Dobrý večer,
mohl by mi někdo zkontrolovat log, asi předhodinou sem v pc objevil iWebar/youtube accelerator/ a nějaký shopper
= odinstalval přes ovládací panely / cc cleaner
= vyčistil cc cleanerem
= a malwarebytes mi našel 4 potenciální hrozby
předem děkuji za jakoukoli pomoc.
(pod výpisem z Malwarebytes přikládám výstup z RSIT)
Malwarebytes mi vypsal toto:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 25. 5. 2014
Scan Time: 0:04:06
Logfile: chyba.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.05.24.08
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Marta
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 246041
Time Elapsed: 2 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [a692391cb6c531051cfa8a17d1313cc4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1482324353-3948896138-1893195853-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [96a2e570df9c89ad0e3a08c83ec5b947],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 2
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [f7415104522986b055530d9247bb0ff1],
PUP.Optional.CrossRider.A, C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "146300fef6a87a170961e4d072d8dc44");), ,[ae8a2233047786b09af6146f798bc739]
Physical Sectors: 0
(No malicious items detected)
(end)
RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Marta at 2014-05-25 00:10:23
Microsoft Windows 8
System drive C: has 622 GB (89%) free of 699 GB
Total RAM: 3979 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:10:25, on 25. 5. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Users\Marta\Downloads\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\trend micro\Marta.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP HD Webcam Driver_Monitor] C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem40.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12752 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Defender\MsMpEng.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d37f3d60-23a5-4193-a2bc-d4c18a9020b6 -SystemEventPortName:HostProcess-57d66a75-0e73-494b-9560-527749aeca8d -IoCancelEventPortName:HostProcess-589a688b-88fc-490e-b4cf-a842fe6976e7 -NonStateChangingEventPortName:HostProcess-be44a733-7f98-4f39-808c-17b17947376f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8136aa8b-0ea8-4c93-930f-68868a429cc3 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4ad0dbcd-c428-42fa-8502-29d1888db7a4 -SystemEventPortName:HostProcess-fd8486ed-5651-4e3f-adc1-a1ea602804fe -IoCancelEventPortName:HostProcess-4e4a7816-3c37-4930-83c8-66fd0493acff -NonStateChangingEventPortName:HostProcess-a5802159-1b18-420d-8b9b-49082b59238d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:248c6874-5fd0-4fe9-a152-ff3609fed686 -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskhost.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=12972.12a45bf0.605991006 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 12972 "\\.\pipe\gecko-crash-server-pipe.12972" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe" --proxy-stub-channel=Flash5540.6CDA6010.16045 --host-broker-channel=Flash5540.6CDA6010.6738 --host-pid=5540 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_182.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe" --channel=1004.0101F13C.507370102 --proxy-stub-channel=Flash5540.6CDA6010.16045 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_182.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
"C:\Users\Marta\Downloads\HiJackThis.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe168_ Global\UsGthrCtrlFltPipeMssGthrPipe168 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Users\Marta\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForMarta.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMarta (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll
C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\extensions\
anttoolbar@ant.com
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-08 587104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-08-06 1425408]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-05-13 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [2012-07-10 968840]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"HP HD Webcam Driver_Monitor"=C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [2012-07-26 303480]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2013-05-16 3830224]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-09-19 371976]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-06-05 683656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-10-16 337184]
""= []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-05-25 00:10:23 ----D---- C:\rsit
2014-05-25 00:10:23 ----D---- C:\Program Files\trend micro
2014-05-25 00:02:47 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 00:02:20 ----D---- C:\ProgramData\Malwarebytes
2014-05-25 00:02:20 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-24 23:05:01 ----D---- C:\Program Files (x86)\YouTube Accelerator
2014-05-24 23:04:46 ----D---- C:\Program Files (x86)\globalUpdate
2014-05-23 23:17:23 ----A---- C:\Windows\RomeTW.ini
2014-05-23 22:32:37 ----D---- C:\Program Files (x86)\Activision
2014-05-15 20:08:45 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 20:08:42 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 20:08:22 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-05-15 20:08:20 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-05-15 20:08:04 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 20:08:03 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 20:08:02 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 20:08:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:08:01 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 20:07:59 ----A---- C:\Windows\system32\drivers\cng.sys
