Služba centrum zabezpečení chybí. nejdou aktualizace atd..

Zpráva

KoXz · #1 Příspěvek od **KoXz** » 15 čer 2014 17:12

Zdravím, donedávna bylo vše ok, pak mi zmizel MS essential a ve snaze ho nahodit, jsem zjistil, že jeho služba je fuč a centrum zabezpečení jakbysmet.
Prozatím jsem nainstaloval zkusebni verzi kaperskyho a pár virů odstranil.
Nyní hlásí že je vše ok, ale služba centrum zabezpečení stále nikde a aktualizace nejdou.
Pátral jsem na netu, ale problémy s aktualizacemi lidé řeší zapnutím centra, můj případ jsem nenašel.
Prosím o radu
Tomáš

#2 Příspěvek od **vyosek** » 15 čer 2014 17:17

Zdravim

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

KoXz · #3 Příspěvek od **KoXz** » 15 čer 2014 17:22

Tady to je, díky

Farbar Service Scanner Version: 10-06-2014
Ran by KoXz (administrator) on 15-06-2014 at 18:21:12
Running from "C:\Users\KoXz\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

EDIT: To nevypadá dobře

#4 Příspěvek od **vyosek** » 15 čer 2014 17:24

Jeste pockam na log z FRST, je tam toho hodne poskozeneho...

KoXz · #5 Příspěvek od **KoXz** » 15 čer 2014 17:41

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by KoXz (administrator) on KOXZ-PC on 15-06-2014 18:30:24
Running from C:\Users\KoXz\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Windows\Installer\MSI5AEB.tmp
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(IVT Corporation) C:\Program Files (x86)\Bluetooth\BlueSoleilCS.exe
(IVT Corporation) C:\Program Files (x86)\Bluetooth\BsMobileCS.exe
(Ryan Conrad) C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
() C:\Program Files\Droid Explorer\SDK\tools\adb.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(IVT Corporation) C:\Program Files (x86)\Bluetooth\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Stardock Corporation) C:\Program Files (x86)\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\WindowBlinds\WBCore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Goldworm) C:\Program Files (x86)\Goldworm\GoldwormServer.exe
(Stardock Corporation) C:\Program Files (x86)\CursorFX\CursorFX.exe
(Irza Alexander) D:\!!!BioHAZARD%\Volume2\Volume2.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Stardock) C:\Program Files (x86)\Object Dock\ObjectDockPlus2\ObjectDock.exe
(Softarium.com) C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\DesktopX\DXWidget.exe
() C:\Program Files (x86)\GIGABYTE\GIGABYTE FORCE.exe
() C:\Program Files (x86)\PCVolumeControlServer\VolumeControlServer.exe
(IVT Corporation) C:\Program Files (x86)\Bluetooth\BtTray.exe
() C:\Program Files (x86)\Black Glass Enhanced v0.5\Black Glass Enhanced\BlackGlassEnhanced.exe
() C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe
() C:\Windows\system\cm106eye.exe
(Stardock) C:\Program Files (x86)\Object Dock\ObjectDockPlus2\Dock64.exe
(Microsoft) C:\Program Files (x86)\Object Dock\ObjectDockPlus2\ObjectDockTray.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\KoXz\Desktop\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\KoXz\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(forum.viry.cz) C:\Users\KoXz\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] => C:\Windows\Syswow64\cm106.dll [8757248 2011-06-27] (C-Media Corporation)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] => C:\Program Files (x86)\Sound Volume Hotkeys\SoundVolumeHotkeys.exe [126976 2010-09-19] (Softarium.com)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [GMouse] => C:\Program Files (x86)\GIGABYTE\GIGABYTE FORCE.EXE [667648 2011-11-08] ()
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth\BtTray.exe [368726 2012-05-28] (IVT Corporation)
HKLM-x32\...\Run: [BlackGlass] => C:\Program Files (x86)\Black Glass Enhanced v0.5\Black Glass Enhanced\BlackGlassEnhanced.exe [552944 2010-03-10] ()
HKLM-x32\...\Run: [aWARemote] => C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe [3906048 2013-03-18] ()
Winlogon\Notify\WB: C:\PROGRA~2\WI8F7D~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372HKU\S-1-5-21-1984404364-3195743573-2263273467-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000\...\Run: [Volume2] => D:\!!!BioHAZARD%\Volume2\Volume2.exe [1577984 2012-01-08] (Irza Alexander)
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000\...\Run: [Spybot-S&D Cleaning] => D:\!!!BioHAZARD%\SpybotPortable\App\Spybot\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000\...\Policies\Explorer: [HideSCAVolume] 1
AppInit_DLLs-x32: wbsys.dll => "wbsys.dll" File Not Found
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskSpace.lnk
ShortcutTarget: DeskSpace.lnk -> C:\Program Files (x86)\DeskSpace\deskspace.exe (Otaku Software Pty Ltd)
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GT3 recycle bin.lnk
ShortcutTarget: GT3 recycle bin.lnk -> D:\!!!BioHAZARD%\GT3 koš\GT3 recycle bin.exe ()
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote PC Server.lnk
ShortcutTarget: Remote PC Server.lnk -> D:\!!!BioHAZARD%\Fone\Android\remote pc\Remote PC Server.jar ()
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Object Dock\ObjectDockPlus2\ObjectDock.exe (Stardock)
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 9.lnk
ShortcutTarget: TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Startup: C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Volume Control Server.lnk
ShortcutTarget: Volume Control Server.lnk -> C:\Program Files (x86)\PCVolumeControlServer\VolumeControlServer.exe ()
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\IconPackager\iprepair64.dll No File
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\IconPackager5\iprepair.dll (Stardock.net, Inc)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB78665185DB1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultimate-search.net/
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://ultimate-search.net/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VLC Player\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\staged [2014-06-05]
FF Extension: WebSite Recommendation - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\WebSiteRecommendation@weliketheweb.com [2013-08-25]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-06-26]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2011-11-10]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\elemhidehelper@adblockplus.org.xpi [2012-07-13]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2011-11-10]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2011-11-21]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-10]
FF Extension: No Name - C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-06-26]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-14]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-14]

