Zdravím všechny profíky kamarád bohužel taky kliknul na video s virem takže to přivezl s tím že má problém. Prosím vás o pomoc v tomhle se přiznám jsem amatér a radši to nechám na někom kdo tomu opravdu rozumí děkuju za pomoc zde je log z frst
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\IMPI\ExtensionUpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(CANON INC.) C:\Windows\System32\CNAB5RPD.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
() C:\Program Files (x86)\GIGABYTE\U8300 Utilities\CONRCtl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92152 2013-01-22] ()
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-3932765789-422308870-2512146874-1000\...\MountPoints2: {27c94f8f-9aec-11e2-8b30-b888e3d56e14} - F:\AutoRunLauncher.exe
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3300 Status Window.lnk
ShortcutTarget: Canon LBP3300 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB5LAD.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nástroj schránky Logitech Media Server.lnk
ShortcutTarget: Nástroj schránky Logitech Media Server.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\GIGABYTE\U8300 Utilities\CONRCtl.exe ()
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Práce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
ShortcutTarget: Kooperativa - PDF Server.lnk -> C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe (Pražská softwarová s.r.o.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP74DHP&pc=UP74&dt=042613
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1215 ... 9B204973ED
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0150F8D6-2EC1-4A73-822D-73CF282D80AF} URL = http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {082D9F40-0344-4A9F-B7A1-3B1F558947EB} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - {625611C1-69A8-48B8-ABD9-1A93F73BCE92} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {7659BCCF-F5DD-4A32-8BA5-952708875087} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {8FFB2DC9-5536-403A-AA03-E88BD305707D} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - {D881E302-BE76-4927-B1C0-48573B83E006} URL = http://blekko.com/ws/?source=5f97ddbe&t ... rms}&r=258
SearchScopes: HKCU - {DC1AC6CA-CB77-45A4-907B-AD07463A48B0} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {E6CCBF06-0E3F-4350-9165-73A7534CB0A6} URL = http://www.firmy.cz/phr/{searchTerms}?s ... arch_12454
SearchScopes: HKCU - {E8B96FA4-3186-4BA0-BB41-CF917A227028} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.2 10.0.2.2
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default
FF NewTab: hxxp://www.delta-search.com/?affID=121561&tt=1 ... 9B204973ED
FF SelectedSearchEngine: Delta Search
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-06-25]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-05]
FF HKLM\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF Extension: IMPI - C:\Program Files\IMPI\Firefox [2013-03-08]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF Extension: VDownloader - C:\Program Files\VDownloader\Addons\FireFox [2013-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF Extension: IMPI - C:\Program Files\IMPI\Firefox [2013-03-08]
==================== Services (Whitelisted) =================
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [185856 2013-02-05] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-03-16] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
S2 CXIR; C:\Windows\System32\drivers\cxcir64.sys [44032 2011-05-03] (Conexant Systems, Inc.)
