04/20&hid=8798020744573499418&lg=EN&cc=CZ&unqvl=51

*************************

AdwCleaner[R2].txt - [1199 octets] - [19/05/2014 16:36:25]
AdwCleaner[S1].txt - [1415 octets] - [19/05/2014 16:37:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1475 octets] ##########

[motji]

Jak to vypadá s pc teď? Poprosím o log z FRSTu.

[Kronos]

Zase mi to otevřelo při kliknutí na link v mailu z OKAY novou zálořku s názvem Survey 2014 a adresa je tam hxxp://munzz.promorewards.xxxtoe.eu/?sov=342567705&hid=dhpjpnltflndd&nodl=nodl&id=XNSX.

To mi dřív nedělalo.
Díky

[motji]

Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Kronos]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.5.2014
Scan Time: 19:52:46
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.20.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375819
Time Elapsed: 6 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{80D06299-2B4C-4860-AA8B-636E5B33406F}\Custom.dll, No Action By User, [c2e6d67d03783ef8c2e93113b64af709],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{C88EA9CD-8447-4B0F-A9E4-CC65136D8B3B}\Custom.dll, No Action By User, [2d7b044f48330e284b6087bd5aa6e61a],
Trojan.Agent, C:\Users\pc\AppData\Local\Temp\FlyTampa_Libraries_FSX_P3D.exe, No Action By User, [5652b99a106b989e2704e36611ef48b8],

Physical Sectors: 0
(No malicious items detected)


(end)

[motji]

V mbamu vše smažte. Pak použijte ccleaner na dočasné soubory i registry a napište co pc.

[Kronos]

Vše jsem udělal, teď se už zdá, že to funguje, jak má. Ještě to pozkouším.
Zatím Vám děkuji za rady.

[Kronos]

Tak dnes se zase otvírají jiná okna než mají, pokud kliknu na odkaz v nějakém mailu. Situace se tedy opakuje, není to dobré.

[motji]