==================== Services (Whitelisted) =================

S4 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2233400 2007-03-15] () [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 BlueSoleilCS; C:\Program Files (x86)\Bluetooth\BlueSoleilCS.exe [1082368 2012-05-31] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Bluetooth\BsHelpCS.exe [199680 2012-05-21] (IVT Corporation) [File not signed]
R2 BsMobileCS; C:\Program Files (x86)\Bluetooth\BsMobileCS.exe [147563 2012-05-21] (IVT Corporation) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
R2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [253440 2010-08-21] (Ryan Conrad) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [137488 2012-12-17] (Futuremark Corporation)
R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSI5AEB.tmp [102400 2013-08-25] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 PDAgent; C:\Program Files (x86)\Perfect Disk 11\PDAgent.exe [2650888 2010-03-02] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files (x86)\Perfect Disk 11\PDEngine.exe [2309896 2010-03-02] (Raxco Software, Inc.)
S4 PnkBstrA; D:\Games\Need for Speed ProStreet\PB\PnkBstrA.exe [63040 2007-10-18] ()
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1141232 2014-05-29] (Paramount Software UK Ltd)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 TeamViewer9; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5037888 2014-06-06] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-09-02] (Microsoft Corporation) [File not signed]
R2 WindowBlinds; C:\Program Files (x86)\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed]
S2 MsMpSvc; No ImagePath
S3 NisSrv; No ImagePath
S4 nvsvc; No ImagePath
S4 PassThru Service; No ImagePath
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\ \...\???\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-06-14] ()
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [36360 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [36872 2009-06-17] (IVT Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
R3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25352 2011-07-27] (IVT Corporation.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43616 2011-12-27] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [31968 2011-12-21] (IVT Corporation.)
S3 cpuz136; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-16] (DT Soft Ltd)
S3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2011-11-21] (Danish Wireless Design A/S)
S3 gdrv; No ImagePath
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-14] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-14] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-06-14] ()
S3 MMPSY; No ImagePath
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S2 PfModNT; C:\Windows\SysWOW64\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 pwdrvio; No ImagePath
S3 pwdspio; No ImagePath
S3 rspMMFS; C:\Windows\System32\DRIVERS\rspmmfs64.sys [19512 2009-11-13] (Resplendence Software Projects Sp.)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11973 2012-05-16] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203320 2011-11-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-12-21] (MCCI Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S1 tefuzowv; No ImagePath
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1310720 2010-08-12] (C-Media Electronics Inc)
S3 ValFltr; C:\Windows\System32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 cmuda3; system32\drivers\cmudax3.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S2 FileDisk; \SystemRoot\SYSTEM32\DRIVERS\filedisk.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U2 V2iMount;
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-15 18:30 - 2014-06-15 18:30 - 00038419 _____ () C:\Users\KoXz\Desktop\FRST.txt
2014-06-15 18:30 - 2014-06-15 18:30 - 00000000 ____D () C:\FRST
2014-06-15 18:29 - 2014-06-15 18:29 - 02081792 _____ (Farbar) C:\Users\KoXz\Desktop\FRST64.exe
2014-06-15 18:26 - 2014-06-15 18:26 - 00112640 _____ (forum.viry.cz) C:\Users\KoXz\Desktop\FRSTLauncher.exe
2014-06-15 18:21 - 2014-06-15 18:21 - 00006218 _____ () C:\Users\KoXz\Desktop\FSS.txt
2014-06-15 18:20 - 2014-06-15 18:20 - 00415744 _____ (Farbar) C:\Users\KoXz\Desktop\FSS.exe
2014-06-15 16:16 - 2014-06-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-06-15 16:15 - 2014-06-15 16:16 - 00000000 ____D () C:\Program Files (x86)\WindowBlinds
2014-06-15 16:14 - 2014-06-15 16:14 - 00000000 ____D () C:\Users\KoXz\Downloads\Stardock
2014-06-15 16:09 - 2014-06-15 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-06-15 16:09 - 2014-06-15 16:09 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-06-15 16:08 - 2014-06-15 16:11 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-06-15 16:08 - 2014-06-15 16:08 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-06-15 15:17 - 2014-06-15 15:17 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp.lnk
2014-06-15 15:09 - 2014-05-27 16:39 - 00001071 _____ () C:\Users\KoXz\Desktop\VLC media player skinned.lnk
2014-06-15 14:32 - 2014-06-15 14:32 - 00012382 _____ () C:\Users\KoXz\Desktop\starbound.exe – zástupce (3).lnk
2014-06-15 02:48 - 2009-07-14 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-06-15 02:47 - 2009-07-14 03:40 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-06-15 01:30 - 2014-06-15 01:30 - 00000000 ____D () C:\Users\KoXz\Documents\ProcAlyzer Dumps
