prosím o konrolu Logu

[signit]

Dobrý den, už nějaký týden se mi zpomaluje připojení k internetu. Poprosil bych o kontrolu logu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by negro at 2014-06-21 14:53:04
Microsoft Windows 8 Enterprise
System drive C: has 8 GB (17%) free of 50 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:14, on 21. 6. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Opera\opera.exe
C:\Users\negro\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\negro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16805
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\negro\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [tsiVideo] rundll32.exe C:\Users\negro\AppData\Local\Temp\\mdi064.dll,runme
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6855 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Nvtmru"=C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-08-27 1028896]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"=DevDetect.exe -autorun []
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2013-01-20 1354736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"uTorrent"=C:\Users\negro\AppData\Roaming\uTorrent\uTorrent.exe [2014-05-04 1270352]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"AdobeBridge"= []
"tsiVideo"=C:\Users\negro\AppData\Local\Temp\\mdi064.dll [2014-03-08 2140160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2025-10-01 03:46:46 ----A---- C:\Windows\system32\netcfg-19858.txt
2025-10-01 03:46:46 ----A---- C:\Windows\system32\netcfg-19765.txt
2014-06-21 14:53:05 ----D---- C:\Program Files\trend micro
2014-06-21 14:53:04 ----D---- C:\rsit
2014-06-21 11:46:39 ----A---- C:\Windows\system32\netcfg-241350519.txt
2014-06-20 18:43:07 ----A---- C:\Windows\system32\netcfg-179941459.txt
2014-06-20 17:48:22 ----A---- C:\Windows\system32\netcfg-176656374.txt
2014-06-19 19:53:21 ----A---- C:\Windows\system32\netcfg-97757792.txt
2014-06-19 19:52:37 ----A---- C:\Windows\system32\netcfg-97712973.txt
2014-06-19 19:43:26 ----A---- C:\Windows\system32\netcfg-97162757.txt
2014-06-19 18:49:11 ----A---- C:\Windows\system32\netcfg-93907812.txt
2014-06-19 18:38:03 ----A---- C:\Windows\system32\netcfg-93239597.txt
2014-06-19 17:28:40 ----A---- C:\Windows\system32\netcfg-89076399.txt
2014-06-19 06:56:51 ----A---- C:\Windows\system32\netcfg-51169310.txt
2014-06-19 06:47:30 ----A---- C:\Windows\system32\netcfg-50608346.txt
2014-06-18 18:42:44 ----A---- C:\Windows\system32\netcfg-7125470.txt
2014-06-17 16:46:31 ----A---- C:\Windows\system32\netcfg-146516.txt
2014-06-17 16:46:30 ----A---- C:\Windows\system32\netcfg-146438.txt
2014-06-16 17:23:11 ----A---- C:\Windows\system32\netcfg-32651.txt
2014-06-14 21:35:33 ----A---- C:\Windows\system32\netcfg--2119175550.txt
2014-06-14 20:07:21 ----A---- C:\Windows\system32\netcfg--2124468056.txt
2014-06-14 14:24:15 ----A---- C:\Windows\system32\netcfg--2145051327.txt
2014-06-14 13:33:30 ----A---- C:\Windows\system32\netcfg-2146870471.txt
2014-06-14 12:59:30 ----A---- C:\Windows\system32\netcfg-2144831304.txt
2014-06-14 10:33:57 ----A---- C:\Windows\system32\netcfg-2136097588.txt
2014-06-13 17:48:00 ----A---- C:\Windows\system32\netcfg-2075744124.txt
2014-06-13 17:02:33 ----A---- C:\Windows\system32\netcfg-2073016633.txt
2014-06-12 20:40:32 ----A---- C:\Windows\system32\netcfg-1999698488.txt
2014-06-12 19:34:43 ----A---- C:\Windows\system32\netcfg-1995749401.txt
2014-06-12 14:41:12 ----A---- C:\Windows\system32\netcfg-1978141209.txt
2014-06-12 12:42:50 ----A---- C:\Windows\system32\netcfg-1971035176.txt
2014-06-11 20:58:03 ----A---- C:\Windows\system32\netcfg-1914350825.txt
2014-06-11 20:32:24 ----A---- C:\Windows\system32\netcfg-1912811906.txt
2014-06-10 23:50:56 ----A---- C:\Windows\system32\netcfg-1838326623.txt
2014-06-10 22:41:24 ----A---- C:\Windows\system32\netcfg-1834155250.txt
2014-06-09 20:55:34 ----A---- C:\Windows\system32\netcfg-1741407913.txt
2014-06-09 17:52:44 ----A---- C:\Windows\system32\netcfg-1730437580.txt
2014-06-08 22:00:23 ----A---- C:\Windows\system32\netcfg-1658899702.txt
2014-06-08 20:37:30 ----A---- C:\Windows\system32\netcfg-1653926281.txt
2014-06-08 11:28:38 ----A---- C:\Windows\system32\netcfg-1620997028.txt
2014-06-08 10:18:48 ----A---- C:\Windows\system32\netcfg-1616806748.txt
2014-06-08 01:26:57 ----A---- C:\Windows\system32\netcfg-1584898491.txt
2014-06-07 12:41:54 ----A---- C:\Windows\system32\netcfg-1538996070.txt
2014-06-07 12:08:19 ----A---- C:\Windows\system32\netcfg-1536980834.txt
2014-06-07 09:44:27 ----A---- C:\Windows\system32\netcfg-1528349251.txt
2014-06-05 22:31:39 ----A---- C:\Windows\system32\netcfg-1401583759.txt
2014-06-05 21:36:03 ----A---- C:\Windows\system32\netcfg-1398248115.txt
2014-06-05 21:36:00 ----A---- C:\Windows\system32\netcfg-1398244605.txt
2014-06-05 20:51:04 ----A---- C:\Windows\system32\netcfg-1395548627.txt
2014-06-05 20:50:08 ----A---- C:\Windows\system32\netcfg-1395493122.txt
2014-06-05 20:06:16 ----A---- C:\Windows\system32\netcfg-1392860667.txt
2014-06-05 19:20:36 ----A---- C:\Windows\system32\netcfg-1390120276.txt
2014-06-05 19:20:35 ----A---- C:\Windows\system32\netcfg-1390119886.txt
2014-06-05 19:19:30 ----A---- C:\Windows\system32\netcfg-1390054568.txt
2014-06-05 19:18:53 ----A---- C:\Windows\system32\netcfg-1390017799.txt
2014-06-05 19:16:34 ----A---- C:\Windows\system32\netcfg-1389878178.txt
2014-06-05 19:16:28 ----A---- C:\Windows\system32\netcfg-1389872718.txt
2014-06-05 19:11:33 ----A---- C:\Windows\system32\netcfg-1389578125.txt
2014-06-05 19:09:52 ----A---- C:\Windows\system32\netcfg-1389472887.txt
2014-06-05 19:03:37 ----A---- C:\Windows\system32\netcfg-1389097346.txt
2014-06-05 17:57:51 ----A---- C:\Windows\system32\netcfg-1385151285.txt
2014-06-04 23:14:34 ----A---- C:\Windows\system32\netcfg-1317757059.txt
2014-06-04 23:13:05 ----A---- C:\Windows\system32\netcfg-1317667577.txt
2014-06-04 21:04:28 ----A---- C:\Windows\system32\netcfg-1309951284.txt
2014-06-04 16:51:30 ----A---- C:\Windows\system32\netcfg-1294772652.txt
2014-06-04 16:42:37 ----A---- C:\Windows\system32\netcfg-1294240205.txt
2014-06-04 16:25:06 ----A---- C:\Windows\system32\netcfg-1293189210.txt
2014-06-04 16:25:01 ----A---- C:\Windows\system32\netcfg-1293183750.txt
2014-06-04 16:00:33 ----A---- C:\Windows\system32\netcfg-1291716062.txt
2014-06-04 15:59:53 ----A---- C:\Windows\system32\netcfg-1291675720.txt
2014-06-04 15:34:19 ----A---- C:\Windows\system32\netcfg-1290141824.txt
2014-06-03 21:48:42 ----A---- C:\Windows\system32\netcfg-1226207389.txt
2014-06-03 16:21:35 ----A---- C:\Windows\system32\netcfg-1206580482.txt
2014-06-02 21:32:44 ----A---- C:\Windows\system32\netcfg-1138852538.txt
2014-06-02 18:54:28 ----D---- C:\Program Files\FBReader
2014-06-02 16:11:50 ----A---- C:\Windows\system32\netcfg-1119598037.txt
2014-06-01 23:00:12 ----A---- C:\Windows\system32\netcfg-1057703642.txt
2014-06-01 14:27:24 ----A---- C:\Windows\system32\netcfg-1026935237.txt
2014-06-01 00:25:31 ----A---- C:\Windows\system32\netcfg-976425374.txt
2014-05-31 11:36:47 ----A---- C:\Windows\system32\netcfg-930300995.txt
2014-05-30 18:43:06 ----A---- C:\Windows\system32\netcfg-869482679.txt
2014-05-30 17:21:09 ----A---- C:\Windows\system32\netcfg-864565840.txt
2014-05-29 22:05:01 ----A---- C:\Windows\system32\netcfg-795201384.txt
2014-05-29 15:41:47 ----A---- C:\Windows\system32\netcfg-772206805.txt
2014-05-28 21:08:43 ----A---- C:\Windows\system32\netcfg-705425819.txt
2014-05-28 14:51:50 ----A---- C:\Windows\system32\netcfg-682812928.txt
2014-05-27 21:59:38 ----A---- C:\Windows\system32\netcfg-622083938.txt
2014-05-27 19:13:42 ----A---- C:\Windows\system32\nvStreaming.exe
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvopencl.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvoglv32.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\NvIFR.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\NvFBC.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvdispgenco3233788.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvdispco3233788.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuvid.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuda.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-05-27 19:08:54 ----A---- C:\Windows\system32\nvcompiler.dll
2014-05-27 19:05:40 ----D---- C:\NVIDIA
2014-05-27 16:55:13 ----A---- C:\Windows\system32\netcfg-603818905.txt
2014-05-26 21:37:13 ----A---- C:\Windows\system32\netcfg-534341597.txt
2014-05-26 18:09:31 ----A---- C:\Windows\system32\netcfg-521880081.txt
2014-05-26 18:09:26 ----A---- C:\Windows\system32\netcfg-521874684.txt
2014-05-26 17:06:12 ----A---- C:\Windows\system32\netcfg-518080427.txt
2014-05-25 22:01:14 ----A---- C:\Windows\system32\netcfg-449385060.txt
2014-05-25 09:24:19 ----A---- C:\Windows\system32\netcfg-403970361.txt
2014-05-24 22:25:58 ----A---- C:\Windows\system32\netcfg-364472202.txt
2014-05-24 22:10:19 ----A---- C:\Windows\system32\netcfg-363533123.txt
2014-05-24 22:09:34 ----A---- C:\Windows\system32\netcfg-363488210.txt
2014-05-24 22:09:32 ----A---- C:\Windows\system32\netcfg-363486338.txt
2014-05-24 22:08:32 ----A---- C:\Windows\system32\netcfg-363426496.txt
2014-05-24 22:08:32 ----A---- C:\Windows\system32\netcfg-363425950.txt
2014-05-24 21:50:42 ----A---- C:\Windows\system32\netcfg-362355674.txt
2014-05-24 13:47:39 ----A---- C:\Windows\system32\netcfg-333375181.txt
2014-05-24 06:41:01 ----A---- C:\Windows\system32\netcfg-307777820.txt
2014-05-23 23:30:30 ----A---- C:\Windows\system32\netcfg-281948859.txt
2014-05-23 17:26:57 ----A---- C:\Windows\system32\netcfg-260132946.txt