2014-05-15 20:07:58 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 20:07:58 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 20:07:58 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 20:07:57 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 20:07:57 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 20:07:56 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 20:07:56 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\SHCore.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\lsm.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 20:07:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 20:07:56 ----A---- C:\Windows\system32\dpapisrv.dll
2014-05-15 20:07:55 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2014-05-15 20:07:55 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 20:07:55 ----A---- C:\Windows\system32\usercpl.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 20:07:53 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 20:07:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 20:07:52 ----A---- C:\Windows\system32\workerdd.dll
2014-05-15 20:07:26 ----A---- C:\Windows\system32\schedsvc.dll
2014-05-15 20:07:25 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 20:07:24 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 20:07:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 20:06:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-15 20:05:57 ----A---- C:\Windows\system32\kernel32.dll
2014-05-15 20:05:56 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-05-15 20:05:55 ----A---- C:\Windows\system32\gpedit.dll
2014-05-15 20:05:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2014-05-15 20:05:55 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2014-05-15 20:05:54 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2014-05-15 20:05:53 ----A---- C:\Windows\SYSWOW64\gpedit.dll
2014-05-15 20:05:53 ----A---- C:\Windows\system32\drivers\srvnet.sys
2014-05-15 20:05:53 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2014-05-09 22:36:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-06 12:21:32 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2014-05-06 12:21:32 ----A---- C:\Windows\system32\WSShared.dll
2014-05-06 12:21:32 ----A---- C:\Windows\system32\NotificationUI.exe
2014-05-06 12:21:31 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 12:21:31 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
======List of files/folders modified in the last 1 month======
2014-05-25 00:10:23 ----RD---- C:\Program Files
2014-05-25 00:10:18 ----D---- C:\Windows\Prefetch
2014-05-25 00:06:45 ----D---- C:\Windows\Temp
2014-05-25 00:02:47 ----D---- C:\Windows\system32\Drivers
2014-05-25 00:02:20 ----RD---- C:\Program Files (x86)
2014-05-25 00:02:20 ----HD---- C:\ProgramData
2014-05-25 00:00:11 ----D---- C:\Windows\system32\sru
2014-05-24 23:48:48 ----SD---- C:\Users\Marta\AppData\Roaming\Microsoft
2014-05-24 23:44:20 ----D---- C:\Windows\system32\Tasks
2014-05-24 23:44:17 ----D---- C:\Windows\Tasks
2014-05-24 23:32:42 ----HD---- C:\Windows\system32\GroupPolicy
2014-05-24 23:32:42 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-05-24 23:32:41 ----D---- C:\Program Files\Common Files
2014-05-24 23:28:43 ----D---- C:\Windows\Inf
2014-05-24 23:20:19 ----D---- C:\Windows\SoftwareDistribution
2014-05-24 23:20:19 ----D---- C:\Windows\debug
2014-05-24 23:20:19 ----D---- C:\Windows
2014-05-24 23:19:03 ----AD---- C:\ProgramData\Temp
2014-05-24 23:05:37 ----SHD---- C:\Windows\Installer
2014-05-24 23:05:14 ----D---- C:\Windows\SysWOW64
2014-05-24 23:04:04 ----RD---- C:\Windows\System32
2014-05-24 23:04:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-24 23:02:56 ----D---- C:\Users\Marta\AppData\Roaming\Seznam.cz
2014-05-24 23:00:15 ----D---- C:\Windows\system32\catroot
2014-05-24 23:00:14 ----D---- C:\Windows\system32\DriverStore
2014-05-24 22:24:30 ----A---- C:\Windows\SYSWOW64\bscs.ini
2014-05-24 22:21:26 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2014-05-24 22:21:23 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2014-05-24 09:40:04 ----D---- C:\Windows\Microsoft.NET
2014-05-23 22:32:08 ----SHD---- C:\System Volume Information
2014-05-23 21:09:11 ----D---- C:\Windows\system32\config
2014-05-21 23:29:26 ----D---- C:\ProgramData\PDFC
2014-05-21 18:48:31 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-18 19:59:23 ----D---- C:\Windows\rescache
2014-05-16 17:55:14 ----RSD---- C:\Windows\assembly
2014-05-16 16:38:04 ----A---- C:\Windows\SYSWOW64\log.txt
2014-05-16 16:36:24 ----D---- C:\Windows\WinSxS
2014-05-16 16:34:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 16:32:36 ----RD---- C:\Windows\ToastData
2014-05-16 16:32:31 ----D---- C:\Program Files\Windows Defender
2014-05-16 16:32:30 ----D---- C:\Program Files (x86)\Windows Defender
2014-05-16 16:32:28 ----D---- C:\Windows\system32\SecureBootUpdates
2014-05-16 16:32:22 ----D---- C:\Windows\system32\en-US
2014-05-16 16:32:22 ----D---- C:\Windows\system32\cs-CZ
2014-05-16 09:01:08 ----A---- C:\SROF.ini
2014-05-16 09:00:51 ----D---- C:\Windows\system32\NDF
2014-05-15 21:45:00 ----D---- C:\Windows\CbsTemp
2014-05-15 21:41:47 ----D---- C:\Windows\AUInstallAgent
2014-05-15 21:41:11 ----HD---- C:\Program Files\WindowsApps
2014-05-15 21:38:03 ----D---- C:\Windows\system32\MRT
2014-05-15 21:38:00 ----A---- C:\Windows\system32\MRT.exe
2014-05-15 20:04:20 ----D---- C:\Windows\system32\catroot2
2014-05-15 07:40:13 ----D---- C:\Users\Marta\AppData\Roaming\vlc
2014-05-08 18:34:51 ----D---- C:\Windows\system32\wdi
2014-05-08 08:06:50 ----D---- C:\Windows\WinStore
2014-05-01 22:37:50 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-30 21:49:53 ----D---- C:\Users\Marta\AppData\Roaming\hpqlog