2014-06-15 01:30 - 2014-06-15 01:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-14 23:50 - 2014-06-15 00:15 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-14 23:50 - 2014-06-14 23:50 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3_triggeronce
2014-06-14 23:50 - 2014-06-14 23:50 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\DriverCure
2014-06-14 23:43 - 2014-06-14 23:43 - 00000000 ___HD () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 23:33 - 2002-01-05 11:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-06-14 23:33 - 2002-01-05 06:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2014-06-14 23:33 - 2002-01-05 05:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-06-14 23:24 - 2014-06-14 23:24 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\VS Revo Group
2014-06-14 23:20 - 2014-06-14 23:17 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 23:20 - 2014-06-14 23:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 23:20 - 2014-06-14 23:17 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 23:20 - 2014-06-14 23:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 23:17 - 2014-06-14 23:17 - 00000000 ____D () C:\Program Files\Java
2014-06-14 22:35 - 2014-06-14 22:35 - 00262144 _____ () C:\Windows\system32\config\elam
2014-06-14 22:29 - 2014-06-15 17:45 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-14 22:29 - 2014-06-15 16:02 - 00000000 ___RD () C:\Program Files (x86)\Kaspersky Lab
2014-06-14 22:29 - 2014-06-14 22:33 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-14 22:29 - 2014-06-14 22:33 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-14 22:29 - 2014-06-14 22:29 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-06-14 22:29 - 2014-06-14 22:29 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-14 22:29 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-06-14 22:11 - 2014-06-14 22:11 - 00000000 ____D () C:\Windows\Temp62B2DC89-7E3A-504A-B135-01FE44B19652-Signatures
2014-06-14 21:01 - 2014-06-14 21:01 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro.lnk
2014-06-14 21:01 - 2014-06-14 21:01 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-06-14 21:01 - 2014-06-14 21:01 - 00000000 ____D () C:\Program Files (x86)\Revo Uninstaller Pro
2014-06-14 21:01 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-06-14 20:47 - 2014-06-14 20:47 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-06-14 20:46 - 2014-06-14 20:46 - 03223152 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dgl.dll
2014-06-14 20:46 - 2014-06-14 20:46 - 00219248 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dum.dll
2014-06-14 20:44 - 2014-06-14 20:49 - 00063088 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-06-14 20:44 - 2014-06-14 20:49 - 00053360 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLib.dll
2014-06-14 20:44 - 2014-06-14 20:49 - 00050800 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmhgfs.dll
2014-06-14 20:44 - 2014-06-14 20:49 - 00034416 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLibJava.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-06-14 20:43 - 2014-06-14 20:48 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2014-06-14 20:30 - 2014-06-14 20:30 - 00000000 ____D () C:\ProgramData\Weskysoft
2014-06-14 16:54 - 2014-06-14 19:00 - 00000000 ____D () C:\Users\KoXz\Desktop\Film
2014-06-14 16:54 - 2014-06-14 16:54 - 00000000 ____D () C:\Users\KoXz\Desktop\fewfotos
2014-06-12 20:36 - 2014-06-12 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2014-06-12 17:50 - 2014-06-12 17:50 - 00318544 _____ (Stardock Software, Inc) C:\Windows\system32\wbload.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00157264 _____ (Stardock Software, Inc) C:\Windows\system32\wbload2.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00128368 _____ (Stardock Software, Inc) C:\Windows\SysWOW64\wbload.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00049576 _____ (Stardock Software, Inc) C:\Windows\SysWOW64\wbload2.dll
2014-06-10 15:57 - 2014-06-15 16:03 - 00000000 ___RD () C:\Program Files (x86)\TeamViewer
2014-06-10 15:57 - 2014-06-10 15:57 - 00001090 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-03 22:53 - 2014-06-03 23:29 - 00000000 ____D () C:\Program Files (x86)\nLite
2014-06-03 22:53 - 2014-06-03 22:53 - 03092150 _____ (Dino Nuhagic (nuhi) ) C:\Users\KoXz\Documents\nLite-1.4.9.3.setup.exe
2014-06-03 22:53 - 2014-06-03 22:53 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite.lnk
2014-06-01 22:48 - 2014-06-01 22:48 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\Soldat
2014-06-01 01:00 - 2014-06-15 14:26 - 00004660 _____ () C:\Windows\setupact.log
2014-06-01 01:00 - 2014-06-01 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-29 23:26 - 2014-05-29 23:26 - 00000000 ____D () C:\Users\KoXz\Documents\Reflect
2014-05-29 23:22 - 2014-05-29 23:22 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium Reflect.lnk
2014-05-29 23:22 - 2014-05-29 23:22 - 00000000 ____D () C:\Program Files\Macrium
2014-05-29 23:19 - 2014-05-29 23:22 - 00000000 ____D () C:\ProgramData\Macrium
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\dvdcss
2014-05-27 16:39 - 2014-05-27 16:39 - 00000000 ____D () C:\Program Files (x86)\VLC Player