======List of files/folders modified in the last 1 month======

2014-06-21 14:53:05 ----RD---- C:\Program Files
2014-06-21 14:31:55 ----D---- C:\Windows\system32\NDF
2014-06-21 14:31:34 ----D---- C:\Windows\Temp
2014-06-21 14:00:00 ----D---- C:\Windows\system32\sru
2014-06-21 13:51:34 ----D---- C:\Users\negro\AppData\Roaming\uTorrent
2014-06-21 13:50:31 ----D---- C:\ProgramData\NVIDIA
2014-06-21 12:49:29 ----D---- C:\Windows\Prefetch
2014-06-21 12:49:10 ----D---- C:\Windows
2014-06-21 12:48:32 ----D---- C:\Windows\Minidump
2014-06-21 12:16:18 ----D---- C:\Windows\Microsoft.NET
2014-06-21 11:46:39 ----RD---- C:\Windows\System32
2014-06-19 18:17:12 ----D---- C:\Windows\system32\config
2014-06-17 18:32:11 ----D---- C:\Windows\inf
2014-06-17 18:32:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-16 18:27:27 ----SHD---- C:\System Volume Information
2014-06-04 15:57:57 ----D---- C:\Program Files\Bulk Image Downloader
2014-06-03 17:03:29 ----D---- C:\Windows\system32\FxsTmp
2014-05-27 19:13:49 ----D---- C:\Program Files\NVIDIA Corporation
2014-05-27 19:13:38 ----D---- C:\Windows\system32\DriverStore
2014-05-27 19:11:16 ----D---- C:\Windows\system32\Drivers
2014-05-27 19:08:27 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 53224]
R1 dtsoftbus01;@oem11.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2013-01-27 242240]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 EpfwLWF;@oem6.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 52224]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 anvsnddrv;@oem36.inf,%anvsnddrv.SvcDesc%;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
R3 athr;@oem13.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8.sys [2012-11-18 2829312]
R3 MTsensor;@oem12.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 10533152]
R3 nvvad_WaveExtensible;@oem29.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 13824]
S3 nmwcd;@oem14.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;@oem17.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 OSFMount;OSFMount; \??\E:\GAMES\Counter-Strike Global Offensive\image\x86\OSFMount.sys [2013-10-18 353208]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2012-07-26 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2012-07-26 46592]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-14 1329304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 668104]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-08-27 2155296]
R2 slsvc;Software Licensing Service; C:\Windows\slsvc.exe [2012-09-25 10240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 410968]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02 116648]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2012-07-06 43616]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-04-20 76888]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944]

-----------------EOF-----------------

[Márty84]

Zdravim

Nejprve se zeptam, jak je to s legalitou systemu? Enterprise neni zrovna bezna domaci verze

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

[signit]

OS je legální a antivir taky, je ale neaktivovaný tak má zastaralou databazi....