2014-04-30 21:49:43 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-04-30 21:49:03 ----D---- C:\swsetup
2014-04-28 14:40:07 ----D---- C:\Program Files (x86)\PokerStars
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 hpdskflt;@oem40.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-30 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-07-31 645952]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R3 Accelerometer;@oem40.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-30 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem14.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@tdibth.inf,%BthEnum.DisplayName%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2013-10-30 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-25 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 64216]
R3 MEIx64;@oem39.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2013-10-30 62784]
R3 netr28x;@oem53.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem46.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SPUVCbv;@oem45.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2014-01-08 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-08-06 540160]
R3 SynTP;@oem44.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 AFS;AFS; C:\Windows\system32\drivers\AFS.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 dot4;@oem34.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem35.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem34.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNe64.sys [2012-06-02 11400192]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-02 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;@oem40.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-30 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-10-30 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-10-30 279000]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-06-05 1143432]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-08-06 321536]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-10-30 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-01-23 1006424]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-24 68608]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-24 68608]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-09 119408]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys [2012-11-27 29952]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Zdavim 
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Dobré ráno,
zde jsou:
Junk Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Marta on ne 25. 05. 2014 at 9:26:28,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\prefs.js
user_pref("extensions.crossrider.bic", "146300fef6a87a170961e4d072d8dc44");
Emptied folder: C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25. 05. 2014 at 9:31:41,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adware
# AdwCleaner v3.210 - Report created 25/05/2014 at 09:34:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Marta - NB-1
# Running from : C:\Users\Marta\Desktop\adwcleaner_3.210.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\Marta\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Marta\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKLM\Software\Goobzo
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1901 octets] - [25/05/2014 09:33:30]
AdwCleaner[R1].txt - [1961 octets] - [25/05/2014 09:34:06]
AdwCleaner[S0].txt - [1884 octets] - [25/05/2014 09:34:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1944 octets] ##########
zde jsou:
Junk Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Marta on ne 25. 05. 2014 at 9:26:28,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\prefs.js
user_pref("extensions.crossrider.bic", "146300fef6a87a170961e4d072d8dc44");
Emptied folder: C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25. 05. 2014 at 9:31:41,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adware
# AdwCleaner v3.210 - Report created 25/05/2014 at 09:34:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Marta - NB-1
# Running from : C:\Users\Marta\Desktop\adwcleaner_3.210.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\Marta\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Marta\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKLM\Software\Goobzo
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v29.0.1 (cs)
[ File : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1901 octets] - [25/05/2014 09:33:30]
AdwCleaner[R1].txt - [1961 octets] - [25/05/2014 09:34:06]
AdwCleaner[S0].txt - [1884 octets] - [25/05/2014 09:34:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1944 octets] ##########
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Marta (administrator) on NB-1 on 25-05-2014 11:08:14
Running from C:\Users\Marta\Desktop
Platform: Windows 8 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-06] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-08-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-08-01] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [64832 2012-07-25] (Hewlett-Packard Company)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2014-01-08] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:07 - 2014-05-25 11:08 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 07:28 - 2014-05-25 09:53 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 00:02 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 00:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 18:28 - 2014-05-22 07:31 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-19 18:27 - 2014-05-20 20:34 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-15 20:08 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:08 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:08 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:08 