Poprosím o log z Frstu http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Kronos]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by pc (administrator) on I53570K on 21-05-2014 21:55:27
Running from C:\Users\pc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Moborobo\MoboRoboDeviceService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Monet+, a.s.) C:\Windows\SysWOW64\xmesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [495616 2012-07-27] (MSI)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?si ... earchTerms}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{0D3DB505-3915-4CA9-AF1F-C9FBE23EEE46}: [NameServer]192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @servis24.cz/PKIComponent - C:\Users\pc\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll (Česká spořitelna, a.s.)
FF Plugin HKCU: @servis24.cz/PKIComponent-x64 - C:\Users\pc\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll (Česká spořitelna, a.s.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.flightsim.cz/
CHR StartupUrls: "hxxp://www.flightsim.cz/", "hxxp://www.tata.unas.cz/pracovni/domacnost.html"
CHR Extension: (Google Translate) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-01-12]
CHR Extension: (Disk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]
CHR Extension: (TV) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2013-01-12]
CHR Extension: (Brushed) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2012-10-20]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-20]
CHR Extension: (Vyhledávání Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-20]
CHR Extension: (Search by Image (by Google)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2012-10-20]
CHR Extension: (SNT) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclmkiecchnaejmecgapolhfilcmpifo [2014-04-20]
CHR Extension: (Poznámkový blok) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgpgbcidmnhkoeceikdacelidndbfgl [2012-10-20]
CHR Extension: (Poznámkový blok) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephkoffkhkiignlofebbfhhahddofkmg [2012-10-20]
CHR Extension: (Chrome Notepad) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2013-01-12]
CHR Extension: (AdBlock) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-20]
CHR Extension: (Translator by Dictionary.com) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\glacllipodbjfijgkcdifnlhmoddlkon [2013-07-24]
CHR Extension: (Oogle) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2012-10-20]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-03-19]
CHR Extension: (RealDownloader) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-11]
CHR Extension: (Pro Translate) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhoogcgekgpljafaadaohobjcdccpick [2013-07-24]
CHR Extension: (Bubble Translate) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhlebbhengjlhmcjebbkambaekglhkf [2013-01-12]
CHR Extension: (Translate For All) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobpplcnbicdniipmndjknbnlggmjdk [2013-07-24]
CHR Extension: (Mapy Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-10-20]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2012-10-20]
CHR Extension: (SNT) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmggdojmpmgaikolpbbkcmeicbddnaj [2014-04-20]
CHR Extension: (Editor Lite) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2012-10-20]
CHR Extension: (Peněženka Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (System Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\onmkoldigcfmebcinpmineoadckalllb [2014-04-20]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-10-13] (SUPERAntiSpyware.com)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
R2 MoboroboDeviceService; C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe [70952 2014-03-28] ()
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [136704 2012-06-29] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-11-25] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] ()
R2 xmengine service; C:\Windows\SysWOW64\xmesrv.exe [34696 2013-01-29] (Monet+, a.s.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2012-10-27] ()
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [552960 2012-07-06] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-23] (DT Soft Ltd)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [126848 2013-01-29] (Gemalto)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-10-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NTIOLib_1_0_2; C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [13328 2012-02-14] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2010-07-08] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-22] (Duplex Secure Ltd.)
U3 a9kbzowb; C:\Windows\System32\Drivers\a9kbzowb.sys [0 ] (Advanced Micro Devices)
S3 cpuz130; \??\C:\Users\ZBYNKU~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 21:55 - 2014-05-21 21:55 - 00020281 _____ () C:\Users\pc\Desktop\FRST.txt
2014-05-21 21:55 - 2014-05-21 21:55 - 00000000 ____D () C:\FRST
2014-05-21 21:54 - 2014-05-21 21:54 - 02067456 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2014-05-21 21:53 - 2014-05-21 21:53 - 00112640 _____ (forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe
2014-05-21 19:06 - 2014-05-21 19:06 - 00000168 _____ () C:\Windows\setupact.log