Výpis z MAM:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.06.21.08

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16384
negro :: LOSLOBOS [administrátor]

Ochrana: Povolena

21. 6. 2014 19:14:22
MBAM-log-2014-06-21 (19-57-36).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 421833
Uplynulý čas: 39 minut, 32 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 1
C:\Users\negro\AppData\Local\Temp\mdi064.dll (Trojan.Bitminer) -> Nebyla provedena žádná instrukce.

Nalezené klíče v registru: 2
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tsiVideo (Trojan.Bitminer) -> Data: rundll32.exe C:\Users\negro\AppData\Local\Temp\\mdi064.dll,runme -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tsiVideo (PUP.BitcoinMiner) -> Data: rundll32.exe C:\Users\negro\AppData\Local\Temp\\mdi064.dll,runme -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Users\negro\AppData\Local\Temp\mdi064.dll (Trojan.Bitminer) -> Nebyla provedena žádná instrukce.
C:\Users\negro\AppData\Local\Temp\ICReinstall_Free eXPert PDF Reader 3.5 3.5 by iwdownload.exe (PUP.Optional.Freemium.A) -> Nebyla provedena žádná instrukce.
C:\Users\negro\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\negro\AppData\Local\Temp\iswizard05\iswizard.7z (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\negro\AppData\Local\Temp\mdi064.dll (PUP.BitcoinMiner) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

To nechapu, proc jej tedy neaktualizujete?


Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte. Napiste vysledek testu a podle toho zvolim dalsi postup.

[signit]

no s tím pomalým připojením to jaksi nešlo aktualizovat... sotva sem načetl tento web.

Po smazání:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.06.21.08

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16384
negro :: LOSLOBOS [administrátor]

Ochrana: Povolena

21. 6. 2014 21:20:39
mbam-log-2014-06-21 (21-20-39).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 420810
Uplynulý čas: 38 minut, 1 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Márty84]

MBAM odinstalujte.


Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[signit]

připojení se výrazně zlepšilo a virová databazé se aktualizovala...

Tady je log

# AdwCleaner v3.212 - Report created 22/06/2014 at 16:07:06
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8 Enterprise (32 bits)
# Username : negro - LOSLOBOS
# Running from : C:\Users\negro\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\negro\AppData\Local\Mobogenie
Folder Deleted : C:\Users\negro\Documents\Mobogenie
File Deleted : C:\Users\negro\daemonprocess.txt

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2D6074-8317-4050-890F-116E54CFAAD9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1788 octets] - [22/06/2014 16:05:03]
AdwCleaner[S0].txt - [1745 octets] - [22/06/2014 16:07:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1805 octets] ##########

[Márty84]

To jsem rad, ale bude treba to docistit poradne, jinak se to zase po....



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[signit]

ComboFix 14-06-21.02 - negro . 06. 2014 17:10:41.1.2 - x86
Microsoft Windows 8 Enterprise 6.2.9200.0.1250.420.1029.18.3327.2506 [GMT 2:00]
Spuštěný z: c:\users\negro\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-22 do 2014-06-22 )))))))))))))))))))))))))))))))
.
.
2014-06-22 15:17 . 2014-06-22 15:17 -------- d-----w- c:\users\negro\AppData\Local\temp
2014-06-22 14:05 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 14:04 . 2014-06-22 14:07 -------- d-----w- C:\AdwCleaner
2014-06-21 14:53 . 2014-06-21 14:53 -------- d-----w- c:\users\negro\AppData\Roaming\Malwarebytes
2014-06-21 14:52 . 2014-06-21 14:52 -------- d-----w- c:\programdata\Malwarebytes
2014-06-21 13:30 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2014-06-21 12:53 . 2014-06-21 12:53 -------- d-----w- c:\program files\trend micro
2014-06-21 12:53 . 2014-06-21 12:53 -------- d-----w- C:\rsit
2014-06-21 10:48 . 2014-06-21 10:48 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-06-02 16:54 . 2014-06-02 16:55 -------- d-----w- c:\users\negro\.FBReader
2014-06-02 16:54 . 2014-06-02 16:54 -------- d-----w- c:\program files\FBReader
2014-05-27 17:13 . 2014-05-19 23:11 603592 ----a-w- c:\windows\system32\nvStreaming.exe
2014-05-27 17:13 . 2014-05-14 02:20 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-27 17:08 . 2014-05-20 02:39 9735256 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-27 17:08 . 2014-05-20 02:39 9697640 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-27 17:08 . 2014-05-20 02:39 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-05-27 17:08 . 2014-05-20 02:39 866592 ----a-w- c:\windows\system32\NvIFR.dll
2014-05-27 17:08 . 2014-05-20 02:39 861128 ----a-w- c:\windows\system32\NvFBC.dll
2014-05-27 17:08 . 2014-05-20 02:39 2953672 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-27 17:08 . 2014-05-20 02:39 2413344 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-27 17:08 . 2014-05-20 02:39 24024408 ----a-w- c:\windows\system32\nvoglv32.dll
2014-05-27 17:08 . 2014-05-20 02:39 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-05-27 17:08 . 2014-05-20 02:39 10533152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-27 17:08 . 2014-05-20 02:39 17559384 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-27 17:05 . 2014-05-27 17:05 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 02:39 . 2013-10-15 18:22 14434704 ----a-w- c:\windows\system32\nvd3dum.dll
2014-05-20 02:39 . 2013-07-06 10:16 2730208 ----a-w- c:\windows\system32\nvapi.dll
2014-05-20 02:39 . 2012-12-02 13:36 52056 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:39 . 2012-07-25 20:25 16003912 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-05-20 00:04 . 2012-12-02 13:36 4379592 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 00:04 . 2012-12-02 13:36 3055560 ----a-w- c:\windows\system32\nvsvc.dll
2014-05-20 00:04 . 2012-12-02 13:36 668104 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 00:04 . 2012-11-11 16:23 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-20 00:04 . 2012-12-02 13:36 61784 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 00:04 . 2012-12-02 13:36 376096 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-18 16:08 . 2013-03-10 10:36 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-04-14 18:13 . 2014-04-20 18:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\negro\AppData\Roaming\uTorrent\uTorrent.exe" [2014-05-04 1270352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 OSFMount;OSFMount;e:\games\Counter-Strike Global Offensive\image\x86\OSFMount.sys [2013-10-18 353208]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 53224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2013-01-27 242240]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-11-14 1329304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 15:03 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-09-23 19:43 214664 ----a-w- c:\program files\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-02 19:20]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-02 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=16805
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-237601131-3694125505-301223904-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,a4,19,1d,30,d5,00,57,6e,ba,65,8a,3d,c9,0f,4d,9c,ee,53,bc,13,28,cf,
bc,f9,75,ac,d4,21,d1,80,9a,d0,37,60,85,5e,8c,b2,d9,c6,a0,f6,67,43,b6,c3,bc,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-06-22 17:18:16
ComboFix-quarantined-files.txt 2014-06-22 15:18
.
Před spuštěním: 8 609 599 488 bytes free
Po spuštění: 8 959 590 400 bytes free
.
- - End Of File - - 196C5B86B14225F50D00F70B9AE52ABD
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Zkontrolujte pak po cisteni, ze je Defender trvale vypnuty