S3 CXPOLARIS; C:\Windows\System32\drivers\cxpolar64.sys [447872 2011-05-03] (Conexant Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-01] (DT Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2000-01-01] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-01] ()
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 18:44 - 2014-07-08 18:45 - 00021294 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-07-08 18:42 - 2014-07-08 18:44 - 00000000 ____D () C:\FRST
2014-07-08 18:42 - 2014-07-08 18:42 - 02084352 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-07-05 14:43 - 2014-07-05 15:06 - 00000000 ____D () C:\Users\Martin\Desktop\DCIM
2014-07-05 00:27 - 2014-07-05 00:27 - 00918672 _____ (Google Inc.) C:\Users\Martin\Downloads\ChromeSetup.exe
2014-07-03 20:41 - 2014-07-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-02 19:47 - 2014-07-03 03:00 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-07-02 18:40 - 2014-07-02 18:40 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-01 23:01 - 2014-07-01 23:01 - 04335109 _____ () C:\Users\Martin\Downloads\prilohy_4890.zip
2014-07-01 23:01 - 2014-07-01 23:01 - 04110538 _____ () C:\Users\Martin\Downloads\prilohy_4888.zip
2014-06-25 21:53 - 2014-06-25 22:26 - 592521876 _____ () C:\Users\Martin\Downloads\Hunting-Unlimited-2011-PC.rar
2014-06-25 07:11 - 2014-06-25 07:11 - 00000000 ____D () C:\ProgramData\Trymedia
2014-06-25 07:10 - 2014-06-25 20:58 - 00000000 ____D () C:\Users\Martin\Documents\Hunting Unlimited 2008
2014-06-25 07:10 - 2014-06-25 07:10 - 00001147 _____ () C:\Users\Práce\Desktop\Hunting Unlimited 2008.lnk
2014-06-25 07:10 - 2014-06-25 07:10 - 00001147 _____ () C:\Users\Martin\Desktop\Hunting Unlimited 2008.lnk
2014-06-25 07:10 - 2014-06-25 07:10 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 2008
2014-06-25 07:10 - 2014-06-25 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 2008
2014-06-25 07:09 - 2014-06-25 07:10 - 00000000 ____D () C:\Program Files (x86)\Hunting Unlimited 2008
2014-06-25 07:09 - 2014-06-25 07:09 - 00000000 ____D () C:\Users\Martin\Downloads\Nová složka
2014-06-12 18:34 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 18:34 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 18:34 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 18:34 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 18:34 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 18:34 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 18:33 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 18:33 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 18:33 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 18:33 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 18:33 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 18:33 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 18:33 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 18:33 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 18:33 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 18:33 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 18:33 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 18:33 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 18:33 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 18:33 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 18:33 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 18:33 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 18:33 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 18:33 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 18:33 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 18:33 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 18:33 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 18:33 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 18:33 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 18:33 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 18:33 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 18:33 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 18:33 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 18:33 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 18:33 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 18:33 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 18:33 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 18:33 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 18:33 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 18:33 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 18:33 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 18:33 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 18:33 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 18:33 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 18:33 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 18:33 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 18:33 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 18:33 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 18:33 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 18:33 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 18:33 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 18:33 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 18:33 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 18:33 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 18:33 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 18:33 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 18:33 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 18:33 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 18:33 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 18:33 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 18:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 18:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 18:33 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 18:33 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 18:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 18:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 18:32 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 18:32 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== One Month Modified Files and Folders =======
2014-07-08 18:45 - 2014-07-08 18:44 - 00021294 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-07-08 18:45 - 2013-11-06 18:39 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 18:44 - 2014-07-08 18:42 - 00000000 ____D () C:\FRST
