Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

notebook plný reklam, pomalý prohlížeč,...

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

notebook plný reklam, pomalý prohlížeč,...

#1 Příspěvek od oflo »

Zdravím,
mám notebook plný různých reklam v prohlížeči a každý z prohlížečů pomalu načítá stránky. (jedná se o jiný počítač než v mém současně otevřeném topicu)
Zkoušel jsem rozchodit Combofix, ale ten mi hlásí, že mám Windows 2000, a tedy nejde spustit (přitom mám Win7 x64)
Co by se s tím dalo dělat?
Děkuji,
Zde je log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Misa at 2014-06-07 11:17:20
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 190 GB (50%) free of 382 GB
Total RAM: 3959 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:24, on 7.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\wisen wizard\bin\wisenwizard.BrowserAdapter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Misa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RandoMPricea - {0B7449AB-D29B-1E46-A056-DBA6693C8729} - C:\ProgramData\RandoMPricea\D.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: wisen wizard - {d7bbe586-f42a-454b-9794-776b57483a40} - C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mncauyhcSrv] C:\Windows\system32\mncauyhc.vbe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Launcher6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
O4 - HKLM\..\Run: [DocuPrint 6015N RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mnctsxdSrv] C:\Windows\system32\mnctsxd.vbe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Misa\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [SystemProc] C:\Users\Public\Other\run_shc.lnk
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MacroWorks 3.1.lnk = C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update wisen wizard - Unknown owner - C:\Program Files (x86)\wisen wizard\updatewisenwizard.exe
O23 - Service: Util wisen wizard - Unknown owner - C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 9491 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
WLIDSvcM.exe 3200
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\Explorer.exe"
"C:\Program Files (x86)\Steam\steam.exe" "steam://rungameid/26500"
"C:\Program Files (x86)\wisen wizard\bin\wisenwizard.PurBrowse64.exe" /l false /s false /c "wisen wizard" /t "C:\Program Files (x86)\wisen wizard\bin\TEMP" /i "http://apiwisenwizardne-a.akamaihd.net/ ... 0000000000" /d {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64 /p 42bcc0b0-3fbc-46c5-88d6-336afd681103:chrome
\??\C:\Windows\system32\conhost.exe "1005849820363307741-1704201174-19967111771069970306-6356625471983152921-984341891
/c 42bcc0b0-3fbc-46c5-88d6-336afd681103 /s /z "n=wisenwizard&is=epo000CZ&dpt=21"
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="8480.0.1021218034\921893857" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15,39 --gpu-vendor-id=0x10de --gpu-device-id=0x0a2d --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2702 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="8480.15.55801661\1950405972" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UMAStability/SeparateLog/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="8480.26.1334437180\1277304305" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="8480.27.247879464\1313497672" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe31_ Global\UsGthrCtrlFltPipeMssGthrPipe31 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/NetworkConnectivity/disable_network_stats/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UMAStability/SeparateLog/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="8480.29.1231136606\1365842389" /prefetch:673131151
"C:\Users\Misa\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B7449AB-D29B-1E46-A056-DBA6693C8729}]
RandoMPricea - C:\ProgramData\RandoMPricea\D.x64.dll [2014-05-08 474112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B7449AB-D29B-1E46-A056-DBA6693C8729}]
RandoMPricea - C:\ProgramData\RandoMPricea\D.dll [2014-05-08 425472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7bbe586-f42a-454b-9794-776b57483a40}]
wisen wizard - C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll [2014-05-01 249632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"NextLive"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]
"SystemProc"=C:\Users\Public\Other\run_shc.lnk []
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2014-05-02 3588952]
"uTorrent"=C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe [2014-05-29 1271376]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"mncauyhcSrv"=C:\Windows\system32\mncauyhc.vbe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Launcher6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-05-19 2571264]
"DocuPrint 6015N RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2011-05-23 355840]
"StatusAutoRun6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2011-05-23 4477440]
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mnctsxdSrv"=C:\Windows\system32\mnctsxd.vbe []
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-05-13 3814736]

C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MacroWorks 3.1.lnk - C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-07 11:17:20 ----D---- C:\rsit
2014-06-07 11:17:20 ----D---- C:\Program Files\trend micro
2014-06-07 10:47:28 ----SD---- C:\ComboFix
2014-06-01 10:27:11 ----A---- C:\Windows\wp.INI
2014-06-01 10:14:25 ----D---- C:\Worms2
2014-06-01 10:13:12 ----A---- C:\Windows\SYSWOW64\KMVIDC32.DLL
2014-06-01 09:49:23 ----D---- C:\Worms Armageddon
2014-05-31 23:05:35 ----D---- C:\Worms World Party
2014-05-31 19:42:30 ----D---- C:\Program Files (x86)\Worms Revolution
2014-05-28 13:52:56 ----D---- C:\Program Files\Bus Simulator
2014-05-21 17:11:18 ----D---- C:\ProgramData\EA Core
2014-05-21 17:11:16 ----D---- C:\ProgramData\EA Logs
2014-05-18 19:46:43 ----D---- C:\Users\Misa\AppData\Roaming\Synthesia
2014-05-18 19:46:22 ----D---- C:\Program Files (x86)\Synthesia
2014-05-18 12:33:17 ----D---- C:\Windows\Sun
2014-05-18 11:36:16 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\java.exe
2014-05-15 21:04:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 21:04:14 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 21:04:14 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 21:04:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-15 15:29:02 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 15:29:00 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 15:28:59 ----A---- C:\Windows\system32\aepdu.dll
2014-05-15 15:28:54 ----A---- C:\Windows\system32\aeinv.dll
2014-05-15 15:28:25 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 15:28:23 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 15:28:22 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 15:28:21 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 15:28:21 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 15:28:21 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 15:28:20 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 15:28:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 15:28:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 15:28:19 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 15:28:18 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 15:28:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 15:28:18 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\credssp.dll
2014-05-14 12:28:54 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-08 13:38:40 ----D---- C:\ProgramData\RandoMPricea

======List of files/folders modified in the last 1 month======

2014-06-07 11:17:21 ----D---- C:\Windows\temp
2014-06-07 11:17:20 ----RD---- C:\Program Files
2014-06-07 10:59:55 ----RD---- C:\Program Files (x86)
2014-06-07 10:59:45 ----D---- C:\Program Files (x86)\Google
2014-06-07 10:56:01 ----SHD---- C:\Windows\Installer
2014-06-07 10:51:27 ----D---- C:\Windows\Tasks
2014-06-07 10:51:27 ----D---- C:\Windows\system32\Tasks
2014-06-07 10:47:38 ----SHD---- C:\System Volume Information
2014-06-07 10:47:25 ----D---- C:\Windows\system32\drivers
2014-06-07 10:42:19 ----D---- C:\Qoobox
2014-06-07 10:36:38 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2014-06-07 09:25:43 ----A---- C:\Windows\win.ini
2014-06-07 09:15:51 ----D---- C:\Program Files (x86)\Steam
2014-06-07 09:06:06 ----D---- C:\Windows\system32\NDF
2014-06-07 09:03:44 ----D---- C:\Windows\system32\config
2014-06-07 08:55:09 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2014-06-07 08:55:05 ----D---- C:\ProgramData\Origin
2014-06-07 08:55:03 ----D---- C:\Users\Misa\AppData\Roaming\newnext.me
2014-06-07 08:54:52 ----D---- C:\Program Files (x86)\Origin
2014-06-07 08:48:07 ----RD---- C:\Program Files (x86)\Skype
2014-06-07 08:48:07 ----D---- C:\Program Files (x86)\Common Files
2014-06-07 08:48:02 ----D---- C:\ProgramData\Skype
2014-06-07 08:44:45 ----D---- C:\ProgramData\NVIDIA
2014-06-01 12:09:51 ----D---- C:\Windows\Microsoft.NET
2014-06-01 12:09:03 ----RSD---- C:\Windows\assembly
2014-06-01 10:27:11 ----D---- C:\Windows
2014-06-01 10:13:12 ----D---- C:\Windows\SysWOW64
2014-05-31 23:05:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-05-31 19:45:07 ----D---- C:\Windows\winsxs
2014-05-31 12:02:10 ----D---- C:\Windows\system32\wdi
2014-05-22 08:49:49 ----SD---- C:\Users\Misa\AppData\Roaming\Microsoft
2014-05-21 17:11:18 ----D---- C:\ProgramData
2014-05-21 13:04:59 ----D---- C:\Program Files (x86)\Origin Games
2014-05-18 12:04:55 ----A---- C:\Windows\system.ini
2014-05-18 12:04:32 ----D---- C:\Windows\system32\drivers\etc
2014-05-18 12:00:15 ----D---- C:\Program Files (x86)\Supporter
2014-05-18 11:54:10 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-18 11:54:10 ----D---- C:\Windows\AppPatch
2014-05-18 11:36:29 ----D---- C:\ProgramData\Oracle
2014-05-18 11:36:12 ----D---- C:\Program Files (x86)\Java
2014-05-18 11:23:06 ----D---- C:\Users\Misa\AppData\Roaming\Seznam.cz
2014-05-16 17:00:18 ----D---- C:\Users\Misa\AppData\Roaming\.minecraft
2014-05-16 12:35:57 ----SD---- C:\Windows\system32\CompatTel
2014-05-16 12:35:57 ----D---- C:\Windows\System32
2014-05-16 12:35:51 ----D---- C:\Windows\system32\cs-CZ
2014-05-15 21:04:19 ----D---- C:\Windows\system32\catroot
2014-05-15 21:03:50 ----D---- C:\Windows\system32\MRT
2014-05-15 21:02:09 ----A---- C:\Windows\system32\MRT.exe
2014-05-15 15:28:42 ----D---- C:\Windows\system32\catroot2
2014-05-14 20:14:55 ----D---- C:\ProgramData\Electronic Arts
2014-05-09 17:58:24 ----D---- C:\Windows\system32\drivers\UMDF
2014-05-08 13:38:54 ----D---- C:\ProgramData\9592eb269e68befc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64;{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [2014-04-29 61120]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-09 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-09-05 196384]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 2228048]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 377616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-30 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 Util wisen wizard;Util wisen wizard; C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe [2014-05-31 317728]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2011-05-23 95232]
S2 be0fb33b;Supporter; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe []
S2 Update wisen wizard;Update wisen wizard; C:\Program Files (x86)\wisen wizard\updatewisenwizard.exe [2014-05-31 317728]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