Pokud jeste v pc je, odinstalujte Spyware Terminatora.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\drivers\sp_rsdrv2.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Regnull::
[HKEY_USERS\S-1-5-21-237601131-3694125505-301223904-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[signit]

provedeno... log:

ComboFix 14-06-21.02 - negro . 06. 2014 19:24:21.2.2 - x86
Microsoft Windows 8 Enterprise 6.2.9200.0.1250.420.1029.18.3327.2525 [GMT 2:00]
Spuštěný z: c:\users\negro\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\negro\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\sp_rsdrv2.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\sp_rsdrv2.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-22 do 2014-06-22 )))))))))))))))))))))))))))))))
.
.
2014-06-22 17:30 . 2014-06-22 17:32 -------- d-----w- c:\users\negro\AppData\Local\temp
2014-06-22 17:30 . 2014-06-22 17:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-22 17:30 . 2014-06-22 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-22 14:05 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-22 14:04 . 2014-06-22 14:07 -------- d-----w- C:\AdwCleaner
2014-06-21 14:53 . 2014-06-21 14:53 -------- d-----w- c:\users\negro\AppData\Roaming\Malwarebytes
2014-06-21 14:52 . 2014-06-21 14:52 -------- d-----w- c:\programdata\Malwarebytes
2014-06-21 12:53 . 2014-06-21 12:53 -------- d-----w- c:\program files\trend micro
2014-06-21 12:53 . 2014-06-21 12:53 -------- d-----w- C:\rsit
2014-06-21 10:48 . 2014-06-21 10:48 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-06-02 16:54 . 2014-06-02 16:55 -------- d-----w- c:\users\negro\.FBReader
2014-06-02 16:54 . 2014-06-02 16:54 -------- d-----w- c:\program files\FBReader
2014-05-27 17:13 . 2014-05-19 23:11 603592 ----a-w- c:\windows\system32\nvStreaming.exe
2014-05-27 17:13 . 2014-05-14 02:20 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-27 17:08 . 2014-05-20 02:39 9735256 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-27 17:08 . 2014-05-20 02:39 9697640 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-27 17:08 . 2014-05-20 02:39 908744 ----a-w- c:\windows\system32\nvdispgenco3233788.dll
2014-05-27 17:08 . 2014-05-20 02:39 866592 ----a-w- c:\windows\system32\NvIFR.dll
2014-05-27 17:08 . 2014-05-20 02:39 861128 ----a-w- c:\windows\system32\NvFBC.dll
2014-05-27 17:08 . 2014-05-20 02:39 2953672 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-27 17:08 . 2014-05-20 02:39 2413344 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-27 17:08 . 2014-05-20 02:39 24024408 ----a-w- c:\windows\system32\nvoglv32.dll
2014-05-27 17:08 . 2014-05-20 02:39 1056200 ----a-w- c:\windows\system32\nvdispco3233788.dll
2014-05-27 17:08 . 2014-05-20 02:39 10533152 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-27 17:08 . 2014-05-20 02:39 17559384 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-27 17:05 . 2014-05-27 17:05 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 02:39 . 2013-10-15 18:22 14434704 ----a-w- c:\windows\system32\nvd3dum.dll
2014-05-20 02:39 . 2013-07-06 10:16 2730208 ----a-w- c:\windows\system32\nvapi.dll
2014-05-20 02:39 . 2012-12-02 13:36 52056 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:39 . 2012-07-25 20:25 16003912 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-05-20 00:04 . 2012-12-02 13:36 4379592 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 00:04 . 2012-12-02 13:36 3055560 ----a-w- c:\windows\system32\nvsvc.dll
2014-05-20 00:04 . 2012-12-02 13:36 668104 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 00:04 . 2012-11-11 16:23 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-20 00:04 . 2012-12-02 13:36 61784 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 00:04 . 2012-12-02 13:36 376096 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-18 16:08 . 2013-03-10 10:36 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-04-14 18:13 . 2014-04-20 18:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 OSFMount;OSFMount;e:\games\Counter-Strike Global Offensive\image\x86\OSFMount.sys [2013-10-18 353208]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-07-26 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 53224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2013-01-27 242240]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-11-14 1329304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
S3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk63x86.sys [2012-07-25 238080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 15:03 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-09-23 19:43 214664 ----a-w- c:\program files\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-02 19:20]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-02 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=16805
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-237601131-3694125505-301223904-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,a4,19,1d,30,d5,00,57,6e,ba,65,8a,3d,c9,0f,4d,9c,ee,53,bc,13,28,cf,
bc,f9,75,ac,d4,21,d1,80,9a,d0,37,60,85,5e,8c,b2,d9,c6,a0,f6,67,43,b6,c3,bc,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\slsvc.exe
c:\windows\PersonalizeEnabler.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\windows\system32\taskhostex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2014-06-22 19:34:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-22 17:34
ComboFix2.txt 2014-06-22 15:18
.
Před spuštěním: 9 012 002 816 bytes free
Po spuštění: 8 982 417 408 bytes free
.
- - End Of File - - 6AD654150352770629F5CBB31251D3BD
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Dejte novy log z RSIT

[signit]

Logfile of random's system information tool 1.10 (written by random/random)
Run by negro at 2014-06-22 20:42:55
Microsoft Windows 8 Enterprise
System drive C: has 9 GB (17%) free of 50 GB
Total RAM: 3327 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:42:59, on 22. 6. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)
Boot mode: Normal