==================== One Month Modified Files and Folders =======

2014-06-15 18:30 - 2014-06-15 18:30 - 00038419 _____ () C:\Users\KoXz\Desktop\FRST.txt
2014-06-15 18:30 - 2014-06-15 18:30 - 00000000 ____D () C:\FRST
2014-06-15 18:29 - 2014-06-15 18:29 - 02081792 _____ (Farbar) C:\Users\KoXz\Desktop\FRST64.exe
2014-06-15 18:26 - 2014-06-15 18:26 - 00112640 _____ (forum.viry.cz) C:\Users\KoXz\Desktop\FRSTLauncher.exe
2014-06-15 18:21 - 2014-06-15 18:21 - 00006218 _____ () C:\Users\KoXz\Desktop\FSS.txt
2014-06-15 18:20 - 2014-06-15 18:20 - 00415744 _____ (Farbar) C:\Users\KoXz\Desktop\FSS.exe
2014-06-15 18:11 - 2013-08-16 20:11 - 00000286 _____ () C:\Windows\Tasks\Dealply.job
2014-06-15 17:49 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 17:49 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 17:45 - 2014-06-14 22:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-15 17:45 - 2014-01-12 21:23 - 00000000 _____ () C:\ProgramData\grc.log.lock
2014-06-15 17:45 - 2012-10-02 13:26 - 00006549 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-15 17:45 - 2012-10-02 13:26 - 00000088 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-15 17:45 - 2012-09-16 16:29 - 00000498 _____ () C:\ProgramData\grc.log
2014-06-15 17:45 - 2012-08-27 10:46 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\TeamViewer
2014-06-15 17:45 - 2012-07-03 23:13 - 00003018 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-06-15 17:45 - 2012-05-31 16:50 - 00001171 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-15 17:45 - 2011-06-16 09:33 - 00000000 ___RD () C:\Program Files (x86)\SpeedFan
2014-06-15 17:44 - 2011-06-16 08:50 - 02058636 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 17:38 - 2012-06-25 21:24 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 16:26 - 2010-11-21 11:27 - 00671484 _____ () C:\Windows\system32\perfh005.dat
2014-06-15 16:26 - 2010-11-21 11:27 - 00142066 _____ () C:\Windows\system32\perfc005.dat
2014-06-15 16:26 - 2009-07-14 07:13 - 01585954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-15 16:16 - 2014-06-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-06-15 16:16 - 2014-06-15 16:15 - 00000000 ____D () C:\Program Files (x86)\WindowBlinds
2014-06-15 16:16 - 2011-06-16 22:15 - 00000000 ____D () C:\ProgramData\Stardock
2014-06-15 16:14 - 2014-06-15 16:14 - 00000000 ____D () C:\Users\KoXz\Downloads\Stardock
2014-06-15 16:11 - 2014-06-15 16:08 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-06-15 16:10 - 2014-06-15 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-06-15 16:09 - 2014-06-15 16:09 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-06-15 16:08 - 2014-06-15 16:08 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-06-15 16:03 - 2014-06-10 15:57 - 00000000 ___RD () C:\Program Files (x86)\TeamViewer
2014-06-15 16:02 - 2014-06-14 22:29 - 00000000 ___RD () C:\Program Files (x86)\Kaspersky Lab
2014-06-15 15:21 - 2011-09-29 20:55 - 00000808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scavenger.lnk
2014-06-15 15:17 - 2014-06-15 15:17 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp.lnk
2014-06-15 15:16 - 2013-04-28 09:05 - 00000000 ___RD () C:\Users\KoXz\Virtual Machines
2014-06-15 15:09 - 2014-02-15 22:29 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\vlc
2014-06-15 15:06 - 2011-06-16 08:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-15 15:00 - 2012-02-05 22:34 - 00000000 ___RD () C:\Program Files (x86)\Nero
2014-06-15 14:50 - 2013-08-24 18:12 - 00000000 ___RD () C:\Program Files (x86)\DOSBox-0.74
2014-06-15 14:48 - 2011-06-17 19:11 - 00055692 ____H () C:\treeinfo.wc
2014-06-15 14:32 - 2014-06-15 14:32 - 00012382 _____ () C:\Users\KoXz\Desktop\starbound.exe – zástupce (3).lnk
2014-06-15 14:26 - 2014-06-01 01:00 - 00004660 _____ () C:\Windows\setupact.log
2014-06-15 14:26 - 2012-12-02 12:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-15 14:26 - 2012-10-02 12:07 - 00000000 ___RD () C:\Program Files (x86)\Bluetooth
2014-06-15 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 08:57 - 2011-06-16 08:54 - 00000000 ___RD () C:\Users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-15 08:38 - 2013-07-27 12:11 - 00000000 ____D () C:\Users\KoXz\Desktop\zástupci