Re: notebook plný reklam, pomalý prohlížeč,...

#2 Příspěvek od oflo »

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Misa (administrator) on MISA-PC on 07-06-2014 11:20:42
Running from C:\Users\Misa\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(PI Engineering) C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\wisen wizard\bin\wisenwizard.PurBrowse64.exe
() C:\Program Files (x86)\wisen wizard\bin\wisenwizard.BrowserAdapter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Misa\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mncauyhcSrv] => C:\Windows\SysWOW64\mncauyhc.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [Launcher6015N] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2571264 2011-05-19] (Xerox)
HKLM-x32\...\Run: [DocuPrint 6015N RUN] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [355840 2011-05-23] ()
HKLM-x32\...\Run: [StatusAutoRun6015N] => C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [4477440 2011-05-23] ()
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [mnctsxdSrv] => C:\Windows\SysWOW64\mnctsxd.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Misa\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [SystemProc] => C:\Users\Public\Other\run_shc.lnk
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-02] (Electronic Arts)
HKU\S-1-5-21-2638994720-480925200-2635197728-1000\...\Run: [uTorrent] => C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe [1271376 2014-05-29] (BitTorrent Inc.)
Startup: C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacroWorks 3.1.lnk
ShortcutTarget: MacroWorks 3.1.lnk -> C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (PI Engineering)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13014
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {33FA4F14-A7F2-4568-8940-9DFB4743DDDD} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13014
SearchScopes: HKCU - {52FC99FE-8F25-4092-92BF-8FCAB21FB61D} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13014
SearchScopes: HKCU - {5C473AAB-0370-4BFF-BB61-9E4A5B4E4A1A} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13014
SearchScopes: HKCU - {7989EA8C-E594-46D1-8E59-43435C05DFA6} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {AEBB6738-13ED-4E93-82EA-2FD804389F86} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {B64E694C-08AF-4ED1-AE20-CD326EAD9F6A} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13014
SearchScopes: HKCU - {C34BD442-4498-40C7-98B3-863FEA374F47} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13014
SearchScopes: HKCU - {D0C76087-D78A-4EAF-B7A8-5751F9D23B5C} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13014
SearchScopes: HKCU - {D5677D0E-C689-4F2B-81E2-116E3A4AE96E} URL = http://search.seznam.cz/?q={searchTerms ... arch_13014
BHO: RandoMPricea - {0B7449AB-D29B-1E46-A056-DBA6693C8729} - C:\ProgramData\RandoMPricea\D.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RandoMPricea - {0B7449AB-D29B-1E46-A056-DBA6693C8729} - C:\ProgramData\RandoMPricea\D.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: wisen wizard - {d7bbe586-f42a-454b-9794-776b57483a40} - C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll (wisen wizard)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-73ae31ae795e410c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Misa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Disk Google) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Vyhledávání Google) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (Peněženka Google) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Extension: (Gmail) - C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
S2 Update wisen wizard; C:\Program Files (x86)\wisen wizard\updatewisenwizard.exe [317728 2014-05-31] ()
R2 Util wisen wizard; C:\Program Files (x86)\wisen wizard\bin\utilwisenwizard.exe [317728 2014-05-31] ()
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG)
R2 XRNADB; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [95232 2011-05-23] ()
S2 be0fb33b; "C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-09] (Disc Soft Ltd)
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [61120 2014-04-29] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 11:20 - 2014-06-07 11:21 - 00013577 _____ () C:\Users\Misa\Desktop\FRST.txt
2014-06-07 11:20 - 2014-06-07 11:20 - 00029696 _____ () C:\Users\Misa\AppData\Local\MSGBOX.EXE
2014-06-07 11:20 - 2014-06-07 11:20 - 00015327 _____ () C:\Users\Misa\Desktop\LM.bat
2014-06-07 11:20 - 2014-06-07 11:20 - 00000000 ____D () C:\FRST
2014-06-07 11:17 - 2014-06-07 11:17 - 00000000 ____D () C:\rsit
2014-06-07 11:17 - 2014-06-07 11:17 - 00000000 ____D () C:\Program Files\trend micro
2014-06-07 11:16 - 2014-06-07 11:16 - 00112640 _____ (forum.viry.cz) C:\Users\Misa\Desktop\FRSTLauncher.exe
2014-06-07 10:59 - 2014-06-07 10:59 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-07 10:59 - 2014-06-07 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-07 10:57 - 2014-06-07 10:59 - 02072576 _____ (Farbar) C:\Users\Misa\Desktop\FRST64.exe
2014-06-07 10:56 - 2014-06-07 10:59 - 01222144 _____ () C:\Users\Misa\Desktop\RSITx64.exe
2014-06-07 10:51 - 2014-06-07 10:56 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 10:51 - 2014-06-07 10:56 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 10:51 - 2014-06-07 10:51 - 00003842 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-07 10:51 - 2014-06-07 10:51 - 00003590 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-07 10:47 - 2014-06-07 10:47 - 00000000 ___SD () C:\ComboFix
2014-06-07 10:41 - 2014-06-07 10:40 - 05205146 ____R (Swearware) C:\Users\Misa\Desktop\ComboFix.exe
2014-06-07 10:40 - 2014-06-07 10:40 - 05205146 _____ (Swearware) C:\Users\Misa\Downloads\ComboFix (1).exe
2014-06-07 10:35 - 2014-06-07 10:40 - 00918672 _____ (Google Inc.) C:\Users\Misa\Downloads\ChromeSetup.exe
2014-06-07 08:46 - 2014-06-07 08:46 - 00000022 _____ () C:\Users\Misa\Desktop\Worms.txt
2014-06-01 10:27 - 2014-06-01 10:27 - 00000083 _____ () C:\Windows\wp.INI
2014-06-01 10:26 - 1998-04-08 00:41 - 08619189 _____ (Funduc Software Inc.) C:\Users\Misa\Desktop\W2P005_English.exe
2014-06-01 10:25 - 2014-06-01 10:26 - 02803994 _____ () C:\Users\Misa\Downloads\W2P005_English.zip
2014-06-01 10:24 - 2014-06-01 10:24 - 00004856 _____ () C:\Users\Misa\Downloads\SR-WORM2.ZIP
2014-06-01 10:24 - 2014-06-01 10:24 - 00000000 ____D () C:\Users\Misa\Downloads\SR-WORM2
2014-06-01 10:16 - 2014-06-01 10:16 - 00000000 ____D () C:\Users\Misa\Desktop\Patch
2014-06-01 10:16 - 2002-01-15 15:08 - 02686464 _____ () C:\Users\Misa\Desktop\Patch.exe
2014-06-01 10:14 - 2014-06-01 10:21 - 00000000 ____D () C:\Worms2
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms2
2014-06-01 10:13 - 2014-06-01 10:21 - 00047104 _____ () C:\Windows\SysWOW64\KMVIDC32.DLL
2014-06-01 09:49 - 2014-06-01 09:49 - 00000000 ____D () C:\Worms Armageddon
2014-06-01 09:46 - 2014-06-01 09:46 - 00000000 ____D () C:\Users\Misa\Downloads\WA
2014-06-01 00:28 - 2014-06-01 00:28 - 00154769 _____ () C:\Users\Misa\Downloads\WWP-Colour-Fix-for-Vista.zip
2014-05-31 23:07 - 2014-06-01 09:50 - 00000949 _____ () C:\Users\Misa\Desktop\Worms Armageddon.lnk
2014-05-31 23:07 - 2014-05-31 23:07 - 00000969 _____ () C:\Users\Misa\Desktop\Worms World Party.lnk
2014-05-31 23:05 - 2014-06-07 08:56 - 00000000 ____D () C:\Worms World Party
2014-05-31 23:05 - 2014-06-01 09:15 - 00000000 ____D () C:\Users\Misa\Downloads\Worms2
2014-05-31 23:05 - 2014-05-31 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