2014-05-21 19:06 - 2014-05-21 19:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-20 21:15 - 2014-05-20 21:15 - 00002070 _____ () C:\Users\pc\Documents\cc_20140520_211520.reg
2014-05-20 19:54 - 2014-05-20 19:54 - 00001472 _____ () C:\Users\pc\Desktop\mbam.txt
2014-05-20 19:43 - 2014-05-20 19:43 - 00001157 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 19:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-20 19:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-20 19:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 16:36 - 2014-05-19 16:37 - 00000000 ____D () C:\AdwCleaner
2014-05-19 16:36 - 2014-05-19 16:35 - 01328723 _____ () C:\Users\pc\Desktop\AdwCleaner (2).exe
2014-05-19 16:35 - 2014-05-19 16:35 - 00001168 _____ () C:\Users\pc\Desktop\JRT.txt
2014-05-19 16:31 - 2014-05-19 16:31 - 01016261 _____ (Thisisu) C:\Users\pc\Desktop\JRT.exe
2014-05-19 16:31 - 2014-05-19 16:31 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 11:54 - 2014-05-18 11:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 11:53 - 2014-05-18 11:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:53 - 2014-05-18 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-18 11:53 - 2014-05-18 11:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-17 19:52 - 2014-05-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JustFlight DC-3 Legends of Flight
2014-05-17 19:03 - 2014-05-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integrated SimAvionics for FSX - N537JB
2014-05-16 09:51 - 2014-05-16 09:51 - 00018130 _____ () C:\Users\pc\Documents\LONDON GATWICK-OSLO_GARDERMOEN.kml
2014-05-15 14:11 - 2014-05-15 14:11 - 00000000 ____D () C:\rsit
2014-05-14 09:22 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 09:22 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 09:22 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 09:22 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 09:22 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 09:22 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 09:20 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:20 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:20 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:20 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:20 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:20 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:20 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:20 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:20 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:20 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:20 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:20 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:20 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:20 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:20 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:20 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:20 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:20 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:20 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 09:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-12 14:45 - 2014-05-12 15:42 - 00000000 ____D () C:\Users\pc\Documents\Mount&Blade Savegames
2014-05-12 14:44 - 2014-05-12 15:05 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Mount&Blade
2014-05-12 14:43 - 2014-05-12 14:43 - 00000603 _____ () C:\Users\pc\Desktop\Mount&Blade.lnk
2014-05-12 14:43 - 2014-05-12 14:43 - 00000603 _____ () C:\Users\Administrator\Desktop\Mount&Blade.lnk
2014-05-12 14:43 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2014-05-12 14:43 - 2014-05-12 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2014-05-11 15:00 - 2014-05-11 15:00 - 00006591 _____ () C:\Users\pc\Documents\ALGER _ HOUARI BOUMEDIENE-CONSTANTINE _ MOHAMED BOUDIAF.kml
2014-05-11 10:13 - 2014-05-11 10:13 - 00016931 _____ () C:\Users\pc\Documents\PARIS CHARLES DE GAULLE-ROMA_FIUMICINO.kml
2014-05-07 16:16 - 2014-05-07 16:16 - 00007791 _____ () C:\Users\pc\Documents\WIEN-SCHWECHAT-BEOGRAD _ NIKOLA TESLA.kml
2014-05-03 15:50 - 2014-05-03 15:50 - 00017576 _____ () C:\Users\pc\Documents\LONDON STANSTED-BRATISLAVA_M. R. STEFANIK.kml
2014-05-03 15:30 - 2014-05-03 15:30 - 00028567 _____ () C:\Users\pc\Documents\MANCHESTER-BRATISLAVA_M. R. STEFANIK.kml
2014-05-01 09:22 - 2014-05-01 09:22 - 00003970 _____ () C:\Users\pc\Documents\cc_20140501_092210.reg
2014-04-29 12:32 - 2014-05-20 20:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 12:32 - 2014-04-29 12:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 18:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-27 18:48 - 2014-04-27 18:48 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VS Revo Group
2014-04-27 18:45 - 2014-04-27 18:45 - 00001010 _____ () C:\Users\pc\Documents\cc_20140427_184524.reg
2014-04-27 11:41 - 2014-05-15 14:11 - 00000000 ____D () C:\Program Files\trend micro
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2014-04-23 18:45 - 2014-04-23 18:45 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-04-23 18:02 - 2014-05-14 09:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-21 11:55 - 2014-04-21 11:55 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-21 11:55 - 2014-04-21 11:55 - 00001217 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-21 11:55 - 2014-04-21 11:55 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