Running processes:
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\Users\negro\AppData\Local\Opera\Opera\temporary_downloads\RSIT (1).exe
C:\Program Files\trend micro\negro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16805
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5164 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-08-27 1028896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2025-10-01 03:46:46 ----A---- C:\Windows\system32\netcfg-19858.txt
2025-10-01 03:46:46 ----A---- C:\Windows\system32\netcfg-19765.txt
2014-06-22 19:34:42 ----D---- C:\Windows\temp
2014-06-22 19:34:41 ----A---- C:\ComboFix.txt
2014-06-22 19:32:56 ----SHD---- C:\$RECYCLE.BIN
2014-06-22 17:10:00 ----A---- C:\Windows\zip.exe
2014-06-22 17:10:00 ----A---- C:\Windows\SWXCACLS.exe
2014-06-22 17:10:00 ----A---- C:\Windows\SWSC.exe
2014-06-22 17:10:00 ----A---- C:\Windows\SWREG.exe
2014-06-22 17:10:00 ----A---- C:\Windows\sed.exe
2014-06-22 17:10:00 ----A---- C:\Windows\PEV.exe
2014-06-22 17:10:00 ----A---- C:\Windows\NIRCMD.exe
2014-06-22 17:10:00 ----A---- C:\Windows\MBR.exe
2014-06-22 17:10:00 ----A---- C:\Windows\grep.exe
2014-06-22 17:09:56 ----D---- C:\Qoobox
2014-06-22 17:09:46 ----D---- C:\Windows\erdnt
2014-06-22 16:09:28 ----A---- C:\Windows\system32\netcfg-21028.txt
2014-06-22 16:07:57 ----A---- C:\Windows\system32\netcfg-67956671.txt
2014-06-22 16:05:25 ----A---- C:\Windows\system32\sqlite3.dll
2014-06-22 16:04:58 ----D---- C:\AdwCleaner
2014-06-22 15:58:34 ----A---- C:\Windows\system32\netcfg-67393087.txt
2014-06-21 22:51:25 ----A---- C:\Windows\system32\netcfg-5768183.txt
2014-06-21 21:15:42 ----A---- C:\Windows\system32\netcfg-24850.txt
2014-06-21 21:14:07 ----A---- C:\Windows\system32\netcfg-26627561.txt
2014-06-21 20:52:39 ----A---- C:\Windows\system32\netcfg-25339679.txt
2014-06-21 20:44:34 ----A---- C:\Windows\system32\netcfg-24854266.txt
2014-06-21 16:53:24 ----D---- C:\Users\negro\AppData\Roaming\Malwarebytes
2014-06-21 16:52:55 ----D---- C:\ProgramData\Malwarebytes
2014-06-21 14:53:05 ----D---- C:\Program Files\trend micro
2014-06-21 14:53:04 ----D---- C:\rsit
2014-06-21 11:46:39 ----A---- C:\Windows\system32\netcfg-241350519.txt
2014-06-20 18:43:07 ----A---- C:\Windows\system32\netcfg-179941459.txt
2014-06-20 17:48:22 ----A---- C:\Windows\system32\netcfg-176656374.txt
2014-06-19 19:53:21 ----A---- C:\Windows\system32\netcfg-97757792.txt
2014-06-19 19:52:37 ----A---- C:\Windows\system32\netcfg-97712973.txt
2014-06-19 19:43:26 ----A---- C:\Windows\system32\netcfg-97162757.txt
2014-06-19 18:49:11 ----A---- C:\Windows\system32\netcfg-93907812.txt
2014-06-19 18:38:03 ----A---- C:\Windows\system32\netcfg-93239597.txt
2014-06-19 17:28:40 ----A---- C:\Windows\system32\netcfg-89076399.txt
2014-06-19 06:56:51 ----A---- C:\Windows\system32\netcfg-51169310.txt
2014-06-19 06:47:30 ----A---- C:\Windows\system32\netcfg-50608346.txt
2014-06-18 18:42:44 ----A---- C:\Windows\system32\netcfg-7125470.txt
2014-06-17 16:46:31 ----A---- C:\Windows\system32\netcfg-146516.txt
2014-06-17 16:46:30 ----A---- C:\Windows\system32\netcfg-146438.txt
2014-06-16 17:23:11 ----A---- C:\Windows\system32\netcfg-32651.txt
2014-06-14 21:35:33 ----A---- C:\Windows\system32\netcfg--2119175550.txt
2014-06-14 20:07:21 ----A---- C:\Windows\system32\netcfg--2124468056.txt
2014-06-14 14:24:15 ----A---- C:\Windows\system32\netcfg--2145051327.txt
2014-06-14 13:33:30 ----A---- C:\Windows\system32\netcfg-2146870471.txt
2014-06-14 12:59:30 ----A---- C:\Windows\system32\netcfg-2144831304.txt
2014-06-14 10:33:57 ----A---- C:\Windows\system32\netcfg-2136097588.txt
2014-06-13 17:48:00 ----A---- C:\Windows\system32\netcfg-2075744124.txt
2014-06-13 17:02:33 ----A---- C:\Windows\system32\netcfg-2073016633.txt
2014-06-12 20:40:32 ----A---- C:\Windows\system32\netcfg-1999698488.txt
2014-06-12 19:34:43 ----A---- C:\Windows\system32\netcfg-1995749401.txt
2014-06-12 14:41:12 ----A---- C:\Windows\system32\netcfg-1978141209.txt
2014-06-12 12:42:50 ----A---- C:\Windows\system32\netcfg-1971035176.txt
2014-06-11 20:58:03 ----A---- C:\Windows\system32\netcfg-1914350825.txt
2014-06-11 20:32:24 ----A---- C:\Windows\system32\netcfg-1912811906.txt
2014-06-10 23:50:56 ----A---- C:\Windows\system32\netcfg-1838326623.txt
2014-06-10 22:41:24 ----A---- C:\Windows\system32\netcfg-1834155250.txt
2014-06-09 20:55:34 ----A---- C:\Windows\system32\netcfg-1741407913.txt
2014-06-09 17:52:44 ----A---- C:\Windows\system32\netcfg-1730437580.txt
2014-06-08 22:00:23 ----A---- C:\Windows\system32\netcfg-1658899702.txt
2014-06-08 20:37:30 ----A---- C:\Windows\system32\netcfg-1653926281.txt
2014-06-08 11:28:38 ----A---- C:\Windows\system32\netcfg-1620997028.txt
2014-06-08 10:18:48 ----A---- C:\Windows\system32\netcfg-1616806748.txt
2014-06-08 01:26:57 ----A---- C:\Windows\system32\netcfg-1584898491.txt
2014-06-07 12:41:54 ----A---- C:\Windows\system32\netcfg-1538996070.txt
2014-06-07 12:08:19 ----A---- C:\Windows\system32\netcfg-1536980834.txt
2014-06-07 09:44:27 ----A---- C:\Windows\system32\netcfg-1528349251.txt
2014-06-05 22:31:39 ----A---- C:\Windows\system32\netcfg-1401583759.txt
2014-06-05 21:36:03 ----A---- C:\Windows\system32\netcfg-1398248115.txt
2014-06-05 21:36:00 ----A---- C:\Windows\system32\netcfg-1398244605.txt
2014-06-05 20:51:04 ----A---- C:\Windows\system32\netcfg-1395548627.txt
2014-06-05 20:50:08 ----A---- C:\Windows\system32\netcfg-1395493122.txt
2014-06-05 20:06:16 ----A---- C:\Windows\system32\netcfg-1392860667.txt
2014-06-05 19:20:36 ----A---- C:\Windows\system32\netcfg-1390120276.txt
2014-06-05 19:20:35 ----A---- C:\Windows\system32\netcfg-1390119886.txt
2014-06-05 19:19:30 ----A---- C:\Windows\system32\netcfg-1390054568.txt
2014-06-05 19:18:53 ----A---- C:\Windows\system32\netcfg-1390017799.txt
2014-06-05 19:16:34 ----A---- C:\Windows\system32\netcfg-1389878178.txt
2014-06-05 19:16:28 ----A---- C:\Windows\system32\netcfg-1389872718.txt
2014-06-05 19:11:33 ----A---- C:\Windows\system32\netcfg-1389578125.txt
2014-06-05 19:09:52 ----A---- C:\Windows\system32\netcfg-1389472887.txt
2014-06-05 19:03:37 ----A---- C:\Windows\system32\netcfg-1389097346.txt
2014-06-05 17:57:51 ----A---- C:\Windows\system32\netcfg-1385151285.txt
2014-06-04 23:14:34 ----A---- C:\Windows\system32\netcfg-1317757059.txt
2014-06-04 23:13:05 ----A---- C:\Windows\system32\netcfg-1317667577.txt
2014-06-04 21:04:28 ----A---- C:\Windows\system32\netcfg-1309951284.txt
2014-06-04 16:51:30 ----A---- C:\Windows\system32\netcfg-1294772652.txt
2014-06-04 16:42:37 ----A---- C:\Windows\system32\netcfg-1294240205.txt
2014-06-04 16:25:06 ----A---- C:\Windows\system32\netcfg-1293189210.txt
2014-06-04 16:25:01 ----A---- C:\Windows\system32\netcfg-1293183750.txt
2014-06-04 16:00:33 ----A---- C:\Windows\system32\netcfg-1291716062.txt
2014-06-04 15:59:53 ----A---- C:\Windows\system32\netcfg-1291675720.txt
2014-06-04 15:34:19 ----A---- C:\Windows\system32\netcfg-1290141824.txt
2014-06-03 21:48:42 ----A---- C:\Windows\system32\netcfg-1226207389.txt
2014-06-03 16:21:35 ----A---- C:\Windows\system32\netcfg-1206580482.txt
2014-06-02 21:32:44 ----A---- C:\Windows\system32\netcfg-1138852538.txt
2014-06-02 18:54:28 ----D---- C:\Program Files\FBReader
2014-06-02 16:11:50 ----A---- C:\Windows\system32\netcfg-1119598037.txt
2014-06-01 23:00:12 ----A---- C:\Windows\system32\netcfg-1057703642.txt
2014-06-01 14:27:24 ----A---- C:\Windows\system32\netcfg-1026935237.txt
2014-06-01 00:25:31 ----A---- C:\Windows\system32\netcfg-976425374.txt
2014-05-31 11:36:47 ----A---- C:\Windows\system32\netcfg-930300995.txt
2014-05-30 18:43:06 ----A---- C:\Windows\system32\netcfg-869482679.txt
2014-05-30 17:21:09 ----A---- C:\Windows\system32\netcfg-864565840.txt
2014-05-29 22:05:01 ----A---- C:\Windows\system32\netcfg-795201384.txt
2014-05-29 15:41:47 ----A---- C:\Windows\system32\netcfg-772206805.txt
2014-05-28 21:08:43 ----A---- C:\Windows\system32\netcfg-705425819.txt
2014-05-28 14:51:50 ----A---- C:\Windows\system32\netcfg-682812928.txt
2014-05-27 21:59:38 ----A---- C:\Windows\system32\netcfg-622083938.txt
2014-05-27 19:13:42 ----A---- C:\Windows\system32\nvStreaming.exe
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvopencl.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvoglv32.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\NvIFR.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\NvFBC.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvdispgenco3233788.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvdispco3233788.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuvid.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuvenc.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\nvcuda.dll
2014-05-27 19:08:55 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2014-05-27 19:08:54 ----A---- C:\Windows\system32\nvcompiler.dll
2014-05-27 19:05:40 ----D---- C:\NVIDIA
2014-05-27 16:55:13 ----A---- C:\Windows\system32\netcfg-603818905.txt
2014-05-26 21:37:13 ----A---- C:\Windows\system32\netcfg-534341597.txt
2014-05-26 18:09:31 ----A---- C:\Windows\system32\netcfg-521880081.txt
2014-05-26 18:09:26 ----A---- C:\Windows\system32\netcfg-521874684.txt
2014-05-26 17:06:12 ----A---- C:\Windows\system32\netcfg-518080427.txt
2014-05-25 22:01:14 ----A---- C:\Windows\system32\netcfg-449385060.txt
2014-05-25 09:24:19 ----A---- C:\Windows\system32\netcfg-403970361.txt
2014-05-24 22:25:58 ----A---- C:\Windows\system32\netcfg-364472202.txt
2014-05-24 22:10:19 ----A---- C:\Windows\system32\netcfg-363533123.txt
2014-05-24 22:09:34 ----A---- C:\Windows\system32\netcfg-363488210.txt
2014-05-24 22:09:32 ----A---- C:\Windows\system32\netcfg-363486338.txt
2014-05-24 22:08:32 ----A---- C:\Windows\system32\netcfg-363426496.txt
2014-05-24 22:08:32 ----A---- C:\Windows\system32\netcfg-363425950.txt
2014-05-24 21:50:42 ----A---- C:\Windows\system32\netcfg-362355674.txt
2014-05-24 13:47:39 ----A---- C:\Windows\system32\netcfg-333375181.txt
2014-05-24 06:41:01 ----A---- C:\Windows\system32\netcfg-307777820.txt
2014-05-23 23:30:30 ----A---- C:\Windows\system32\netcfg-281948859.txt
2014-05-23 17:26:57 ----A---- C:\Windows\system32\netcfg-260132946.txt