2014-05-31 23:00 - 2014-06-01 09:17 - 674939902 _____ (Igor Pavlov) C:\Users\Misa\Downloads\Worms Armageddon v3.7.2.1.exe
2014-05-31 21:09 - 2014-05-31 22:19 - 594497536 _____ () C:\Users\Misa\Downloads\Worms World Party.iso
2014-05-31 19:47 - 2014-05-31 19:47 - 00000000 ____D () C:\Users\Misa\AppData\Local\FLT
2014-05-31 19:44 - 2014-05-31 19:44 - 00001984 _____ () C:\Users\Public\Desktop\Worms Revolution.lnk
2014-05-31 19:44 - 2014-05-31 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Revolution
2014-05-31 19:42 - 2014-05-31 19:44 - 00000000 ____D () C:\Program Files (x86)\Worms Revolution
2014-05-31 12:18 - 2014-05-31 16:06 - 00000000 ____D () C:\Users\Misa\Downloads\Worms_Revolution-FLT
2014-05-31 12:11 - 2014-05-31 12:11 - 00332288 _____ () C:\Users\Misa\Downloads\Game Setup File__2871_il2150.exe
2014-05-29 11:31 - 2014-06-07 10:29 - 00000000 ____D () C:\Users\Misa\Documents\Bus Driver
2014-05-29 11:31 - 2014-05-29 11:31 - 00001986 _____ () C:\Users\Misa\Desktop\busdriver – zástupce.lnk
2014-05-29 11:26 - 2014-05-29 11:26 - 00000000 ____D () C:\Users\Misa\Desktop\script – kopie
2014-05-29 11:26 - 2014-05-29 11:26 - 00000000 ____D () C:\Users\Misa\Desktop\script
2014-05-29 11:25 - 2014-05-29 11:25 - 00182364 _____ () C:\Users\Misa\Downloads\Bus Driver AN.rar
2014-05-29 11:22 - 2014-05-29 11:22 - 00000000 ____D () C:\Users\Misa\Downloads\Bus driver english
2014-05-29 11:11 - 2014-05-29 11:22 - 61146032 _____ () C:\Users\Misa\Downloads\Bus driver english.7z
2014-05-29 11:11 - 2014-05-29 11:11 - 00000849 _____ () C:\Users\Misa\Desktop\µTorrent.lnk
2014-05-29 11:09 - 2014-05-29 11:09 - 01271376 _____ (BitTorrent Inc.) C:\Users\Misa\Downloads\uTorrent (1).exe
2014-05-29 10:29 - 2014-05-29 10:37 - 32648921 _____ () C:\Users\Misa\Downloads\Bus-Simulator-2008.iso.rar
2014-05-29 09:37 - 2014-05-29 09:37 - 00471424 _____ () C:\Users\Misa\Downloads\NineGame_514292_in.apk
2014-05-29 09:34 - 2014-05-29 09:36 - 34840341 _____ () C:\Users\Misa\Downloads\2013072514551169222b_bussimulator3d_9game.apk
2014-05-28 15:10 - 2014-05-28 15:10 - 00001656 _____ () C:\Users\Misa\Desktop\Vlaky na Raz dva.txt
2014-05-28 13:55 - 2014-05-28 14:02 - 00001713 _____ () C:\Users\Misa\Desktop\Bus Simulator.lnk
2014-05-28 13:52 - 2014-05-28 14:02 - 00000000 ____D () C:\Program Files\Bus Simulator
2014-05-28 13:39 - 2014-05-28 13:40 - 00000044 _____ () C:\Users\Misa\Desktop\Klíč youtube Vyhledávání.txt
2014-05-28 13:32 - 2014-05-28 13:32 - 00357728 _____ (Softonic) C:\Users\Misa\Downloads\SoftonicDownloader_for_european-bus-simulator-2012.exe
2014-05-21 17:56 - 2014-05-21 17:56 - 00000000 ____D () C:\Users\Misa\Documents\My Cheat Tables
2014-05-21 17:55 - 2014-05-21 17:55 - 07141335 _____ () C:\Users\Misa\Downloads\plants trainer.rar
2014-05-21 17:55 - 2014-05-21 17:55 - 01759480 _____ (Bandoo Media Inc) C:\Users\Misa\Downloads\iLividSetup-r1250-n-bc.exe
2014-05-21 17:11 - 2014-05-21 17:11 - 00000000 ____D () C:\ProgramData\EA Core
2014-05-21 13:11 - 2014-05-21 13:11 - 00001275 _____ () C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies
2014-05-18 20:51 - 2014-05-18 20:51 - 00000000 ____D () C:\Users\Misa\AppData\Local\Lazy 8 Studios
2014-05-18 19:46 - 2014-05-18 20:49 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Synthesia
2014-05-18 19:46 - 2014-05-18 19:46 - 02821848 _____ (Synthesia LLC) C:\Users\Misa\Downloads\Synthesia-9.0-installer.exe
2014-05-18 19:46 - 2014-05-18 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
2014-05-18 19:46 - 2014-05-18 19:46 - 00000000 ____D () C:\Program Files (x86)\Synthesia
2014-05-18 19:28 - 2014-05-18 19:28 - 00000221 _____ () C:\Users\Misa\Desktop\Cogs.url
2014-05-18 15:01 - 2014-05-18 15:01 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailDriver for Trainz
2014-05-18 15:01 - 2014-05-18 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RailDriver for Trainz
2014-05-18 15:00 - 2014-05-18 15:00 - 01529970 _____ (P.I. Engineering, Inc.) C:\Users\Misa\Downloads\rdts12sp1.exe
2014-05-18 14:59 - 2014-05-18 15:00 - 01529886 _____ (P.I. Engineering, Inc.) C:\Users\Misa\Downloads\rdts2009.exe
2014-05-18 12:33 - 2014-05-18 12:33 - 00000000 ____D () C:\Windows\Sun
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-18 11:39 - 2014-05-18 11:39 - 03972608 _____ () C:\Users\Misa\Downloads\RogueKiller (1).exe
2014-05-18 11:36 - 2014-05-18 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-18 11:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-18 11:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-18 11:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-18 11:35 - 2014-05-18 11:43 - 00000000 ____D () C:\Users\Misa\Desktop\antivir
2014-05-18 11:34 - 2014-05-18 11:36 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 11:33 - 2014-05-18 11:33 - 00921512 _____ (Oracle Corporation) C:\Users\Misa\Downloads\chromeinstall-7u55.exe
2014-05-16 17:21 - 2014-05-16 17:22 - 05565454 _____ () C:\Users\Misa\Downloads\mari0-win.zip
2014-05-16 16:49 - 2014-05-16 16:50 - 24420851 _____ () C:\Users\Misa\Downloads\Minecraft mod.zip
2014-05-15 21:04 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 21:04 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 21:04 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 21:04 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 21:04 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 21:04 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 15:29 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 15:29 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 15:28 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 15:28 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 15:28 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 15:28 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 15:28 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 15:28 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 15:28 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 15:28 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 15:28 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 15:28 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 15:28 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 15:28 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 15:28 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 15:28 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 15:28 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 15:28 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 15:28 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 15:28 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 15:28 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 15:28 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 15:28 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 12:28 - 2014-05-14 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 12:28 - 2014-05-14 12:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-11 19:48 - 2014-05-11 19:48 - 01299168 _____ (Josef Harkabus ) C:\Users\Misa\Downloads\CR_310.exe
2014-05-11 19:44 - 2014-05-11 20:47 - 00000000 ____D () C:\Users\Misa\Desktop\CR 310 MSTS
2014-05-11 15:46 - 2014-05-11 16:04 - 09292605 _____ () C:\Users\Misa\Downloads\MHD-simulator-2009.rar
2014-05-11 14:49 - 2014-05-11 15:04 - 34130777 _____ () C:\Users\Misa\Downloads\GLOBAL.ZIP
2014-05-09 17:58 - 2014-05-09 17:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-08 13:38 - 2014-05-08 13:38 - 00000000 ____D () C:\ProgramData\RandoMPricea