2014-06-15 01:30 - 2014-06-15 01:30 - 00000000 ____D () C:\Users\KoXz\Documents\ProcAlyzer Dumps
2014-06-15 01:30 - 2014-06-15 01:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-15 01:19 - 2011-11-24 13:24 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-15 01:04 - 2013-05-04 19:52 - 00000452 __RSH () C:\ProgramData\ntuser.pol
2014-06-15 01:04 - 2013-03-14 19:33 - 00000448 __RSH () C:\Users\KoXz\ntuser.pol
2014-06-15 01:04 - 2011-06-16 08:53 - 00000000 ____D () C:\Users\KoXz
2014-06-15 00:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-15 00:15 - 2014-06-14 23:50 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-15 00:15 - 2009-07-14 06:45 - 00489976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-14 23:50 - 2014-06-14 23:50 - 00002916 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3_triggeronce
2014-06-14 23:50 - 2014-06-14 23:50 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\DriverCure
2014-06-14 23:43 - 2014-06-14 23:43 - 00000000 ___HD () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-14 23:24 - 2014-06-14 23:24 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\VS Revo Group
2014-06-14 23:17 - 2014-06-14 23:20 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 23:17 - 2014-06-14 23:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 23:17 - 2014-06-14 23:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 23:17 - 2014-06-14 23:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 23:17 - 2014-06-14 23:17 - 00000000 ____D () C:\Program Files\Java
2014-06-14 22:49 - 2010-11-21 05:47 - 00113284 _____ () C:\Windows\PFRO.log
2014-06-14 22:35 - 2014-06-14 22:35 - 00262144 _____ () C:\Windows\system32\config\elam
2014-06-14 22:33 - 2014-06-14 22:29 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-06-14 22:33 - 2014-06-14 22:29 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-06-14 22:33 - 2013-10-20 07:04 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-06-14 22:33 - 2013-10-20 07:04 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-06-14 22:33 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-06-14 22:29 - 2014-06-14 22:29 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2014-06-14 22:29 - 2014-06-14 22:29 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-06-14 22:26 - 2013-12-27 23:04 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-06-14 22:26 - 2013-12-27 23:04 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-06-14 22:11 - 2014-06-14 22:11 - 00000000 ____D () C:\Windows\Temp62B2DC89-7E3A-504A-B135-01FE44B19652-Signatures
2014-06-14 22:11 - 2011-06-16 09:31 - 00002113 _____ () C:\Windows\epplauncher.mif
2014-06-14 21:08 - 2013-12-07 00:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-14 21:08 - 2013-08-27 12:05 - 00000000 ____D () C:\Users\KoXz\Desktop\na chvili
2014-06-14 21:08 - 2012-11-25 23:08 - 00000000 ___RD () C:\Program Files (x86)\Steam
2014-06-14 21:08 - 2011-06-17 12:15 - 00000000 ____D () C:\Users\KoXz\Documents\Škola
2014-06-14 21:08 - 2011-06-17 12:14 - 00000000 ___SD () C:\Users\KoXz\Documents\Dokumenty
2014-06-14 21:08 - 2011-06-16 23:28 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\BitComet
2014-06-14 21:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-14 21:01 - 2014-06-14 21:01 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro.lnk
2014-06-14 21:01 - 2014-06-14 21:01 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-06-14 21:01 - 2014-06-14 21:01 - 00000000 ____D () C:\Program Files (x86)\Revo Uninstaller Pro
2014-06-14 20:49 - 2014-06-14 20:44 - 00063088 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-06-14 20:49 - 2014-06-14 20:44 - 00053360 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLib.dll
2014-06-14 20:49 - 2014-06-14 20:44 - 00050800 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmhgfs.dll