======List of files/folders modified in the last 1 month======

2014-06-22 20:34:10 ----D---- C:\Windows\Prefetch
2014-06-22 20:02:00 ----D---- C:\Windows\system32\sru
2014-06-22 19:51:59 ----RD---- C:\Windows\System32
2014-06-22 19:51:59 ----D---- C:\Windows\inf
2014-06-22 19:51:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-22 19:34:43 ----D---- C:\Windows\system32\Drivers
2014-06-22 19:34:42 ----D---- C:\Windows
2014-06-22 19:32:25 ----A---- C:\Windows\system.ini
2014-06-22 19:32:20 ----D---- C:\Windows\system32\drivers\etc
2014-06-22 19:31:35 ----D---- C:\ProgramData\NVIDIA
2014-06-22 19:26:52 ----D---- C:\Windows\apppatch
2014-06-22 19:26:51 ----D---- C:\Program Files\Common Files
2014-06-22 16:44:21 ----RD---- C:\Program Files
2014-06-22 16:44:20 ----D---- C:\ProgramData
2014-06-22 16:27:12 ----D---- C:\Windows\system32\config
2014-06-22 16:10:52 ----D---- C:\Users\negro\AppData\Roaming\uTorrent
2014-06-21 21:15:20 ----D---- C:\Windows\Setup
2014-06-21 20:10:25 ----D---- C:\Program Files\The KMPlayer
2014-06-21 18:45:44 ----D---- C:\Program Files\Nero
2014-06-21 14:46:21 ----SHD---- C:\System Volume Information
2014-06-21 14:31:55 ----D---- C:\Windows\system32\NDF
2014-06-21 12:48:32 ----D---- C:\Windows\Minidump
2014-06-21 12:16:18 ----D---- C:\Windows\Microsoft.NET
2014-06-04 15:57:57 ----D---- C:\Program Files\Bulk Image Downloader
2014-06-03 17:05:54 ----D---- C:\Windows\system32\FxsTmp
2014-05-27 19:13:49 ----D---- C:\Program Files\NVIDIA Corporation
2014-05-27 19:13:38 ----D---- C:\Windows\system32\DriverStore
2014-05-27 19:08:27 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-10-08 53224]
R1 dtsoftbus01;@oem11.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2013-01-27 242240]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 EpfwLWF;@oem6.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 52224]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R3 anvsnddrv;@oem36.inf,%anvsnddrv.SvcDesc%;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
R3 athr;@oem13.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8.sys [2012-11-18 2829312]
R3 MTsensor;@oem12.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-13 6504]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 10533152]
R3 nvvad_WaveExtensible;@oem29.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 13824]
S3 catchme;catchme; \??\C:\Users\negro\AppData\Local\Temp\catchme.sys []
S3 nmwcd;@oem14.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;@oem17.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 OSFMount;OSFMount; \??\E:\GAMES\Counter-Strike Global Offensive\image\x86\OSFMount.sys [2013-10-18 353208]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2012-07-26 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2012-07-26 46592]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-14 1329304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 668104]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-08-27 2155296]
R2 slsvc;Software Licensing Service; C:\Windows\slsvc.exe [2012-09-25 10240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 410968]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02 116648]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2012-07-06 43616]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2013-04-20 76888]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944]

-----------------EOF-----------------

[Márty84]

Jeste jeden sken a budem mazat.