==================== One Month Modified Files and Folders =======

2014-06-07 11:21 - 2014-06-07 11:20 - 00013577 _____ () C:\Users\Misa\Desktop\FRST.txt
2014-06-07 11:21 - 2014-02-01 15:22 - 00000000 ____D () C:\Users\Misa\AppData\Local\Temp
2014-06-07 11:20 - 2014-06-07 11:20 - 00029696 _____ () C:\Users\Misa\AppData\Local\MSGBOX.EXE
2014-06-07 11:20 - 2014-06-07 11:20 - 00015327 _____ () C:\Users\Misa\Desktop\LM.bat
2014-06-07 11:20 - 2014-06-07 11:20 - 00000000 ____D () C:\FRST
2014-06-07 11:17 - 2014-06-07 11:17 - 00000000 ____D () C:\rsit
2014-06-07 11:17 - 2014-06-07 11:17 - 00000000 ____D () C:\Program Files\trend micro
2014-06-07 11:16 - 2014-06-07 11:16 - 00112640 _____ (forum.viry.cz) C:\Users\Misa\Desktop\FRSTLauncher.exe
2014-06-07 10:59 - 2014-06-07 10:59 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-07 10:59 - 2014-06-07 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-07 10:59 - 2014-06-07 10:57 - 02072576 _____ (Farbar) C:\Users\Misa\Desktop\FRST64.exe
2014-06-07 10:59 - 2014-06-07 10:56 - 01222144 _____ () C:\Users\Misa\Desktop\RSITx64.exe
2014-06-07 10:59 - 2014-02-01 17:24 - 00000000 ____D () C:\Users\Misa\AppData\Local\Google
2014-06-07 10:59 - 2014-02-01 17:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-07 10:56 - 2014-06-07 10:51 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 10:56 - 2014-06-07 10:51 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 10:51 - 2014-06-07 10:51 - 00003842 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-07 10:51 - 2014-06-07 10:51 - 00003590 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-07 10:47 - 2014-06-07 10:47 - 00000000 ___SD () C:\ComboFix
2014-06-07 10:47 - 2014-03-30 01:13 - 00000000 ____D () C:\Users\Misa\AppData\Local\LogMeIn Hamachi
2014-06-07 10:42 - 2014-03-08 21:30 - 00000000 ____D () C:\Qoobox
2014-06-07 10:40 - 2014-06-07 10:41 - 05205146 ____R (Swearware) C:\Users\Misa\Desktop\ComboFix.exe
2014-06-07 10:40 - 2014-06-07 10:40 - 05205146 _____ (Swearware) C:\Users\Misa\Downloads\ComboFix (1).exe
2014-06-07 10:40 - 2014-06-07 10:35 - 00918672 _____ (Google Inc.) C:\Users\Misa\Downloads\ChromeSetup.exe
2014-06-07 10:39 - 2014-02-01 15:14 - 02030686 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 10:36 - 2014-03-15 12:18 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\uTorrent
2014-06-07 10:32 - 2014-02-01 17:24 - 00000000 ____D () C:\Users\Misa\AppData\Local\Deployment
2014-06-07 10:32 - 2014-02-01 17:24 - 00000000 ____D () C:\Users\Misa\AppData\Local\Apps\2.0
2014-06-07 10:29 - 2014-05-29 11:31 - 00000000 ____D () C:\Users\Misa\Documents\Bus Driver
2014-06-07 09:39 - 2014-02-24 17:12 - 00000000 _____ () C:\Users\Misa\AppData\Roaming\FileOut.cns
2014-06-07 09:39 - 2014-02-24 17:12 - 00000000 _____ () C:\Users\Misa\AppData\Roaming\FileIn.cns
2014-06-07 09:25 - 2009-07-14 04:34 - 00000532 _____ () C:\Windows\win.ini
2014-06-07 09:15 - 2014-02-01 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-07 09:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-07 08:56 - 2014-05-31 23:05 - 00000000 ____D () C:\Worms World Party
2014-06-07 08:56 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 08:56 - 2009-07-14 06:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 08:55 - 2014-05-02 13:21 - 00000000 ____D () C:\ProgramData\Origin
2014-06-07 08:55 - 2014-03-30 09:46 - 00004270 _____ () C:\Users\Misa\rgut
2014-06-07 08:55 - 2014-03-09 10:42 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\newnext.me
2014-06-07 08:55 - 2014-02-04 17:29 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Skype
2014-06-07 08:54 - 2014-05-02 13:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-07 08:48 - 2014-02-04 17:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 08:48 - 2014-02-04 17:29 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 08:46 - 2014-06-07 08:46 - 00000022 _____ () C:\Users\Misa\Desktop\Worms.txt
2014-06-07 08:44 - 2014-04-06 17:31 - 00005755 _____ () C:\Windows\setupact.log
2014-06-07 08:44 - 2014-02-01 15:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-07 08:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 10:27 - 2014-06-01 10:27 - 00000083 _____ () C:\Windows\wp.INI
2014-06-01 10:26 - 2014-06-01 10:25 - 02803994 _____ () C:\Users\Misa\Downloads\W2P005_English.zip
2014-06-01 10:24 - 2014-06-01 10:24 - 00004856 _____ () C:\Users\Misa\Downloads\SR-WORM2.ZIP
2014-06-01 10:24 - 2014-06-01 10:24 - 00000000 ____D () C:\Users\Misa\Downloads\SR-WORM2
2014-06-01 10:21 - 2014-06-01 10:14 - 00000000 ____D () C:\Worms2
2014-06-01 10:21 - 2014-06-01 10:13 - 00047104 _____ () C:\Windows\SysWOW64\KMVIDC32.DLL
2014-06-01 10:16 - 2014-06-01 10:16 - 00000000 ____D () C:\Users\Misa\Desktop\Patch
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms2
2014-06-01 09:50 - 2014-05-31 23:07 - 00000949 _____ () C:\Users\Misa\Desktop\Worms Armageddon.lnk
2014-06-01 09:49 - 2014-06-01 09:49 - 00000000 ____D () C:\Worms Armageddon
2014-06-01 09:46 - 2014-06-01 09:46 - 00000000 ____D () C:\Users\Misa\Downloads\WA
2014-06-01 09:17 - 2014-05-31 23:00 - 674939902 _____ (Igor Pavlov) C:\Users\Misa\Downloads\Worms Armageddon v3.7.2.1.exe
2014-06-01 09:15 - 2014-05-31 23:05 - 00000000 ____D () C:\Users\Misa\Downloads\Worms2
2014-06-01 00:32 - 2014-03-08 22:17 - 00000000 ____D () C:\Users\Misa\AppData\Local\CrashDumps
2014-06-01 00:28 - 2014-06-01 00:28 - 00154769 _____ () C:\Users\Misa\Downloads\WWP-Colour-Fix-for-Vista.zip
2014-05-31 23:07 - 2014-05-31 23:07 - 00000969 _____ () C:\Users\Misa\Desktop\Worms World Party.lnk
2014-05-31 23:06 - 2014-03-09 10:57 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-31 23:05 - 2014-05-31 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team17
2014-05-31 23:05 - 2014-03-11 16:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-31 22:19 - 2014-05-31 21:09 - 594497536 _____ () C:\Users\Misa\Downloads\Worms World Party.iso
2014-05-31 19:47 - 2014-05-31 19:47 - 00000000 ____D () C:\Users\Misa\AppData\Local\FLT
2014-05-31 19:46 - 2014-02-01 17:59 - 00166272 _____ () C:\Windows\DirectX.log
2014-05-31 19:44 - 2014-05-31 19:44 - 00001984 _____ () C:\Users\Public\Desktop\Worms Revolution.lnk
2014-05-31 19:44 - 2014-05-31 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Revolution
2014-05-31 19:44 - 2014-05-31 19:42 - 00000000 ____D () C:\Program Files (x86)\Worms Revolution
2014-05-31 16:06 - 2014-05-31 12:18 - 00000000 ____D () C:\Users\Misa\Downloads\Worms_Revolution-FLT
2014-05-31 12:11 - 2014-05-31 12:11 - 00332288 _____ () C:\Users\Misa\Downloads\Game Setup File__2871_il2150.exe
2014-05-29 11:31 - 2014-05-29 11:31 - 00001986 _____ () C:\Users\Misa\Desktop\busdriver – zástupce.lnk
2014-05-29 11:26 - 2014-05-29 11:26 - 00000000 ____D () C:\Users\Misa\Desktop\script – kopie
2014-05-29 11:26 - 2014-05-29 11:26 - 00000000 ____D () C:\Users\Misa\Desktop\script
2014-05-29 11:25 - 2014-05-29 11:25 - 00182364 _____ () C:\Users\Misa\Downloads\Bus Driver AN.rar