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 20:08 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:08 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:08 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 20:08 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:08 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:07 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:07 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:07 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:07 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:07 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 20:07 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 20:07 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:07 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:07 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:07 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 20:07 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:07 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 20:06 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 20:06 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:06 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 20:05 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 20:05 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 20:05 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 20:05 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 20:05 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 20:05 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-09 22:36 - 2014-05-09 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 12:21 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 12:21 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 12:21 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-25 22:47 - 2014-04-26 00:01 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml
2014-04-25 11:43 - 2014-04-28 17:15 - 00000000 ____D () C:\Users\Marta\Desktop\csob
==================== One Month Modified Files and Folders =======
2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:08 - 2014-05-25 11:07 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-25 10:06 - 2014-05-25 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 09:53 - 2014-05-25 07:28 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 09:45 - 2012-09-09 07:46 - 00755956 _____ () C:\Windows\system32\perfh005.dat
2014-05-25 09:45 - 2012-09-09 07:46 - 00162886 _____ () C:\Windows\system32\perfc005.dat
2014-05-25 09:45 - 2012-07-26 09:28 - 01851422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 09:42 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Seznam.cz
2014-05-25 09:39 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:37 - 2013-10-30 22:19 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-05-25 09:37 - 2012-09-09 07:14 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-25 09:36 - 2014-01-08 22:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForMarta.job
2014-05-25 09:36 - 2013-10-30 22:19 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-05-25 09:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:35 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-25 09:34 - 2014-05-25 09:33 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:31 - 2014-04-18 09:47 - 00000000 ____D () C:\Users\Marta\Documents\Nová složka
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 09:03 - 2014-01-08 22:42 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarta
2014-05-25 09:03 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:55 - 2014-05-24 23:53 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:52 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta\AppData\Local\VirtualStore
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-22 07:31 - 2014-05-19 18:28 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-22 07:25 - 2013-12-16 13:30 - 00000000 ____D () C:\Users\Marta\Documents\gimp stuff
2014-05-21 18:50 - 2013-09-18 18:04 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-21 18:48 - 2013-09-18 18:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-21 13:03 - 2013-12-16 11:36 - 00000000 ____D () C:\Users\Marta\AppData\Local\PokerStars
2014-05-20 20:34 - 2014-05-19 18:27 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 19:11 - 2013-12-15 23:22 - 00000000 ____D () C:\Users\Marta\.gimp-2.8
2014-05-19 18:34 - 2013-12-15 21:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1482324353-3948896138-1893195853-1004
2014-05-18 19:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 16:34 - 2013-09-16 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 09:01 - 2014-01-27 12:15 - 00000024 _____ () C:\SROF.ini
2014-05-16 09:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-16 08:27 - 2014-04-17 15:40 - 00000000 ____D () C:\Users\Marta\Desktop\futsal
2014-05-15 21:45 - 2012-11-06 14:10 - 00004206 _____ () C:\Windows\system32\RaCoInst.log
2014-05-15 21:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-15 21:40 - 2013-09-17 09:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 21:38 - 2013-09-17 09:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 07:40 - 2013-12-16 12:37 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\vlc
2014-05-12 19:19 - 2014-03-14 13:52 - 00000000 ____D () C:\Users\Marta\Desktop\Nová složka
2014-05-12 07:26 - 2014-05-25 00:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 00:02 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 00:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:37 - 2014-05-09 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 07:14 - 2014-05-15 20:07 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 20:07 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:07 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:06 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:37 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 22:37 - 2013-11-14 07:34 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-11-14 07:34 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 21:49 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\hpqlog