2014-07-08 18:42 - 2014-07-08 18:42 - 02084352 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-07-08 18:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-08 18:11 - 2013-02-13 18:33 - 02065360 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 18:00 - 2009-07-14 06:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 18:00 - 2009-07-14 06:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 06:17 - 2013-02-19 18:28 - 00000000 ____D () C:\Program Files\VDownloader
2014-07-08 06:15 - 2013-02-13 22:16 - 00000000 ____D () C:\ProgramData\Skype
2014-07-05 15:06 - 2014-07-05 14:43 - 00000000 ____D () C:\Users\Martin\Desktop\DCIM
2014-07-05 14:46 - 2011-04-12 10:34 - 00672408 _____ () C:\Windows\system32\perfh005.dat
2014-07-05 14:46 - 2011-04-12 10:34 - 00142972 _____ () C:\Windows\system32\perfc005.dat
2014-07-05 14:46 - 2009-07-14 07:13 - 01593302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-05 00:29 - 2014-02-12 19:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-05 00:27 - 2014-07-05 00:27 - 00918672 _____ (Google Inc.) C:\Users\Martin\Downloads\ChromeSetup.exe
2014-07-05 00:23 - 2013-02-13 21:09 - 00000000 ____D () C:\Users\Martin\AppData\Local\Google
2014-07-04 23:15 - 2013-02-14 07:47 - 00000000 ____D () C:\Users\Martin\Desktop\HUDBA
2014-07-04 06:20 - 2014-05-13 20:32 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-07-04 06:16 - 2013-04-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-03 21:46 - 2013-02-13 21:18 - 00000000 ____D () C:\Users\Martin\Desktop\FILMY
2014-07-03 20:41 - 2014-07-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-03 03:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-03 03:00 - 2014-07-02 19:47 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-07-02 18:45 - 2013-11-06 18:39 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-02 18:45 - 2013-02-13 21:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-02 18:45 - 2013-02-13 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-02 18:40 - 2014-07-02 18:40 - 00000000 ___HD () C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
2014-07-01 23:01 - 2014-07-01 23:01 - 04335109 _____ () C:\Users\Martin\Downloads\prilohy_4890.zip
2014-07-01 23:01 - 2014-07-01 23:01 - 04110538 _____ () C:\Users\Martin\Downloads\prilohy_4888.zip
2014-07-01 22:51 - 2013-02-13 21:09 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Seznam.cz
2014-07-01 06:21 - 2014-05-13 20:32 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-07-01 06:20 - 2014-05-13 20:32 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-01 06:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 22:00 - 2013-08-20 21:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-26 06:21 - 2013-02-19 18:30 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\VDownloader
2014-06-25 22:26 - 2014-06-25 21:53 - 592521876 _____ () C:\Users\Martin\Downloads\Hunting-Unlimited-2011-PC.rar
2014-06-25 20:58 - 2014-06-25 07:10 - 00000000 ____D () C:\Users\Martin\Documents\Hunting Unlimited 2008
2014-06-25 07:11 - 2014-06-25 07:11 - 00000000 ____D () C:\ProgramData\Trymedia
2014-06-25 07:10 - 2014-06-25 07:10 - 00001147 _____ () C:\Users\Práce\Desktop\Hunting Unlimited 2008.lnk
2014-06-25 07:10 - 2014-06-25 07:10 - 00001147 _____ () C:\Users\Martin\Desktop\Hunting Unlimited 2008.lnk
2014-06-25 07:10 - 2014-06-25 07:10 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 2008
2014-06-25 07:10 - 2014-06-25 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hunting Unlimited 2008
2014-06-25 07:10 - 2014-06-25 07:09 - 00000000 ____D () C:\Program Files (x86)\Hunting Unlimited 2008
2014-06-25 07:09 - 2014-06-25 07:09 - 00000000 ____D () C:\Users\Martin\Downloads\Nová složka
2014-06-16 07:24 - 2013-08-04 23:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 07:21 - 2013-02-16 18:43 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-16 07:19 - 2013-02-13 19:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 07:17 - 2014-05-07 06:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-12 18:32 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 18:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-03 03:32
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomoc s Fcb virem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
pomoc s Fcb virem
- Přílohy
-
- Addition.rar
- (11.45 KiB) Staženo 41 x
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomoc s Fcb virem
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Malá technická: Logy se kopírují vč. hlavičky. Nevím, kde máte FRST uložen. Pokud není na ploše, musíte umístit fixlist do stejného adresáře, kde je FRST.
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
C:\Program Files (x86)\SweetIM
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1215 ... 9B204973ED
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - {D881E302-BE76-4927-B1C0-48573B83E006} URL = http://blekko.com/ws/?source=5f97ddbe&t ... 3d56e14&q={searchTerms}&r=258
SearchScopes: HKCU - {DC1AC6CA-CB77-45A4-907B-AD07463A48B0} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
C:\Program Files\IMPI
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default
FF NewTab: hxxp://www.delta-search.com/?affID=1215 ... 9B204973ED
FF SelectedSearchEngine: Delta Search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
C:\Users\Martin\AppData\Local\Temp
AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
End
Malá technická: Logy se kopírují vč. hlavičky. Nevím, kde máte FRST uložen. Pokud není na ploše, musíte umístit fixlist do stejného adresáře, kde je FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomoc s Fcb virem
omlouvám se za neúplný log. FRST je na ploše po přečtení návodu když jsem zakládal téma jinak fixlog zde
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Martin at 2014-07-08 19:36:51 Run:1
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
C:\Program Files (x86)\SweetIM
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1215 ... 9B204973ED
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - {D881E302-BE76-4927-B1C0-48573B83E006} URL = http://blekko.com/ws/?source=5f97ddbe&t ... 3d56e14&q={searchTerms}&r=258
SearchScopes: HKCU - {DC1AC6CA-CB77-45A4-907B-AD07463A48B0} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
C:\Program Files\IMPI
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default
FF NewTab: hxxp://www.delta-search.com/?affID=1215 ... 9B204973ED
FF SelectedSearchEngine: Delta Search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
C:\Users\Martin\AppData\Local\Temp
AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM => value deleted successfully.