2014-05-29 11:22 - 2014-05-29 11:22 - 00000000 ____D () C:\Users\Misa\Downloads\Bus driver english
2014-05-29 11:22 - 2014-05-29 11:11 - 61146032 _____ () C:\Users\Misa\Downloads\Bus driver english.7z
2014-05-29 11:11 - 2014-05-29 11:11 - 00000849 _____ () C:\Users\Misa\Desktop\µTorrent.lnk
2014-05-29 11:09 - 2014-05-29 11:09 - 01271376 _____ (BitTorrent Inc.) C:\Users\Misa\Downloads\uTorrent (1).exe
2014-05-29 10:37 - 2014-05-29 10:29 - 32648921 _____ () C:\Users\Misa\Downloads\Bus-Simulator-2008.iso.rar
2014-05-29 09:37 - 2014-05-29 09:37 - 00471424 _____ () C:\Users\Misa\Downloads\NineGame_514292_in.apk
2014-05-29 09:36 - 2014-05-29 09:34 - 34840341 _____ () C:\Users\Misa\Downloads\2013072514551169222b_bussimulator3d_9game.apk
2014-05-28 15:10 - 2014-05-28 15:10 - 00001656 _____ () C:\Users\Misa\Desktop\Vlaky na Raz dva.txt
2014-05-28 14:02 - 2014-05-28 13:55 - 00001713 _____ () C:\Users\Misa\Desktop\Bus Simulator.lnk
2014-05-28 14:02 - 2014-05-28 13:52 - 00000000 ____D () C:\Program Files\Bus Simulator
2014-05-28 13:57 - 2014-02-01 15:22 - 00000000 ____D () C:\Users\Misa\AppData\Local\VirtualStore
2014-05-28 13:55 - 2014-03-12 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD
2014-05-28 13:40 - 2014-05-28 13:39 - 00000044 _____ () C:\Users\Misa\Desktop\Klíč youtube Vyhledávání.txt
2014-05-28 13:32 - 2014-05-28 13:32 - 00357728 _____ (Softonic) C:\Users\Misa\Downloads\SoftonicDownloader_for_european-bus-simulator-2012.exe
2014-05-21 17:56 - 2014-05-21 17:56 - 00000000 ____D () C:\Users\Misa\Documents\My Cheat Tables
2014-05-21 17:55 - 2014-05-21 17:55 - 07141335 _____ () C:\Users\Misa\Downloads\plants trainer.rar
2014-05-21 17:55 - 2014-05-21 17:55 - 01759480 _____ (Bandoo Media Inc) C:\Users\Misa\Downloads\iLividSetup-r1250-n-bc.exe
2014-05-21 17:11 - 2014-05-21 17:11 - 00000000 ____D () C:\ProgramData\EA Core
2014-05-21 13:11 - 2014-05-21 13:11 - 00001275 _____ () C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2014-05-21 13:11 - 2014-05-21 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies
2014-05-21 13:11 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-21 13:04 - 2014-05-02 13:23 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-05-18 20:51 - 2014-05-18 20:51 - 00000000 ____D () C:\Users\Misa\AppData\Local\Lazy 8 Studios
2014-05-18 20:49 - 2014-05-18 19:46 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Synthesia
2014-05-18 19:46 - 2014-05-18 19:46 - 02821848 _____ (Synthesia LLC) C:\Users\Misa\Downloads\Synthesia-9.0-installer.exe
2014-05-18 19:46 - 2014-05-18 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synthesia
2014-05-18 19:46 - 2014-05-18 19:46 - 00000000 ____D () C:\Program Files (x86)\Synthesia
2014-05-18 19:28 - 2014-05-18 19:28 - 00000221 _____ () C:\Users\Misa\Desktop\Cogs.url
2014-05-18 19:28 - 2014-02-01 19:27 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-18 15:01 - 2014-05-18 15:01 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailDriver for Trainz
2014-05-18 15:01 - 2014-05-18 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RailDriver for Trainz
2014-05-18 15:00 - 2014-05-18 15:00 - 01529970 _____ (P.I. Engineering, Inc.) C:\Users\Misa\Downloads\rdts12sp1.exe
2014-05-18 15:00 - 2014-05-18 14:59 - 01529886 _____ (P.I. Engineering, Inc.) C:\Users\Misa\Downloads\rdts2009.exe
2014-05-18 12:38 - 2014-02-01 21:07 - 00197518 _____ () C:\Windows\PFRO.log
2014-05-18 12:33 - 2014-05-18 12:33 - 00000000 ____D () C:\Windows\Sun
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-18 12:18 - 2014-05-18 12:18 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-18 12:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-18 12:00 - 2014-05-01 16:55 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-05-18 11:43 - 2014-05-18 11:35 - 00000000 ____D () C:\Users\Misa\Desktop\antivir
2014-05-18 11:41 - 2014-03-08 21:45 - 00000000 ____D () C:\Users\Misa\Desktop\RK_Quarantine
2014-05-18 11:39 - 2014-05-18 11:39 - 03972608 _____ () C:\Users\Misa\Downloads\RogueKiller (1).exe
2014-05-18 11:36 - 2014-05-18 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-18 11:36 - 2014-05-18 11:34 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-18 11:36 - 2014-02-02 13:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 11:36 - 2014-02-02 13:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-18 11:33 - 2014-05-18 11:33 - 00921512 _____ (Oracle Corporation) C:\Users\Misa\Downloads\chromeinstall-7u55.exe
2014-05-18 11:23 - 2014-04-17 09:55 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\Seznam.cz
2014-05-16 17:22 - 2014-05-16 17:21 - 05565454 _____ () C:\Users\Misa\Downloads\mari0-win.zip
2014-05-16 17:00 - 2014-02-03 09:39 - 00000000 ____D () C:\Users\Misa\AppData\Roaming\.minecraft
2014-05-16 16:50 - 2014-05-16 16:49 - 24420851 _____ () C:\Users\Misa\Downloads\Minecraft mod.zip
2014-05-16 12:39 - 2014-02-01 15:23 - 00000000 ___RD () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 12:39 - 2014-02-01 15:23 - 00000000 ___RD () C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 12:35 - 2014-04-30 21:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 21:03 - 2014-02-01 16:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 21:02 - 2014-02-01 16:07 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 20:14 - 2014-05-02 13:21 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-14 12:28 - 2014-05-14 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-14 12:28 - 2014-05-14 12:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 12:28 - 2014-04-16 12:52 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-05-11 20:58 - 2013-11-02 09:33 - 00000000 ____D () C:\Users\Misa\Desktop\MSTS NEW
2014-05-11 20:47 - 2014-05-11 19:44 - 00000000 ____D () C:\Users\Misa\Desktop\CR 310 MSTS
2014-05-11 19:48 - 2014-05-11 19:48 - 01299168 _____ (Josef Harkabus ) C:\Users\Misa\Downloads\CR_310.exe
2014-05-11 18:15 - 2012-05-21 16:06 - 00000685 _____ () C:\Users\Misa\Desktop\crash.txt
2014-05-11 16:53 - 2014-04-21 15:47 - 00000000 ____D () C:\Users\Misa\Documents\TrackMania
2014-05-11 16:04 - 2014-05-11 15:46 - 09292605 _____ () C:\Users\Misa\Downloads\MHD-simulator-2009.rar
2014-05-11 15:04 - 2014-05-11 14:49 - 34130777 _____ () C:\Users\Misa\Downloads\GLOBAL.ZIP
2014-05-11 10:28 - 2014-02-01 10:07 - 00000000 ____D () C:\Users\Misa\Desktop\Stara plocha
2014-05-10 18:45 - 2012-08-17 20:59 - 00000833 _____ () C:\Users\Misa\Desktop\Nargonuv LP Minecraft S02E16 - Enchant, koleje, bezpečnost.website
2014-05-09 17:58 - 2014-05-09 17:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-09 08:14 - 2014-05-15 15:28 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 15:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 13:38 - 2014-05-08 13:38 - 00000000 ____D () C:\ProgramData\RandoMPricea
2014-05-08 13:38 - 2014-05-01 16:55 - 00000000 ____D () C:\ProgramData\9592eb269e68befc