2014-04-30 21:49 - 2012-09-09 07:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-30 21:49 - 2012-08-02 23:20 - 00000000 ____D () C:\swsetup
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-28 17:15 - 2014-04-25 11:43 - 00000000 ____D () C:\Users\Marta\Desktop\csob
2014-04-28 14:40 - 2013-12-16 11:35 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-04-26 00:01 - 2014-04-25 22:47 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml
Some content of TEMP:
====================
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-15 20:07] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-17 04:06
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:682.48 GB) (Free:607.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:2.03 GB) NTFS
Available physical RAM: 2015.86 MB
Total physical RAM: 3978.76 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Marta\Desktop" je 8 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Marta (administrator) on NB-1 on 25-05-2014 11:08:14
Running from C:\Users\Marta\Desktop
Platform: Windows 8 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-06] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-08-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-08-01] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [64832 2012-07-25] (Hewlett-Packard Company)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2014-01-08] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:07 - 2014-05-25 11:08 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 07:28 - 2014-05-25 09:53 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 00:02 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 00:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 18:28 - 2014-05-22 07:31 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-19 18:27 - 2014-05-20 20:34 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-15 20:08 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:08 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:08 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:08 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 20:08 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:08 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:08 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 20:08 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:08 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:07 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:07 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:07 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:07 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:07 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 20:07 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 20:07 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:07 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:07 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:07 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 20:07 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:07 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 20:06 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 20:06 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:06 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 20:05 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 20:05 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 20:05 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 20:05 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 20:05 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 20:05 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-09 22:36 - 2014-05-09 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 12:21 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 12:21 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 12:21 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-25 22:47 - 2014-04-26 00:01 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml
2014-04-25 11:43 - 2014-04-28 17:15 - 00000000 ____D () C:\Users\Marta\Desktop\csob
==================== One Month Modified Files and Folders =======
2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:08 - 2014-05-25 11:07 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-25 10:06 - 2014-05-25 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 09:53 - 2014-05-25 07:28 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 09:45 - 2012-09-09 07:46 - 00755956 _____ () C:\Windows\system32\perfh005.dat
2014-05-25 09:45 - 2012-09-09 07:46 - 00162886 _____ () C:\Windows\system32\perfc005.dat
2014-05-25 09:45 - 2012-07-26 09:28 - 01851422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 09:42 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Seznam.cz
2014-05-25 09:39 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:37 - 2013-10-30 22:19 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-05-25 09:37 - 2012-09-09 07:14 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-25 09:36 - 2014-01-08 22:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForMarta.job
2014-05-25 09:36 - 2013-10-30 22:19 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-05-25 09:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:35 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-25 09:34 - 2014-05-25 09:33 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:31 - 2014-04-18 09:47 - 00000000 ____D () C:\Users\Marta\Documents\Nová složka