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[signit]

OTL logfile created on: 23. 6. 2014 18:30:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\negro\Desktop
Enterprise Edition (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,67% Memory free
6,50 Gb Paging File | 5,45 Gb Available in Paging File | 83,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 8,50 Gb Free Space | 17,41% Space Free | Partition Type: NTFS
Drive D: | 37,27 Gb Total Space | 7,09 Gb Free Space | 19,03% Space Free | Partition Type: NTFS
Drive E: | 547,34 Gb Total Space | 139,79 Gb Free Space | 25,54% Space Free | Partition Type: NTFS

Computer Name: LOSLOBOS | User Name: negro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/23 18:27:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\negro\Desktop\OTL.exe
PRC - [2014/05/20 02:04:07 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014/05/20 02:04:06 | 001,818,456 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2014/05/20 01:11:19 | 000,410,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/27 23:17:21 | 014,573,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/08/27 23:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 23:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/02 22:56:09 | 000,878,480 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/11/14 11:07:04 | 001,329,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/11/14 11:06:56 | 005,074,384 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012/09/25 14:32:36 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\slsvc.exe
PRC - [2012/09/25 09:36:04 | 000,079,872 | ---- | M] () -- C:\Windows\PersonalizeEnabler.exe
PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/26 05:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/07/26 05:20:44 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2014/05/20 01:11:19 | 000,410,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/27 23:17:21 | 014,573,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/08/27 23:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/14 11:07:04 | 001,329,304 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012/09/25 14:32:36 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\slsvc.exe -- (slsvc)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 06:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 05:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/26 05:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/26 05:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/26 05:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/26 05:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/26 05:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/26 05:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/26 05:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 05:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/26 05:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/26 05:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/26 05:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/26 05:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/26 05:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/26 05:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 05:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/26 05:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/26 05:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/26 05:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/26 05:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/26 05:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/26 05:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/26 02:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/22 12:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\negro\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\negro\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/05/20 04:39:05 | 010,533,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/10/18 17:54:26 | 000,353,208 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- E:\GAMES\Counter-Strike Global Offensive\image\x86\OSFMount.sys -- (OSFMount)
DRV - [2013/08/20 15:33:30 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/01/27 11:08:55 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/11/18 10:00:00 | 002,829,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athw8.sys -- (athr)
DRV - [2012/10/08 09:21:08 | 000,149,568 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\epfw.sys -- (epfw)
DRV - [2012/10/08 09:21:08 | 000,121,216 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/10/08 09:21:08 | 000,053,224 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/10/08 09:21:08 | 000,046,056 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2012/10/08 09:21:06 | 000,170,656 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\Drivers\eamonm.sys -- (eamonm)
DRV - [2012/07/26 06:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/26 05:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/26 05:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/26 05:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/26 05:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/26 05:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/26 05:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/26 05:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/26 05:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/26 05:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/26 05:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/26 05:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/26 05:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/26 05:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/26 05:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/26 05:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/26 05:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/26 05:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/26 05:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/26 05:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/26 05:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/26 05:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/26 05:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/26 05:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/26 05:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/26 05:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/26 05:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/26 05:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/26 05:33:00 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2012/07/26 05:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/26 05:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/26 05:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/26 04:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/26 04:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/26 04:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/26 04:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/26 04:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/26 04:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/26 04:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/26 04:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/26 04:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/26 04:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/26 04:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/26 04:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/26 04:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/26 04:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/26 04:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/26 04:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/26 04:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/26 04:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/26 04:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/26 04:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/26 04:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/26 04:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/26 04:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/26 04:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/26 04:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/26 04:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/26 04:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/26 04:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/26 04:30:39 | 000,090,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2012/07/26 04:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/26 00:49:39 | 000,238,080 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\yk63x86.sys -- (yukonw8)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/28 15:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\anvsnddrv.sys -- (anvsnddrv)
DRV - [2009/05/13 20:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{009C0442-9972-4D61-8D97-716C95EA14C9}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{1D2B07A9-E0A1-4E26-8CF8-309CB1373EE0}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{3B9F8935-47CC-4736-9A69-BE3E491CAACD}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{421863AB-EA05-4EA5-8A79-8F93699FF2B6}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{623EBF5B-20F8-4FAF-89DC-B939F319BEF1}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{BEA92867-04E0-4301-86AF-DC675BE51F84}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{E3A1E4F5-97A1-4B46-9BB5-974A1DF41564}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{E3EA6650-0186-409B-B881-8C42E6B4F795}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..\SearchScopes\{F8842423-AC51-47A1-A854-8353B13965B0}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16805
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-237601131-3694125505-301223904-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-237601131-3694125505-301223904-1003\..\SearchScopes,DefaultScope =