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 20:29

==================== End Of Log ============================
Přílohy
Addition.rar
(7.46 KiB) Staženo 69 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119541
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: notebook plný reklam, pomalý prohlížeč,...

#3 Příspěvek od Rudy »

Zdravím!
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

Re: notebook plný reklam, pomalý prohlížeč,...

#4 Příspěvek od oflo »

# AdwCleaner v3.212 - Report created 07/06/2014 at 12:42:23
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (64 bits)
# Username : Misa - MISA-PC
# Running from : C:\Users\Misa\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : be0fb33b
[#] Service Deleted : Update wisen wizard
[#] Service Deleted : Util wisen wizard

***** [ Files / Folders ] *****

Folder Deleted : C:\Updater
Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\RandoMPricea
Folder Deleted : C:\Program Files (x86)\supporter
[!] Folder Deleted : C:\Program Files (x86)\wisen wizard
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Misa\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Misa\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\Misa\AppData\Local\genienext
Folder Deleted : C:\Users\Misa\AppData\Local\iMesh
Folder Deleted : C:\Users\Misa\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Misa\AppData\Local\torch
Folder Deleted : C:\Users\Misa\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Misa\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Misa\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Misa\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Misa\Documents\Mobogenie
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Misa\daemonprocess.txt
File Deleted : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
File Deleted : C:\Users\Misa\Desktop\iMesh.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Deleted : HKLM\SOFTWARE\Classes\RRanndomPrice.RRanndomPrice
Key Deleted : HKLM\SOFTWARE\Classes\RRanndomPrice.RRanndomPrice.6.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B7449AB-D29B-1E46-A056-DBA6693C8729}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Imesh
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : [x64] HKCU\Software\Imesh
Key Deleted : [x64] HKCU\Software\Softonic
Key Deleted : [x64] HKCU\Software\Somoto
Key Deleted : [x64] HKCU\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1012&systemid=1&v=n11551-260&apn_uid=2204677299404357&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}

*************************

AdwCleaner[R0].txt - [10701 octets] - [07/06/2014 12:25:49]
AdwCleaner[S0].txt - [10531 octets] - [07/06/2014 12:42:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10592 octets] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119541
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: notebook plný reklam, pomalý prohlížeč,...

#5 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

Re: notebook plný reklam, pomalý prohlížeč,...

#6 Příspěvek od oflo »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Misa at 2014-06-13 10:24:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 180 GB (47%) free of 382 GB
Total RAM: 3959 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:22, on 13.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\trend micro\Misa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: wisen wizard - {d7bbe586-f42a-454b-9794-776b57483a40} - C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mncauyhcSrv] C:\Windows\system32\mncauyhc.vbe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Launcher6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
O4 - HKLM\..\Run: [DocuPrint 6015N RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mnctsxdSrv] C:\Windows\system32\mnctsxd.vbe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SystemProc] C:\Users\Public\Other\run_shc.lnk
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MacroWorks 3.1.lnk = C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 8706 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
WLIDSvcM.exe 2116
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "583119490764945644-12535107071490833968-9405019339025857391666187235-1290015923
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe"
\??\C:\Windows\system32\conhost.exe "-71822207683046309413791459741610958398-21253336201883315552-1950784705600361270
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
WicaInventory.exe /apps /fast /ext "exe,sys" /output "C:\Windows\TEMP\CompatTelemetryLogs\WICA_Programs_MISA-PC.xml" /log "C:\Windows\TEMP\CompatTelemetryLogs" "C:\Windows\system32\CompatTel"
\??\C:\Windows\system32\conhost.exe "1050479228-176087161-13765720921780957103625328834-1072520522-653702343955793701
"C:\Users\Misa\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7bbe586-f42a-454b-9794-776b57483a40}]
wisen wizard - C:\Program Files (x86)\wisen wizard\wisenwizardBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"SystemProc"=C:\Users\Public\Other\run_shc.lnk []
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2014-05-02 3588952]
"uTorrent"=C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe [2014-05-29 1271376]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"mncauyhcSrv"=C:\Windows\system32\mncauyhc.vbe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Launcher6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-05-19 2571264]
"DocuPrint 6015N RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2011-05-23 355840]
"StatusAutoRun6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2011-05-23 4477440]
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mnctsxdSrv"=C:\Windows\system32\mnctsxd.vbe []
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-05-13 3814736]

C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MacroWorks 3.1.lnk - C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-12 17:31:55 ----SHD---- C:\$RECYCLE.BIN
2014-06-12 17:04:51 ----SD---- C:\ComboFix
2014-06-11 14:36:52 ----D---- C:\OMSI 2
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-11 13:14:19 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 13:14:19 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-11 13:14:18 ----A---- C:\Windows\system32\urlmon.dll
2014-06-11 13:14:18 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-11 13:14:17 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-11 13:14:17 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-11 13:14:17 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-11 13:14:17 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-11 13:14:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-11 13:14:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-11 13:14:16 ----A---- C:\Windows\system32\iesetup.dll
2014-06-11 13:14:16 ----A---- C:\Windows\system32\iertutil.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\iernonce.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieui.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieframe.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\wininet.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\vbscript.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\jscript9.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-11 13:14:12 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 13:14:12 ----A---- C:\Windows\system32\msrating.dll
2014-06-11 13:14:12 ----A---- C:\Windows\system32\mshtml.dll
2014-06-11 13:06:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 13:06:00 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 12:52:12 ----A---- C:\Windows\system32\aepdu.dll
2014-06-11 12:52:11 ----A---- C:\Windows\system32\aeinv.dll
2014-06-07 12:31:00 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-06-07 12:25:46 ----D---- C:\AdwCleaner
2014-06-07 11:20:16 ----D---- C:\FRST
2014-06-07 11:17:20 ----D---- C:\rsit
2014-06-07 11:17:20 ----D---- C:\Program Files\trend micro
2014-06-01 10:27:11 ----A---- C:\Windows\wp.INI
2014-06-01 10:14:25 ----D---- C:\Worms2
2014-06-01 10:13:12 ----A---- C:\Windows\SYSWOW64\KMVIDC32.DLL
2014-06-01 09:49:23 ----D---- C:\Worms Armageddon
2014-05-31 23:05:35 ----D---- C:\Worms World Party
2014-05-31 19:42:30 ----D---- C:\Program Files (x86)\Worms Revolution
2014-05-28 13:52:56 ----D---- C:\Program Files\Bus Simulator
2014-05-21 17:11:18 ----D---- C:\ProgramData\EA Core
2014-05-21 17:11:16 ----D---- C:\ProgramData\EA Logs
2014-05-18 19:46:43 ----D---- C:\Users\Misa\AppData\Roaming\Synthesia
2014-05-18 19:46:22 ----D---- C:\Program Files (x86)\Synthesia
2014-05-18 12:33:17 ----D---- C:\Windows\Sun
2014-05-18 11:36:16 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\java.exe
2014-05-15 15:29:02 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 15:29:00 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 15:28:25 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 15:28:23 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-15 15:28:22 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 15:28:22 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 15:28:21 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 15:28:21 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 15:28:21 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 15:28:20 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 15:28:20 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 15:28:20 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 15:28:19 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 15:28:18 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 15:28:18 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 15:28:18 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-15 15:28:18 ----A---- C:\Windows\system32\adprovider.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-15 15:28:17 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\secur32.dll
2014-05-15 15:28:17 ----A---- C:\Windows\system32\credssp.dll
2014-05-14 12:28:54 ----D---- C:\Program Files (x86)\LogMeIn Hamachi