2014-06-14 20:49 - 2014-06-14 20:44 - 00034416 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLibJava.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-06-14 20:48 - 2014-06-14 20:43 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2014-06-14 20:47 - 2014-06-14 20:47 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-06-14 20:46 - 2014-06-14 20:46 - 03223152 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dgl.dll
2014-06-14 20:46 - 2014-06-14 20:46 - 00219248 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dum.dll
2014-06-14 20:30 - 2014-06-14 20:30 - 00000000 ____D () C:\ProgramData\Weskysoft
2014-06-14 19:55 - 2012-06-04 14:35 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-14 19:00 - 2014-06-14 16:54 - 00000000 ____D () C:\Users\KoXz\Desktop\Film
2014-06-14 16:54 - 2014-06-14 16:54 - 00000000 ____D () C:\Users\KoXz\Desktop\fewfotos
2014-06-12 20:36 - 2014-06-12 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2014-06-12 17:50 - 2014-06-12 17:50 - 00318544 _____ (Stardock Software, Inc) C:\Windows\system32\wbload.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00157264 _____ (Stardock Software, Inc) C:\Windows\system32\wbload2.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00128368 _____ (Stardock Software, Inc) C:\Windows\SysWOW64\wbload.dll
2014-06-12 17:50 - 2014-06-12 17:50 - 00049576 _____ (Stardock Software, Inc) C:\Windows\SysWOW64\wbload2.dll
2014-06-11 23:53 - 2012-09-16 16:29 - 00002818 _____ () C:\ProgramData\grc.log.2014-06-11
2014-06-10 15:57 - 2014-06-10 15:57 - 00001090 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-10 14:44 - 2012-09-16 16:29 - 00000499 _____ () C:\ProgramData\grc.log.2014-06-10
2014-06-10 14:43 - 2012-04-26 22:19 - 00000000 ___HD () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-07 14:20 - 2012-09-16 16:29 - 00275090 _____ () C:\ProgramData\grc.log.2014-06-07
2014-06-03 23:29 - 2014-06-03 22:53 - 00000000 ____D () C:\Program Files (x86)\nLite
2014-06-03 22:53 - 2014-06-03 22:53 - 03092150 _____ (Dino Nuhagic (nuhi) ) C:\Users\KoXz\Documents\nLite-1.4.9.3.setup.exe
2014-06-03 22:53 - 2014-06-03 22:53 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite.lnk
2014-06-03 06:13 - 2012-09-16 16:29 - 00000849 _____ () C:\ProgramData\grc.log.2014-06-03
2014-06-02 15:09 - 2012-09-16 16:29 - 00000498 _____ () C:\ProgramData\grc.log.2014-06-02
2014-06-01 22:48 - 2014-06-01 22:48 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\Soldat
2014-06-01 22:13 - 2011-06-19 19:40 - 00000645 _____ () C:\Windows\ULEAD32.INI
2014-06-01 01:00 - 2014-06-01 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 19:37 - 2012-05-21 12:04 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 18:44 - 2012-10-31 13:51 - 00001474 _____ () C:\Windows\Cm106.ini.imi
2014-05-30 17:58 - 2012-09-16 16:29 - 00000499 _____ () C:\ProgramData\grc.log.2014-05-30
2014-05-29 23:26 - 2014-05-29 23:26 - 00000000 ____D () C:\Users\KoXz\Documents\Reflect
2014-05-29 23:22 - 2014-05-29 23:22 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium Reflect.lnk
2014-05-29 23:22 - 2014-05-29 23:22 - 00000000 ____D () C:\Program Files\Macrium
2014-05-29 23:22 - 2014-05-29 23:19 - 00000000 ____D () C:\ProgramData\Macrium
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\KoXz\AppData\Roaming\dvdcss
2014-05-27 16:39 - 2014-06-15 15:09 - 00001071 _____ () C:\Users\KoXz\Desktop\VLC media player skinned.lnk
2014-05-27 16:39 - 2014-05-27 16:39 - 00000000 ____D () C:\Program Files (x86)\VLC Player
2014-05-27 16:39 - 2014-02-15 22:29 - 00001071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC media player skinned.lnk
2014-05-25 11:22 - 2012-09-16 16:29 - 00000498 _____ () C:\ProgramData\grc.log.2014-05-25
2014-05-25 04:03 - 2012-10-31 13:51 - 00000696 _____ () C:\Windows\Cm106.ini.cfl
2014-05-25 04:03 - 2012-10-31 13:51 - 00000045 _____ () C:\Windows\system\Cm106.ini
2014-05-25 04:03 - 2012-10-27 20:35 - 00000271 _____ () C:\Windows\system\Dlap.pfx
2014-05-25 04:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-05-20 22:45 - 2012-08-27 11:04 - 00002190 ____H () C:\Users\KoXz\Documents\Default.rdp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2013-08-21 19:57] - [2011-02-25 08:19] - 3116032 ____A (Microsoft Corporation) C75397540197EC386730E9F4F89BAE81