==================== One Month Modified Files and Folders =======

2014-05-21 21:55 - 2014-05-21 21:55 - 00020281 _____ () C:\Users\pc\Desktop\FRST.txt
2014-05-21 21:55 - 2014-05-21 21:55 - 00000000 ____D () C:\FRST
2014-05-21 21:54 - 2014-05-21 21:54 - 02067456 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2014-05-21 21:53 - 2014-05-21 21:53 - 00112640 _____ (forum.viry.cz) C:\Users\pc\Desktop\FRSTLauncher.exe
2014-05-21 21:18 - 2012-10-09 19:21 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 21:16 - 2013-11-13 10:03 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 20:08 - 2013-08-22 20:10 - 00000000 ____D () C:\Users\pc\AppData\Roaming\TS3Client
2014-05-21 19:18 - 2012-10-09 10:42 - 01703824 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 19:14 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 19:14 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 19:12 - 2010-11-21 11:27 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2014-05-21 19:12 - 2010-11-21 11:27 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2014-05-21 19:12 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 19:06 - 2014-05-21 19:06 - 00000168 _____ () C:\Windows\setupact.log
2014-05-21 19:06 - 2014-05-21 19:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-21 19:06 - 2013-07-11 20:49 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3477444024-1752975296-2887903143-1007
2014-05-21 19:06 - 2013-07-11 20:49 - 00003192 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3477444024-1752975296-2887903143-1007
2014-05-21 19:06 - 2012-10-09 19:21 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 19:06 - 2012-10-09 11:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-21 19:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 21:15 - 2014-05-20 21:15 - 00002070 _____ () C:\Users\pc\Documents\cc_20140520_211520.reg
2014-05-20 20:40 - 2014-04-29 12:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 20:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-05-20 19:54 - 2014-05-20 19:54 - 00001472 _____ () C:\Users\pc\Desktop\mbam.txt
2014-05-20 19:43 - 2014-05-20 19:43 - 00001157 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 19:43 - 2014-05-20 19:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 16:37 - 2014-05-19 16:36 - 00000000 ____D () C:\AdwCleaner
2014-05-19 16:35 - 2014-05-19 16:36 - 01328723 _____ () C:\Users\pc\Desktop\AdwCleaner (2).exe
2014-05-19 16:35 - 2014-05-19 16:35 - 00001168 _____ () C:\Users\pc\Desktop\JRT.txt
2014-05-19 16:31 - 2014-05-19 16:31 - 01016261 _____ (Thisisu) C:\Users\pc\Desktop\JRT.exe
2014-05-19 16:31 - 2014-05-19 16:31 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 16:58 - 2014-03-26 18:52 - 00000000 ____D () C:\Program Files (x86)\FS Recorder for FSX
2014-05-18 13:05 - 2014-05-17 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integrated SimAvionics for FSX - N537JB
2014-05-18 13:01 - 2012-10-20 15:48 - 00000000 ____D () C:\Users\pc\AppData\Roaming\KeePass
2014-05-18 11:54 - 2014-05-18 11:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 11:53 - 2014-05-18 11:53 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-18 11:53 - 2014-05-18 11:53 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:53 - 2014-05-18 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-18 11:53 - 2014-05-18 11:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-17 19:52 - 2014-05-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JustFlight DC-3 Legends of Flight
2014-05-16 09:57 - 2012-10-27 14:37 - 00011648 _____ () C:\Users\pc\Desktop\PMDG NGX.txt
2014-05-16 09:52 - 2012-10-13 19:54 - 00000513 _____ () C:\Windows\rfindpln.ini
2014-05-16 09:51 - 2014-05-16 09:51 - 00018130 _____ () C:\Users\pc\Documents\LONDON GATWICK-OSLO_GARDERMOEN.kml
2014-05-15 14:31 - 2014-04-04 08:37 - 00006208 _____ () C:\Users\pc\Desktop\Dash 8 P3D.txt
2014-05-15 14:11 - 2014-05-15 14:11 - 00000000 ____D () C:\rsit
2014-05-15 14:11 - 2014-04-27 11:41 - 00000000 ____D () C:\Program Files\trend micro