======List of files/folders modified in the last 1 month======

2014-06-13 10:24:01 ----D---- C:\Windows\temp
2014-06-13 10:22:02 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2014-06-13 10:21:59 ----D---- C:\ProgramData\Origin
2014-06-13 10:21:33 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2014-06-13 10:19:27 ----D---- C:\Program Files (x86)\Origin
2014-06-13 10:18:12 ----D---- C:\ProgramData\NVIDIA
2014-06-12 17:05:45 ----D---- C:\Windows\system32\config
2014-06-12 17:03:57 ----D---- C:\Windows\system32\drivers
2014-06-12 09:09:14 ----D---- C:\Windows\winsxs
2014-06-12 09:07:25 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-12 09:07:25 ----D---- C:\Windows\SysWOW64
2014-06-12 09:07:25 ----D---- C:\Program Files\Internet Explorer
2014-06-12 09:07:24 ----D---- C:\Windows\system32\en-US
2014-06-12 09:07:24 ----D---- C:\Windows\System32
2014-06-12 09:07:24 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-12 09:07:23 ----D---- C:\Windows\system32\DriverStore
2014-06-12 08:52:10 ----D---- C:\Windows\system32\MRT
2014-06-12 08:49:42 ----A---- C:\Windows\system32\MRT.exe
2014-06-12 08:45:32 ----SD---- C:\Windows\system32\CompatTel
2014-06-12 08:45:02 ----SHD---- C:\System Volume Information
2014-06-12 08:44:58 ----D---- C:\Windows\system32\catroot2
2014-06-11 12:52:08 ----D---- C:\Windows\system32\catroot
2014-06-08 10:31:10 ----D---- C:\Program Files (x86)\Steam
2014-06-07 12:43:46 ----A---- C:\Windows\win.ini
2014-06-07 12:42:27 ----D---- C:\Program Files (x86)\wisen wizard
2014-06-07 12:42:26 ----RD---- C:\Program Files (x86)
2014-06-07 12:42:26 ----D---- C:\ProgramData
2014-06-07 12:08:39 ----D---- C:\Windows\system32\NDF
2014-06-07 11:21:39 ----D---- C:\Windows
2014-06-07 11:17:20 ----RD---- C:\Program Files
2014-06-07 10:59:45 ----D---- C:\Program Files (x86)\Google
2014-06-07 10:56:01 ----SHD---- C:\Windows\Installer
2014-06-07 10:51:27 ----D---- C:\Windows\Tasks
2014-06-07 10:51:27 ----D---- C:\Windows\system32\Tasks
2014-06-07 10:42:19 ----D---- C:\Qoobox
2014-06-07 08:48:09 ----D---- C:\ProgramData\Skype
2014-06-07 08:48:07 ----RD---- C:\Program Files (x86)\Skype
2014-06-07 08:48:07 ----D---- C:\Program Files (x86)\Common Files
2014-06-01 12:09:51 ----D---- C:\Windows\Microsoft.NET
2014-06-01 12:09:03 ----RSD---- C:\Windows\assembly
2014-05-31 23:05:37 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-05-31 12:02:10 ----D---- C:\Windows\system32\wdi
2014-05-22 08:49:49 ----SD---- C:\Users\Misa\AppData\Roaming\Microsoft
2014-05-21 13:04:59 ----D---- C:\Program Files (x86)\Origin Games
2014-05-18 12:04:55 ----A---- C:\Windows\system.ini
2014-05-18 12:04:32 ----D---- C:\Windows\system32\drivers\etc
2014-05-18 11:54:10 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-18 11:54:10 ----D---- C:\Windows\AppPatch
2014-05-18 11:36:29 ----D---- C:\ProgramData\Oracle
2014-05-18 11:36:12 ----D---- C:\Program Files (x86)\Java
2014-05-18 11:23:06 ----D---- C:\Users\Misa\AppData\Roaming\Seznam.cz
2014-05-16 17:00:18 ----D---- C:\Users\Misa\AppData\Roaming\.minecraft
2014-05-16 12:35:51 ----D---- C:\Windows\system32\cs-CZ
2014-05-14 20:14:55 ----D---- C:\ProgramData\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64;{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [2014-04-29 61120]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-09 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-09-05 196384]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 2228048]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 377616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-30 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2011-05-23 95232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-05-29 543424]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119541
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: notebook plný reklam, pomalý prohlížeč,...

#7 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Program Files (x86)\wisen wizard
C:\Windows\inf\msstp.vbe
C:\Windows\system32\mnctsxd.vbe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7bbe586-f42a-454b-9794-776b57483a40}]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"MSStp"=-
"mnctsxdSrv"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Pročjste jako laik spouštěl ComboFix? Hodláte si nabořit systém, nebo některou z aplikací?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

Re: notebook plný reklam, pomalý prohlížeč,...

#8 Příspěvek od oflo »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Misa at 2014-06-16 11:09:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 159 GB (42%) free of 382 GB
Total RAM: 3959 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:49, on 16.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Misa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [mncauyhcSrv] C:\Windows\system32\mncauyhc.vbe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Launcher6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
O4 - HKLM\..\Run: [DocuPrint 6015N RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun6015N] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SystemProc] C:\Users\Public\Other\run_shc.lnk
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [SystemProc] C:\Users\Public\Other\run_shc.lnk (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\Run: [uTorrent] "C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2638994720-480925200-2635197728-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MacroWorks 3.1.lnk = C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 9643 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
WLIDSvcM.exe 320
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\06162014_105802.log
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe"

"C:\Windows\System32\WScript.exe" "C:\Windows\System32\mncauyhc.vbe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 6015N
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 6015N,hide,\S
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe"
\??\C:\Windows\system32\conhost.exe "-279630622502699045-612017422-1490189152245048452-716930086-1622895824-275738274
\??\C:\Windows\system32\conhost.exe "13669843810591373811047436632-773155491765777191-917897332118605570-49440449
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4876.0.934669555\1680938821" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,15,39 --gpu-vendor-id=0x10de --gpu-device-id=0x0a2d --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2702 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/RapporRollout/Enabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UMAStability/SeparateLog/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4876.3.832508605\116207066" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/RapporRollout/Enabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UMAStability/SeparateLog/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4876.9.738438452\1807208535" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable3:SkipWhitelist=Enabled:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled:SkipHTTPS=Enabled/QUIC/Disabled/RapporRollout/Enabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_66/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UMAStability/SeparateLog/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-software-compositing --channel="4876.10.758683653\761172218" /prefetch:673131151
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Misa\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"SystemProc"=C:\Users\Public\Other\run_shc.lnk []
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2014-05-02 3588952]
"uTorrent"=C:\Users\Misa\AppData\Roaming\uTorrent\uTorrent.exe [2014-05-29 1271376]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mncauyhcSrv"=C:\Windows\system32\mncauyhc.vbe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Launcher6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-05-19 2571264]
"DocuPrint 6015N RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2011-05-23 355840]
"StatusAutoRun6015N"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2011-05-23 4477440]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-05-13 3814736]