C:\Windows\SysWOW64\explorer.exe
[2011-06-16 22:56] - [2011-02-25 07:30] - 2860544 ____A (Microsoft Corporation) 6A9FE1FD8B09A35CFA10FCE33D37F1F8

C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2014-06-08 02:09

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System 7) (Fixed) (Total:119.14 GB) (Free:53.02 GB) NTFS
Drive d: (Games & BioH) (Fixed) (Total:1863.02 GB) (Free:569.59 GB) NTFS
Drive f: (250MB) (Removable) (Total:0.24 GB) (Free:0 GB) NTFS
Drive j: (KOXZ) (Removable) (Total:0.96 GB) (Free:0.74 GB) FAT32
Drive k: (KingstonR500) (Removable) (Total:14.89 GB) (Free:4.77 GB) NTFS

Available physical RAM: 5262.02 MB
Total physical RAM: 8188.54 MB
Percentage of memory in use: 35%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6B3480BD)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
Disk: 1 (Size: 1863 GB) (Disk ID: 61063925)
Partition 1: (Not Active) - (Size=-198625460224) - (Type=07 NTFS)
Disk: 2 (Size: 984 MB) (Disk ID: D21460B1)
Partition 1: (Active) - (Size=984 MB) - (Type=0B)
Disk: 3 (Size: 250 MB) (Disk ID: 020E1A0F)
Partition 1: (Active) - (Size=249 MB) - (Type=07 NTFS)
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 000A8C28)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\KoXz\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\KoXz\Desktop" je 328 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudCtrl
C:\Program Files (x86)\BlueStacks\HD-Agent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cm106Sound
C:\Program Files (x86)\Creative\Splash Screen\CTEaxSpl.EXE /run [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S1F3D.tmp" /EF "HKLM" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series
"C:\Users\KoXz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Users\KoXz\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hoolapp Android
C:\Program Files (x86)\Samsung Kies 2\Kies\KiesTrayAgent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
"C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe
D:\Temp\csrss.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Hosting Service
"C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
"C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
F:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC
"C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoccatValo
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler
"C:\Program Files (x86)\Steam\Steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
C:\Program Files (x86)\Slim Toolbar\ToolbarTray.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolbarTray
C:\Windows\Updreg.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
"C:\Users\KoXz\AppData\Local\Viber\Viber.exe" StartMinimized [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viber
Reim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk
C:\PROGRA~2\MICROS~2\Office10\OSA.EXE -b -l [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^KoXz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Half-Life 2 Config.lnk
D:\Games\HALF-L~3\bin\config.exe [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Windows\\SysWOW64\\msiexec.exe"="C:\\Windows\\SysWOW64\\msiexec.exe:*:Generic Host Process"
"C:\\Windows\\SysWOW64\\svchost.exe"="C:\\Windows\\SysWOW64\\svchost.exe:*:Generic Host Process"
"Microsoft Windows Hosting Service"="D:\\Temp\\csrss.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **vyosek** » 15 čer 2014 17:43

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze

KoXz · #7 Příspěvek od **KoXz** » 15 čer 2014 17:47

Licenci mám z práce, nepoužívám žádný loader

Tedy ano, legální systém. Podrobnosti případně PM

#8 Příspěvek od **vyosek** » 15 čer 2014 17:49

Jako navstevnik PM nenapisete, pripadne mail, ale OK, tohle mi staci...

Je tam cela zoo i s babkou pokladni

Jste se dal na chov konicku trojskych a stadecka rootkitu ne

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

KoXz · #9 Příspěvek od **KoXz** » 15 čer 2014 18:05

Tak scan probíhá. Jestli problém bude nejspíš jednak v tom, že nevím jak dlouho essential neběžel a druhak jsem se pokoušel o opravu tímto nástrojem:

Kód: Vybrat vše

http://www.dllsuite.net/

Jenže jsem, nenašel žádnou recenzi, či hodnocení, takže opravou cca 150knihoven.... Mohl to zhoršit?
Zatím našel 13x malware ačkoliv jsem to přojížděl spybotem :-/

Edit: Tak na 13ti skončil a aktualizace již opět běží

Po zkušenosti Vážně přemýšlím, že bych si koupil kaperskyho, Líbí se mi jednoduchostí a neotravuje podobně jako essential, navíc hodnocení má zdá se dobré, doporučili by jste ho?
A díky mockrát

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.06.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
KoXz :: KOXZ-PC [administrator]

15.6.2014 18:57:38
mbar-log-2014-06-15 (18-57-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 342901
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SYSTEM\CURRENTCONTROLSET\SERVICES\RUN (Malware.Trace) -> Delete on reboot. [d0e274ffc2b90432e41fd8ede41eae52]

Registry Values Detected: 4
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUN|Windows RPC Host Service (Trojan.Sermis) -> Data: D:\Temp\csrss.exe -> Delete on reboot. [b3fff0833c3fd95d88b8fcd55ca76f91]
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Microsoft Windows Firewall Service (Trojan.Agent) -> Data: D:\Temp\csrss.exe -> Delete on reboot. [753d710294e72016051c8656f70c1ce4]
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ (Trojan.Zaccess) -> Data: -> Delete on reboot. [8e24462d76058aac9ba2669ce41cd22e]
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SYSTEM\CURRENTCONTROLSET\SERVICES\RUN|Windows RPC Host Service (Malware.Trace) -> Data: D:\Temp\csrss.exe -> Delete on reboot. [d0e274ffc2b90432e41fd8ede41eae52]

Registry Data Items Detected: 1
HKU\S-1-5-21-1984404364-3195743573-2263273467-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (Hijack.StartPage) -> Bad: (http://ultimate-search.net/) Good: (http://www.google.com) -> Replace on reboot. [179b462de695ac8a5401adc117eda35d]