2014-05-15 12:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 09:27 - 2012-10-20 15:15 - 00000000 ___RD () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 09:27 - 2012-10-20 15:15 - 00000000 ___RD () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:26 - 2014-04-23 18:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 09:22 - 2012-10-09 20:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:21 - 2013-07-12 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:20 - 2012-11-15 10:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 09:16 - 2013-11-13 10:03 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 09:16 - 2012-10-09 11:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:16 - 2012-10-09 11:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-12 15:42 - 2014-05-12 14:45 - 00000000 ____D () C:\Users\pc\Documents\Mount&Blade Savegames
2014-05-12 15:05 - 2014-05-12 14:44 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Mount&Blade
2014-05-12 14:43 - 2014-05-12 14:43 - 00000603 _____ () C:\Users\pc\Desktop\Mount&Blade.lnk
2014-05-12 14:43 - 2014-05-12 14:43 - 00000603 _____ () C:\Users\Administrator\Desktop\Mount&Blade.lnk
2014-05-12 14:43 - 2014-05-12 14:43 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2014-05-12 14:43 - 2014-05-12 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
2014-05-11 17:02 - 2014-04-19 16:47 - 00002004 _____ () C:\Users\Public\Desktop\MoboRobo.lnk
2014-05-11 17:02 - 2014-04-19 16:47 - 00000000 ____D () C:\ProgramData\Moborobo
2014-05-11 17:02 - 2014-04-19 16:47 - 00000000 ____D () C:\Program Files (x86)\Moborobo
2014-05-11 15:00 - 2014-05-11 15:00 - 00006591 _____ () C:\Users\pc\Documents\ALGER _ HOUARI BOUMEDIENE-CONSTANTINE _ MOHAMED BOUDIAF.kml
2014-05-11 10:21 - 2013-01-14 11:28 - 00003008 _____ () C:\Users\pc\Desktop\A320.txt
2014-05-11 10:13 - 2014-05-11 10:13 - 00016931 _____ () C:\Users\pc\Documents\PARIS CHARLES DE GAULLE-ROMA_FIUMICINO.kml
2014-05-09 18:13 - 2012-10-09 19:21 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 18:13 - 2012-10-09 19:21 - 00003714 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 08:14 - 2014-05-14 09:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 09:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 16:17 - 2013-07-20 14:55 - 00006501 _____ () C:\Users\pc\Desktop\Dash 8 FSX.txt
2014-05-07 16:16 - 2014-05-07 16:16 - 00007791 _____ () C:\Users\pc\Documents\WIEN-SCHWECHAT-BEOGRAD _ NIKOLA TESLA.kml
2014-05-07 09:51 - 2009-07-14 07:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-06 06:40 - 2014-05-14 09:22 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 09:22 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 09:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 09:22 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 09:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 10:09 - 2014-02-11 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa
2014-05-03 15:50 - 2014-05-03 15:50 - 00017576 _____ () C:\Users\pc\Documents\LONDON STANSTED-BRATISLAVA_M. R. STEFANIK.kml
2014-05-03 15:30 - 2014-05-03 15:30 - 00028567 _____ () C:\Users\pc\Documents\MANCHESTER-BRATISLAVA_M. R. STEFANIK.kml
2014-05-01 09:22 - 2014-05-01 09:22 - 00003970 _____ () C:\Users\pc\Documents\cc_20140501_092210.reg
2014-05-01 09:08 - 2012-10-20 15:15 - 00000000 ____D () C:\Users\pc
2014-04-30 09:31 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-30 09:30 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-30 09:19 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-04-29 12:32 - 2014-04-29 12:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-27 18:48 - 2014-04-27 18:48 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VS Revo Group
2014-04-27 18:45 - 2014-04-27 18:45 - 00001010 _____ () C:\Users\pc\Documents\cc_20140427_184524.reg
2014-04-27 18:45 - 2013-03-23 16:05 - 00000000 ____D () C:\Users\pc\AppData\Roaming\DAEMON Tools Pro
2014-04-23 18:47 - 2014-04-23 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2014-04-23 18:47 - 2014-04-19 16:43 - 00000000 ____D () C:\Program Files (x86)\PdaNet for Android
2014-04-23 18:45 - 2014-04-23 18:45 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-04-21 20:36 - 2012-10-20 15:48 - 00121032 _____ () C:\Users\pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 20:36 - 2009-07-14 06:45 - 02348344 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 11:55 - 2014-04-21 11:55 - 00001229 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-21 11:55 - 2014-04-21 11:55 - 00001217 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-04-21 11:55 - 2014-04-21 11:55 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