C:\Program Files (x86)\SweetIM => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}' => Key deleted successfully.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D881E302-BE76-4927-B1C0-48573B83E006}' => Key deleted successfully.
'HKCR\CLSID\{D881E302-BE76-4927-B1C0-48573B83E006}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC1AC6CA-CB77-45A4-907B-AD07463A48B0}' => Key deleted successfully.
'HKCR\CLSID\{DC1AC6CA-CB77-45A4-907B-AD07463A48B0}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}' => Key deleted successfully.
'HKCR\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF}' => Key deleted successfully.
C:\Program Files\IMPI => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}' => Key deleted successfully.
C:\Program Files\IMPI => Should not be moved.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp => Moved successfully.
"C:\Users\Martin\AppData\Local\Temp" directory move:
Could not move "C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\perl514.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\f233f63b6654362865c7577442edb9e3\Win32.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\eb138ef0e4282611dbf485a302784646\LibYAML.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\e56c61f7248672819579325af3387035\POSIX.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\c5cce8d16a1bd48692b421dcf46d3396\Util.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\bd5179a413bc0c4b82eedc22c6cab101\re.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\93e7e3d6030f426844228042348210cf\Service.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\4461f48e31bde5c56b31b973b773de09\List.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\perl514.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\f233f63b6654362865c7577442edb9e3\Win32.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\eb138ef0e4282611dbf485a302784646\LibYAML.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e56c61f7248672819579325af3387035\POSIX.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d0bf009923f29116535c26d228271d6d\Scan.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c668a322917d32a5ea22894518aa9897\Base64.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c5cce8d16a1bd48692b421dcf46d3396\Util.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c344fd5536724b2af2e6453833b60203\SHA1.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c199d3c1960e7aeeecb599487952bed2\HiRes.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\bd5179a413bc0c4b82eedc22c6cab101\re.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\bc147d83c7c868eeee67082dcf55430c\File.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\b979ace6da01e63d651cce9ee2474fdc\Name.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\b6bd87c968599725b8ab2e5c25d3046a\API.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\aff7ee779ea184f884ed432c30a58f5d\Scale.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7f2598c08178217a0e2c754f3d568f28\Byte.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7f177c338672436e01c4f0bdbcf94491\EV.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\44727051c604ef6b79894b64d4c63832\Expat.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\4461f48e31bde5c56b31b973b773de09\List.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3b7106dd14676048b10bbb09a990f74c\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\19febd96672ffdb7ea244cef36aaa062\Zlib.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\17d0b152e63e6bfe81b4b19588538896\mro.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\0665c25e931c1ac0151b062449e91028\XSAccessor.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\outlook logging\firstrun.log => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\KiesLiveupdateTemp\PluginHost.xml => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\bsTempPath\ACD1CC9.tmp => Moved successfully.