Folders Detected: 7
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙ (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5} (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\L (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5}\U (Trojan.0Access) -> Delete on reboot. [1f9360132b500333d26544be30d016ea]
C:\Users\KoXz\AppData\Local\Google\Desktop\Install\{9124c53a-6f38-4b60-2b0a-35a8ae5709d5} (Trojan.0Access) -> Delete on reboot. [347e1c572655c076ed4b2cd654ac41bf]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#10 Příspěvek od **vyosek** » 15 čer 2014 18:11

Spybot uz je tri roky mimo a neschopny na aktualni havet co tam mate

Dll Suite - jen reklamni trik

#11 Příspěvek od **vyosek** » 15 čer 2014 18:14

Nejhorsi mame za sebou, ale jeste pokracujem

Jinak Kaspersky je sverepy bojovnik z Ruska a stalice na poli v bojem s haveti, urcite by nebyl spatny

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

KoXz · #12 Příspěvek od **KoXz** » 15 čer 2014 18:27

Nesnáším toolbary

Je vidět, že jste profíci a víte co na tu havěť funguje

Rád bych se odvděčil, tak žvažuji ten nákup Kaperskyho u Vás v obchodě, ale koukám, že máte verzi 2012, 14 bude?
Již jsme skončili?

# AdwCleaner v3.212 - Report created 15/06/2014 at 19:20:24
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : KoXz - KOXZ-PC
# Running from : C:\Users\KoXz\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Users\KoXz\AppData\Local\PackageAware
Folder Deleted : C:\Users\KoXz\AppData\Roaming\DealPly
Folder Deleted : C:\Users\KoXz\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\KoXz\AppData\Roaming\HoolappforAndroid
Folder Deleted : C:\Users\KoXz\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\SweetPacksToolbarData
Folder Deleted : C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\WebSiteRecommendation@weliketheweb.com
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
File Deleted : C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\user.js
File Deleted : C:\Users\KoXz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
File Deleted : C:\Users\KoXz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opal-convert-vcf-to-csv-to-vcf_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opal-convert-vcf-to-csv-to-vcf_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_scavenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_scavenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3posw2k9.default\prefs.js ]

[ File : C:\Users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\prefs.js ]

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112560&tt=220512_53ctrl");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "10df92900000000000001c6f65ac1a5a");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "10df92900000000000001c6f65ac1a5a");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15495");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:25:16");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,DuplicateInTabContext%40schuzak.jp:1.0.0,WebSiteRecommendation%40weliketheweb.com:1.1.2,%7B888d99e7-e8b5-46a3-851e-1ec45da1e64[...]
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1377501154047");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{D025642C-1B76-11E2-B3BC-0015833D0A57}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={065377CC-FCA3-4A00-A19D-1FD9767D4667}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=10df92900000000000001c6f65ac1a5a&babsrc=SP_ss&tt=220512_53ctrl&affID=112560&q={searchTerms}
Deleted [Search Provider] : hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202087E0D4C1DB27DE9E4ABFC0268&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : acaoakiamfeidcmgooclgeleejkbaecf

[ File : C:\Users\KoXz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={065377CC-FCA3-4A00-A19D-1FD9767D4667}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=10df92900000000000001c6f65ac1a5a&babsrc=SP_ss&tt=220512_53ctrl&affID=112560&q={searchTerms}
Deleted [Search Provider] : hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202087E0D4C1DB27DE9E4ABFC0268&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [17128 octets] - [15/06/2014 19:15:54]
AdwCleaner[S0].txt - [17596 octets] - [15/06/2014 19:20:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17657 octets] ##########

#13 Příspěvek od **vyosek** » 15 čer 2014 18:30

Jeste nee, je toho hodne a musime postupne, zadny univerzalni nastroj neexistuje

Ohledne toho shopu se zeptam kolegy, co jej ma na starost. Pripadne muzete zkusit ESET, ten je tez na velmi dobre urovni

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

KoXz · #14 Příspěvek od **KoXz** » 16 čer 2014 08:24

Omlouvám se, že jsem již nenapsal, ale nešel mi vložit příspěvek s logem.

Stále mi to psalo(píše): nebyla přijata žádná data

Tak takhle:

Kód: Vybrat vše

http://mujweb.cz/vanoch/ComboFix.txt

#15 Příspěvek od **vyosek** » 16 čer 2014 21:07

Kdo\co tohle Stále mi to psalo(píše): nebyla přijata žádná data pise??

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\explorer.exe

Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy 2

File::
c:\users\KoXz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GT3 recycle bin.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"3212083974"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

Driver::
tefuzowv

Firefox::
FF - ProfilePath - c:\users\KoXz\AppData\Roaming\Mozilla\Firefox\Profiles\rowjpm4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://ultimate-search.net/

RegNull::
[HKEY_USERS\S-1-5-21-1984404364-3195743573-2263273467-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4899DB87-8D90-45B0-B1D1-16A008312177}*]
[HKEY_USERS\S-1-5-21-1984404364-3195743573-2263273467-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1984404364-3195743573-2263273467-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Služba centrum zabezpečení chybí. nejdou aktualizace atd..

Služba centrum zabezpečení chybí. nejdou aktualizace atd..

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd

Re: Služba centrum zabezpečení chybí. nejdou aktualizace atd