C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MacroWorks 3.1.lnk - C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"aux8"=wdmaud.drv
"aux9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-16 10:58:02 ----D---- C:\_OTM
2014-06-13 10:47:13 ----D---- C:\extinct
2014-06-13 10:40:37 ----D---- C:\Users\Misa\AppData\Roaming\Microsoft Games
2014-06-13 10:33:31 ----D---- C:\ProgramData\Microsoft Games
2014-06-12 17:31:55 ----SHD---- C:\$RECYCLE.BIN
2014-06-12 17:04:51 ----SD---- C:\ComboFix
2014-06-11 14:36:52 ----D---- C:\OMSI 2
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-11 13:14:20 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-11 13:14:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-11 13:14:19 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 13:14:19 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-11 13:14:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-11 13:14:18 ----A---- C:\Windows\system32\urlmon.dll
2014-06-11 13:14:18 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-11 13:14:17 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-11 13:14:17 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-11 13:14:17 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-11 13:14:17 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-11 13:14:17 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-11 13:14:16 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-11 13:14:16 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-11 13:14:16 ----A---- C:\Windows\system32\iesetup.dll
2014-06-11 13:14:16 ----A---- C:\Windows\system32\iertutil.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-11 13:14:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\iernonce.dll
2014-06-11 13:14:15 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieui.dll
2014-06-11 13:14:14 ----A---- C:\Windows\system32\ieframe.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\wininet.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\vbscript.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\jscript9.dll
2014-06-11 13:14:13 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-11 13:14:12 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 13:14:12 ----A---- C:\Windows\system32\msrating.dll
2014-06-11 13:14:12 ----A---- C:\Windows\system32\mshtml.dll
2014-06-11 13:06:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 13:06:00 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 12:59:20 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-11 12:59:20 ----A---- C:\Windows\system32\usp10.dll
2014-06-11 12:58:32 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-11 12:58:32 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-11 12:58:32 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-11 12:58:32 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-11 12:58:32 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-11 12:58:32 ----A---- C:\Windows\system32\msxml6.dll
2014-06-11 12:58:32 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-11 12:58:32 ----A---- C:\Windows\system32\msxml3.dll
2014-06-11 12:52:12 ----A---- C:\Windows\system32\aepdu.dll
2014-06-11 12:52:11 ----A---- C:\Windows\system32\aeinv.dll
2014-06-07 12:31:00 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-06-07 12:25:46 ----D---- C:\AdwCleaner
2014-06-07 11:20:16 ----D---- C:\FRST
2014-06-07 11:17:20 ----D---- C:\rsit
2014-06-07 11:17:20 ----D---- C:\Program Files\trend micro
2014-06-01 10:27:11 ----A---- C:\Windows\wp.INI
2014-06-01 10:14:25 ----D---- C:\Worms2
2014-06-01 10:13:12 ----A---- C:\Windows\SYSWOW64\KMVIDC32.DLL
2014-06-01 09:49:23 ----D---- C:\Worms Armageddon
2014-05-31 23:05:35 ----D---- C:\Worms World Party
2014-05-31 19:42:30 ----D---- C:\Program Files (x86)\Worms Revolution
2014-05-28 13:52:56 ----D---- C:\Program Files\Bus Simulator
2014-05-21 17:11:18 ----D---- C:\ProgramData\EA Core
2014-05-21 17:11:16 ----D---- C:\ProgramData\EA Logs
2014-05-18 19:46:43 ----D---- C:\Users\Misa\AppData\Roaming\Synthesia
2014-05-18 19:46:22 ----D---- C:\Program Files (x86)\Synthesia
2014-05-18 12:33:17 ----D---- C:\Windows\Sun
2014-05-18 11:36:16 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-18 11:36:12 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2014-06-16 11:09:48 ----D---- C:\Windows\temp
2014-06-16 11:08:45 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2014-06-16 11:08:02 ----D---- C:\Program Files (x86)\Origin
2014-06-16 11:08:01 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2014-06-16 10:59:55 ----D---- C:\ProgramData\NVIDIA
2014-06-16 10:59:07 ----D---- C:\Windows\system32\config
2014-06-16 10:58:50 ----D---- C:\Windows
2014-06-16 10:58:03 ----RD---- C:\Program Files (x86)
2014-06-16 10:58:03 ----D---- C:\Windows\Tasks
2014-06-16 10:58:03 ----D---- C:\Windows\SysWOW64
2014-06-16 10:58:03 ----D---- C:\Windows\inf
2014-06-16 10:55:11 ----D---- C:\Program Files (x86)\Steam
2014-06-16 09:26:51 ----D---- C:\ProgramData\Origin
2014-06-13 13:09:42 ----D---- C:\Windows\winsxs
2014-06-13 13:08:31 ----D---- C:\Windows\System32
2014-06-13 10:58:11 ----SHD---- C:\System Volume Information
2014-06-13 10:57:59 ----SHD---- C:\Windows\Installer
2014-06-13 10:46:25 ----D---- C:\Windows\system32\Tasks
2014-06-13 10:40:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 10:40:28 ----D---- C:\Program Files (x86)\Common Files
2014-06-13 10:33:31 ----D---- C:\ProgramData
2014-06-13 10:26:57 ----D---- C:\Program Files (x86)\Microsoft Games
2014-06-12 17:03:57 ----D---- C:\Windows\system32\drivers
2014-06-12 09:07:25 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-12 09:07:25 ----D---- C:\Program Files\Internet Explorer
2014-06-12 09:07:24 ----D---- C:\Windows\system32\en-US
2014-06-12 09:07:24 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-12 09:07:23 ----D---- C:\Windows\system32\DriverStore
2014-06-12 08:52:10 ----D---- C:\Windows\system32\MRT
2014-06-12 08:49:42 ----A---- C:\Windows\system32\MRT.exe
2014-06-12 08:45:32 ----SD---- C:\Windows\system32\CompatTel
2014-06-12 08:44:58 ----D---- C:\Windows\system32\catroot2
2014-06-11 12:52:08 ----D---- C:\Windows\system32\catroot
2014-06-07 12:43:46 ----A---- C:\Windows\win.ini
2014-06-07 12:08:39 ----D---- C:\Windows\system32\NDF
2014-06-07 11:17:20 ----RD---- C:\Program Files
2014-06-07 10:59:45 ----D---- C:\Program Files (x86)\Google
2014-06-07 10:42:19 ----D---- C:\Qoobox
2014-06-07 08:48:09 ----D---- C:\ProgramData\Skype
2014-06-07 08:48:07 ----RD---- C:\Program Files (x86)\Skype
2014-06-01 12:09:51 ----D---- C:\Windows\Microsoft.NET
2014-06-01 12:09:03 ----RSD---- C:\Windows\assembly
2014-05-31 12:02:10 ----D---- C:\Windows\system32\wdi
2014-05-22 08:49:49 ----SD---- C:\Users\Misa\AppData\Roaming\Microsoft
2014-05-21 13:04:59 ----D---- C:\Program Files (x86)\Origin Games
2014-05-18 12:04:55 ----A---- C:\Windows\system.ini
2014-05-18 12:04:32 ----D---- C:\Windows\system32\drivers\etc
2014-05-18 11:54:10 ----D---- C:\Windows\SYSWOW64\drivers
2014-05-18 11:54:10 ----D---- C:\Windows\AppPatch
2014-05-18 11:36:29 ----D---- C:\ProgramData\Oracle
2014-05-18 11:36:12 ----D---- C:\Program Files (x86)\Java
2014-05-18 11:23:06 ----D---- C:\Users\Misa\AppData\Roaming\Seznam.cz

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64;{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64; C:\Windows\system32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}Gw64.sys [2014-04-29 61120]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-09 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-09-05 196384]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 2228048]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 377616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-30 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2011-05-23 95232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-07 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-06-10 542400]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Nahoru
oflo
Návštěvník
Návštěvník
Příspěvky: 62
Registrován: 19 lis 2008 16:04

Re: notebook plný reklam, pomalý prohlížeč,...

#9 Příspěvek od oflo »

Snažil jsem se ho spustit, protože mi počítač vždycky z toho nejhoršího stavu dostane :-)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119541
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: notebook plný reklam, pomalý prohlížeč,...

#10 Příspěvek od Rudy »

oflo píše:Snažil jsem se ho spustit, protože mi počítač vždycky z toho nejhoršího stavu dostane :-)
To je možné, jenže my pak máme problém s identifikací, neboť CF zamete stopy po příp. nákaze, a log RSIT je pak obvykle k ničemu. Navíc (jak píši výše), může mít pro systém zhoubné následky.

Nákaza se vrací, udělějte nový sken CF a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“