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/12/02 15:18:30 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.seznam.cz/?clid=16805
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Disk Google = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Seznam Lištička - Email = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam Lištička - Slovník = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: YouTube = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávání Google = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Peněženka Google = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Seznam Lištička - Rychlá volba = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: Gmail = C:\Users\negro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/06/22 19:32:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237601131-3694125505-301223904-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-237601131-3694125505-301223904-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-237601131-3694125505-301223904-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: En&queue current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Open &link target with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with BID - C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Open current page with BID Link Explorer - C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKU\S-1-5-21-237601131-3694125505-301223904-1001\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F220149-5D1C-4669-B774-B1EBA3C8F479}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 08:52:25 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2014/04/05 21:58:35 | 110,989,141 | ---- | M] () - E:\Autom0biles_Classiques_Septembre_2013.pdf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: wlidsvc - C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
NetSvcs: SystemEventsBroker - C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs: DsmSvc - C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs: NcaSvc - C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/06/23 18:27:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\negro\Desktop\OTL.exe
[2014/06/22 19:34:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/06/22 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\negro\AppData\Local\temp
[2014/06/22 19:32:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/22 17:10:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/22 17:10:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/22 17:10:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2014/06/22 17:10:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/22 17:09:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/22 17:09:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/22 17:02:16 | 005,209,566 | R--- | C] (Swearware) -- C:\Users\negro\Desktop\ComboFix.exe
[2014/06/22 16:05:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/22 16:04:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/21 16:53:24 | 000,000,000 | ---D | C] -- C:\Users\negro\AppData\Roaming\Malwarebytes
[2014/06/21 16:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/21 14:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/06/21 14:53:04 | 000,000,000 | ---D | C] -- C:\rsit
[2014/06/02 18:54:41 | 000,000,000 | ---D | C] -- C:\Users\negro\.FBReader
[2014/06/02 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\negro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
[2014/06/02 18:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
[2014/06/02 18:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\FBReader
[2014/05/27 19:13:42 | 000,603,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2014/05/27 19:08:55 | 024,024,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014/05/27 19:08:55 | 010,533,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014/05/27 19:08:55 | 009,735,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014/05/27 19:08:55 | 009,697,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014/05/27 19:08:55 | 002,953,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014/05/27 19:08:55 | 002,413,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014/05/27 19:08:55 | 001,056,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233788.dll
[2014/05/27 19:08:55 | 000,908,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233788.dll
[2014/05/27 19:08:55 | 000,866,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014/05/27 19:08:55 | 000,861,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014/05/27 19:08:54 | 017,559,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014/05/27 19:05:40 | 000,000,000 | ---D | C] -- C:\NVIDIA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/23 18:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/06/23 18:27:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\negro\Desktop\OTL.exe
[2014/06/23 17:40:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/23 16:11:53 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/23 16:11:50 | 000,000,095 | ---- | M] () -- C:\Users\negro\.accessibility.properties
[2014/06/23 16:11:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 21:39:54 | 000,726,246 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/06/22 21:39:54 | 000,710,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/22 21:39:54 | 000,147,800 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/06/22 21:39:54 | 000,132,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/22 19:32:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/06/22 19:31:33 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/22 19:31:32 | 2790,920,192 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/22 17:03:48 | 005,209,566 | R--- | M] (Swearware) -- C:\Users\negro\Desktop\ComboFix.exe
[2014/06/22 16:04:13 | 001,333,465 | ---- | M] () -- C:\Users\negro\Desktop\adwcleaner_3.212.exe
[2014/06/14 20:21:14 | 000,120,320 | ---- | M] () -- C:\Users\negro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/04 15:57:56 | 000,001,013 | ---- | M] () -- C:\Users\negro\Desktop\BID Queue Manager.lnk
[2014/06/04 15:57:56 | 000,000,947 | ---- | M] () -- C:\Users\negro\Desktop\Bulk Image Downloader.lnk
[2014/06/03 17:21:01 | 000,002,188 | -H-- | M] () -- C:\Users\negro\Documents\Default.rdp
[2014/06/02 18:54:28 | 000,001,831 | ---- | M] () -- C:\Users\negro\Desktop\FBReader.lnk
[2014/06/02 18:46:50 | 000,001,234 | ---- | M] () -- C:\Users\negro\Desktop\Continue Free eXPert PDF Reader 3.5 3.5 Installation.lnk
[2014/05/27 19:14:09 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/23 18:31:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/06/22 17:10:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/22 17:10:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/22 17:10:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/22 17:10:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/22 17:10:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/22 16:03:59 | 001,333,465 | ---- | C] () -- C:\Users\negro\Desktop\adwcleaner_3.212.exe
[2014/06/02 18:54:28 | 000,001,831 | ---- | C] () -- C:\Users\negro\Desktop\FBReader.lnk
[2014/06/02 18:46:50 | 000,001,234 | ---- | C] () -- C:\Users\negro\Desktop\Continue Free eXPert PDF Reader 3.5 3.5 Installation.lnk
[2014/05/27 19:14:09 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2014/05/27 19:13:10 | 003,774,821 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014/03/26 22:02:55 | 000,000,132 | ---- | C] () -- C:\Users\negro\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2014/03/26 22:00:13 | 000,000,132 | ---- | C] () -- C:\Users\negro\AppData\Roaming\Filtr IIIExport Adobe CS5 – předvolby
[2014/01/02 17:40:17 | 000,000,247 | ---- | C] () -- C:\Users\negro\AppData\Roaming\FotoSketcher.ini
[2013/10/24 19:38:57 | 000,000,118 | ---- | C] () -- C:\Windows\crywmvtoavi.ini
[2013/10/24 19:37:40 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySwmvtoavi.dat
[2013/08/07 20:23:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2013/08/07 20:21:26 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2013/08/07 20:21:26 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/04/06 21:11:31 | 000,005,632 | ---- | C] () -- C:\Windows\System32\dvttrn.dll
[2013/03/13 20:10:54 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012/12/24 14:34:29 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/12/24 14:34:24 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/12/24 14:34:16 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/12/15 19:41:57 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/12/02 17:10:49 | 000,120,320 | ---- | C] () -- C:\Users\negro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/02 15:59:25 | 000,000,095 | ---- | C] () -- C:\Users\negro\.accessibility.properties
[2012/12/02 15:49:53 | 000,079,872 | ---- | C] () -- C:\Windows\PersonalizeEnabler.exe
[2012/12/02 15:49:53 | 000,076,288 | ---- | C] () -- C:\Windows\SLCHook.dll
[2012/12/02 14:51:33 | 000,036,768 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/12/02 14:51:01 | 000,036,385 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/12/02 14:47:34 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2012/07/26 10:04:10 | 000,726,246 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2012/07/26 10:04:10 | 000,296,594 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2012/07/26 10:04:10 | 000,147,800 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2012/07/26 10:04:10 | 000,038,682 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2012/07/26 08:55:27 | 000,710,046 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2012/07/26 08:55:27 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2012/07/26 08:55:27 | 000,132,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2012/07/26 08:55:27 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2012/07/26 08:53:47 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2012/07/26 08:53:46 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2012/07/26 08:03:55 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 08:00:17 | 003,969,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/26 04:09:44 | 000,092,672 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/07/26 03:20:38 | 000,071,680 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2012/07/26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2012/07/26 02:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2012/07/25 22:41:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 22:24:47 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin
[2012/07/14 04:00:46 | 000,043,882 | ---- | C] () -- C:\Windows\System32\srms.dat

========== ZeroAccess Check ==========

[2012/12/16 13:29:48 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/19 06:39:22 | 017,558,016 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/26 05:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/02 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\ACD Systems
[2014/01/16 22:00:39 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\ActiveState
[2014/03/08 18:16:00 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\AnvSoft
[2014/02/09 11:59:47 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\BID
[2014/03/08 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\Convert Audio Free
[2014/05/21 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\DAEMON Tools Lite
[2012/12/02 15:19:39 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\ESET
[2014/01/05 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\GHISLER
[2013/01/20 18:10:44 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\InfraRecorder
[2014/04/07 18:11:01 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\MAXON
[2013/12/07 13:58:05 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\Milestone
[2013/07/02 18:37:07 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\Nokia
[2012/12/02 22:56:12 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\Opera
[2013/07/02 18:37:08 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\PC Suite
[2013/03/30 19:55:10 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\uMod
[2014/06/22 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\negro\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

< >
[2012/07/26 08:04:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/12/02 21:20:02 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 21:20:03 | 000,000,956 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2012/07/26 05:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\erdnt\cache\AGP440.sys
[2012/07/26 05:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\System32\Drivers\AGP440.sys
[2012/07/26 05:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_38ff1f7a86c4c6d7\AGP440.sys
[2012/07/26 05:42:31 | 000,055,536 | ---- | M] (Microsoft Corporation) MD5=73BB2C687305C4195ED7511587B041AA -- C:\Windows\WinSxS\x86_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_b6bdf91c90179e3b\AGP440.sys

< MD5 for: ATAPI.SYS >
[2012/07/26 05:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\erdnt\cache\atapi.sys
[2012/07/26 05:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\System32\Drivers\atapi.sys
[2012/07/26 05:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_79ee6a786812523f\atapi.sys
[2012/07/26 05:42:31 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=48D8C3F2006698691F5AE0BB595FDCC8 -- C:\Windows\WinSxS\x86_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_d9e333faf2f0935d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2012/07/26 05:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\System32\autochk.exe
[2012/07/26 05:20:43 | 000,792,064 | ---- | M] (Microsoft Corporation) MD5=55653D86D712641DB6930FAB64F452FF -- C:\Windows\WinSxS\x86_microsoft-windows-autochk_31bf3856ad364e35_6.2.9200.16384_none_de9ef92a9327e7b0\autochk.exe