Could not move "C:\Users\Martin\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\System32 => ":{DA6227CB-326B-4B4D-9A81-04B61F1538DD}" ADS removed successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-08 19:39:21)<=
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Martin\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Martin at 2014-07-08 19:36:51 Run:1
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
C:\Program Files (x86)\SweetIM
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1215 ... 9B204973ED
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchT ... 9B204973ED
SearchScopes: HKCU - {D881E302-BE76-4927-B1C0-48573B83E006} URL = http://blekko.com/ws/?source=5f97ddbe&t ... 3d56e14&q={searchTerms}&r=258
SearchScopes: HKCU - {DC1AC6CA-CB77-45A4-907B-AD07463A48B0} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
C:\Program Files\IMPI
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fxao0nyf.default
FF NewTab: hxxp://www.delta-search.com/?affID=1215 ... 9B204973ED
FF SelectedSearchEngine: Delta Search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
C:\Users\Martin\AppData\Local\Temp
AlternateDataStreams: C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM => value deleted successfully.
C:\Program Files (x86)\SweetIM => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}' => Key deleted successfully.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D881E302-BE76-4927-B1C0-48573B83E006}' => Key deleted successfully.
'HKCR\CLSID\{D881E302-BE76-4927-B1C0-48573B83E006}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC1AC6CA-CB77-45A4-907B-AD07463A48B0}' => Key deleted successfully.
'HKCR\CLSID\{DC1AC6CA-CB77-45A4-907B-AD07463A48B0}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}' => Key deleted successfully.
'HKCR\CLSID\{17E113E6-CD0E-4045-B154-65F0E57959EF}' => Key deleted successfully.
C:\Program Files\IMPI => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}' => Key deleted successfully.
C:\Program Files\IMPI => Should not be moved.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp => Moved successfully.
"C:\Users\Martin\AppData\Local\Temp" directory move:
Could not move "C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\perl514.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\f233f63b6654362865c7577442edb9e3\Win32.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\eb138ef0e4282611dbf485a302784646\LibYAML.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\e56c61f7248672819579325af3387035\POSIX.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\c5cce8d16a1bd48692b421dcf46d3396\Util.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\bd5179a413bc0c4b82eedc22c6cab101\re.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\93e7e3d6030f426844228042348210cf\Service.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\4461f48e31bde5c56b31b973b773de09\List.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-3424\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\perl514.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\f233f63b6654362865c7577442edb9e3\Win32.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\eb138ef0e4282611dbf485a302784646\LibYAML.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e56c61f7248672819579325af3387035\POSIX.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\d0bf009923f29116535c26d228271d6d\Scan.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c668a322917d32a5ea22894518aa9897\Base64.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c5cce8d16a1bd48692b421dcf46d3396\Util.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c344fd5536724b2af2e6453833b60203\SHA1.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\c199d3c1960e7aeeecb599487952bed2\HiRes.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\bd5179a413bc0c4b82eedc22c6cab101\re.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\bc147d83c7c868eeee67082dcf55430c\File.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\b979ace6da01e63d651cce9ee2474fdc\Name.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\b6bd87c968599725b8ab2e5c25d3046a\API.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\aff7ee779ea184f884ed432c30a58f5d\Scale.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7f2598c08178217a0e2c754f3d568f28\Byte.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7f177c338672436e01c4f0bdbcf94491\EV.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\44727051c604ef6b79894b64d4c63832\Expat.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\4461f48e31bde5c56b31b973b773de09\List.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3b7106dd14676048b10bbb09a990f74c\XS.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\19febd96672ffdb7ea244cef36aaa062\Zlib.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\17d0b152e63e6bfe81b4b19588538896\mro.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\pdk-Martin-1296\0665c25e931c1ac0151b062449e91028\XSAccessor.dll => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\outlook logging\firstrun.log => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\KiesLiveupdateTemp\PluginHost.xml => Moved successfully.
C:\Users\Martin\AppData\Local\Temp\bsTempPath\ACD1CC9.tmp => Moved successfully.
Could not move "C:\Users\Martin\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\System32 => ":{DA6227CB-326B-4B4D-9A81-04B61F1538DD}" ADS removed successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-08 19:39:21)<=
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Martin\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomoc s Fcb virem
Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomoc s Fcb virem
Ano děkuji 
-
Rudy
- Site Admin
- Příspěvky: 119543
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomoc s Fcb virem
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?