Files to move or delete:
====================
C:\ProgramData\ISTask.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 16:57




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System_SSD_128GB) (Fixed) (Total:119.24 GB) (Free:22.25 GB) NTFS
Drive d: (Data_SSD_128GB) (Fixed) (Total:119.23 GB) (Free:40.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:303.48 GB) (Free:28.55 GB) NTFS
Drive f: () (Fixed) (Total:309.26 GB) (Free:12.33 GB) NTFS
Drive g: () (Fixed) (Total:318.76 GB) (Free:11.17 GB) NTFS

Available physical RAM: 13194.58 MB
Total physical RAM: 16332.84 MB
Percentage of memory in use: 19%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: FFFFFFFF)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 655E9614)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DEDA7A36)
Partition 1: (Active) - (Size=932 GB) - (Type=05)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:74603393

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\pc\Desktop" je 133 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[motji]

V logu není nic vidět

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Kronos]

Vše jsem udělal:

ComboFix 14-05-19.01 - pc 22.05.2014 19:12:55.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16333.13493 [GMT 2:00]
Spuštěný z: c:\users\pc\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-22 do 2014-05-22 )))))))))))))))))))))))))))))))
.
.
2014-05-21 19:55 . 2014-05-21 19:55 -------- d-----w- C:\FRST
2014-05-21 17:17 . 2014-05-02 09:05 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6DB4BBF-AE12-4802-869F-EAF9C1319044}\gapaengine.dll
2014-05-21 17:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C8DD541-D73D-4D0E-AE1B-0AFA47AC14A6}\mpengine.dll
2014-05-20 17:43 . 2014-05-20 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-20 17:43 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-20 17:43 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-20 17:43 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-20 15:18 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-19 14:36 . 2014-05-19 14:37 -------- d-----w- C:\AdwCleaner
2014-05-19 14:31 . 2014-05-19 14:31 -------- d-----w- c:\windows\ERUNT
2014-05-18 09:54 . 2014-05-18 09:54 -------- d-----w- c:\programdata\Oracle
2014-05-18 09:53 . 2014-05-18 09:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-05-18 09:53 . 2014-05-18 09:53 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-18 09:53 . 2014-05-18 09:53 -------- d-----w- c:\program files (x86)\Java
2014-05-15 12:11 . 2014-05-15 12:11 -------- d-----w- C:\rsit
2014-05-14 07:22 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 07:22 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 07:22 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 07:22 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 07:19 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 07:19 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 07:19 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-12 12:44 . 2014-05-12 13:05 -------- d-----w- c:\users\pc\AppData\Roaming\Mount&Blade
2014-04-29 10:32 . 2014-05-20 18:40 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 10:32 . 2014-04-29 10:32 -------- d-----w- c:\programdata\Malwarebytes
2014-04-27 16:49 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-27 16:48 . 2014-04-27 16:48 -------- d-----w- c:\users\pc\AppData\Roaming\VS Revo Group
2014-04-27 09:41 . 2014-05-15 12:11 -------- d-----w- c:\program files\trend micro
2014-04-23 16:45 . 2014-04-23 16:45 -------- d-----w- c:\program files (x86)\ClockworkMod
2014-04-23 16:02 . 2014-05-14 07:26 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 07:20 . 2012-11-15 08:35 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 07:16 . 2012-10-09 09:08 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:16 . 2012-10-09 09:08 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 09:05 . 2013-03-12 07:16 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-28 16:15 . 2014-04-19 14:47 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-03-17 07:44 . 2012-11-12 19:45 286720 ----a-w- c:\windows\iun506.exe
2014-03-11 08:52 . 2012-08-30 21:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-12 11:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-12 11:04 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-12 11:04 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-12 11:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-12 11:04 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-12 11:04 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-12 11:04 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-12 11:04 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-12 11:04 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-12 11:04 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-12 11:04 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-12 11:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-12 11:04 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-12 11:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-12 11:04 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-12 11:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-12 11:04 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-12 11:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-12 11:04 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-12 11:04 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-12 11:04 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-12 11:04 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-12 11:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-12 11:04 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-12 11:04 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-12 11:04 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-12 11:04 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-12 11:04 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-12 11:04 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-12 11:04 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-12 11:04 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-12 11:04 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-12 11:04 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 16:23 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 16:23 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 16:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-05-14 07:20 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-04 09:44 . 2014-04-09 16:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 16:23 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-05-14 07:20 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-04 09:17 . 2014-04-09 16:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 16:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 16:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 16:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 16:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 16:23 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-07-27 495616]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz130;cpuz130;c:\users\ZBYNKU~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys;c:\users\ZBYNKU~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\DRIVERS\GemCCID.sys;c:\windows\SYSNATIVE\DRIVERS\GemCCID.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;h:\cdriver64.sys;h:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_2;NTIOLib_1_0_2;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;h:\ntiolib_x64.sys;h:\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys;c:\program files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 xmengine service;CryptoPlus XME Engine Service;c:\windows\SysWOW64\xmesrv.exe;c:\windows\SysWOW64\xmesrv.exe [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NTIOLIB_1_0_3
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 12:18 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 07:16]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 17:21]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 17:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
TCP: Interfaces\{0D3DB505-3915-4CA9-AF1F-C9FBE23EEE46}: NameServer = 192.168.1.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-The Navigation CD-ROM - d:\aviation tutorials\Navcd\Uninst.isu
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-05-22 19:16:21
ComboFix-quarantined-files.txt 2014-05-22 17:16
.
Před spuštěním: Volných bajtů: 23 824 224 256
Po spuštění: Volných bajtů: 23 522 672 640
.
- - End Of File - - 0149B6FAB960545911F6B4E315268E85
A36C5E4F47E84449FF07ED3517B43A31

[motji]

V logu nevidím vůbec nic špatného , teď to vypadá jak?