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 09:03 - 2014-01-08 22:42 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarta
2014-05-25 09:03 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:55 - 2014-05-24 23:53 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:52 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta\AppData\Local\VirtualStore
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-22 07:31 - 2014-05-19 18:28 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-22 07:25 - 2013-12-16 13:30 - 00000000 ____D () C:\Users\Marta\Documents\gimp stuff
2014-05-21 18:50 - 2013-09-18 18:04 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-21 18:48 - 2013-09-18 18:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-21 13:03 - 2013-12-16 11:36 - 00000000 ____D () C:\Users\Marta\AppData\Local\PokerStars
2014-05-20 20:34 - 2014-05-19 18:27 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 19:11 - 2013-12-15 23:22 - 00000000 ____D () C:\Users\Marta\.gimp-2.8
2014-05-19 18:34 - 2013-12-15 21:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1482324353-3948896138-1893195853-1004
2014-05-18 19:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 16:34 - 2013-09-16 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 09:01 - 2014-01-27 12:15 - 00000024 _____ () C:\SROF.ini
2014-05-16 09:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-16 08:27 - 2014-04-17 15:40 - 00000000 ____D () C:\Users\Marta\Desktop\futsal
2014-05-15 21:45 - 2012-11-06 14:10 - 00004206 _____ () C:\Windows\system32\RaCoInst.log
2014-05-15 21:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-15 21:40 - 2013-09-17 09:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 21:38 - 2013-09-17 09:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 07:40 - 2013-12-16 12:37 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\vlc
2014-05-12 19:19 - 2014-03-14 13:52 - 00000000 ____D () C:\Users\Marta\Desktop\Nová složka
2014-05-12 07:26 - 2014-05-25 00:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 00:02 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 00:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:37 - 2014-05-09 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 07:14 - 2014-05-15 20:07 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 20:07 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:07 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:06 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:37 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 22:37 - 2013-11-14 07:34 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-11-14 07:34 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 21:49 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\hpqlog
2014-04-30 21:49 - 2012-09-09 07:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-30 21:49 - 2012-08-02 23:20 - 00000000 ____D () C:\swsetup
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-28 17:15 - 2014-04-25 11:43 - 00000000 ____D () C:\Users\Marta\Desktop\csob
2014-04-28 14:40 - 2013-12-16 11:35 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-04-26 00:01 - 2014-04-25 22:47 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml
Some content of TEMP:
====================
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-15 20:07] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-17 04:06
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:682.48 GB) (Free:607.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:2.03 GB) NTFS
Available physical RAM: 2015.86 MB
Total physical RAM: 3978.76 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Marta\Desktop" je 8 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (6.26 KiB) Staženo 30 x
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.) HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] () HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe" 2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe 2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe 2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt 2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log 2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner 2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe 2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt 2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT 2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe 2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini 2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe 2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log 2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe C:\Users\Marta\AppData\Local\Temp\cabex.dll C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe C:\Users\Marta\AppData\Local\Temp\Quarantine.exe C:\Users\Marta\AppData\Local\Temp\tu17p84.exe C:\Users\Marta\AppData\Local\Temp\unelevate.exe C:\Users\Spravce\AppData\Local\Temp\_unps.exe Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe AlternateDataStreams: C:\ProgramData\Temp:56E2E879 Hosts: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Zeptám se, proběhl fix, vytvořil se log nyní to mám tedy zavřít a restartovat?
obsah fixlogu je tento:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
obsah fixlogu je tento:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Ano, restartujte PC a napiste jestli jsou jeste problemy"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Malwarebytes nic nenašel, ještě jsem vyčistil cc cleanerem, tak snad je vše ok.
Moc děkuji za pomoc.
Hezký zbytek dne.
Martin
Moc děkuji za pomoc.
Hezký zbytek dne.
Martin
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
uklizeno
Ještě jednou díky.
Ještě jednou díky.
Re: Kontrola logu / malwarebytes hlásí 4 potenciální chyby
Zase nekdy 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?