Important.exe Pomoc

Zpráva

Ratulo · #1 Příspěvek od **Ratulo** » 22 pro 2014 11:37

Zdravím mám taký problém avast neustále pri štarte zobrazuje hlásenie http://ctrlv.cz/Bkjb a neviem čo to znamená. Prikladam log z FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Martin (administrator) on MARTIN-PC on 22-12-2014 11:30:15
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Martin\AppData\Roaming\BitTorrent\BitTorrent.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Martin\Documents\City Car Cars\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10806816 2010-04-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-07-05] (CyberLink Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [BitTorrent] => C:\Users\Martin\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [Viber] => C:\Users\Martin\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1323776 2014-09-24] (Bogdan Sharkov)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [Spotify] => C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\Run: [GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\RunOnce: [Adobe Speed Launcher] => 1419242950
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\MountPoints2: {6b599eec-5f6f-11e4-99a8-1c6f65b14b6a} - F:\Setup.exe
HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\...\MountPoints2: {9e9e26c7-5f73-11e4-97d8-806e6f6e6963} - D:\MidnightRacing-Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z0miwbym.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3579024049-2649704320-4024500901-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.sk/
CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://www.youtube.com/", "hxxp://google.sk/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-30]
CHR Extension: (Nerieš) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkhibaldadnecdehgbklkiffofaebnn [2014-10-30]
CHR Extension: (BetterTTV) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-11-29]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-30]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-30]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-10-30]
CHR Extension: (Cat licking your screen) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljgfogmfiepjlefknbnfopdoabpldcb [2014-10-30]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-10-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-30]
CHR Extension: (Spry this!) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-10-30]
CHR Extension: (Hľadať v Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-30]
CHR Extension: (PasswordBox - Free Password Manager) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb [2014-10-30]
CHR Extension: (Avast SafePrice) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-11-04]
CHR Extension: (Tabuľky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-30]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-30]
CHR Extension: (Plug+) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf [2014-10-30]
CHR Extension: (Dotekománie.cz) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcankginpidjapmhjmjfgpicjpfhfdop [2014-10-30]
CHR Extension: (Save to Pocket) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-10-30]
CHR Extension: (Twitch Now) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-11-29]
CHR Extension: (Peňaženka Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-30]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-10-30]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-07-05] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-07-05] (CyberLink)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-10-27] (Freemake) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-29] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-29] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-29] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-07-06] (CyberLink Corp.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 11:30 - 2014-12-22 11:30 - 00024718 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-12-22 11:29 - 2014-12-22 11:30 - 00000000 ____D () C:\FRST
2014-12-22 11:28 - 2014-12-22 11:26 - 02122240 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-12-20 16:59 - 2014-12-20 16:59 - 00000219 _____ () C:\Users\Martin\Desktop\Counter-Strike Global Offensive.url
2014-12-20 16:58 - 2014-12-20 16:58 - 00121149 _____ () C:\Users\Martin\Documents\CSGO.xps
2014-12-17 16:40 - 2014-12-17 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-17 16:40 - 2014-12-17 16:40 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-16 17:23 - 2014-12-16 17:23 - 00000000 ____D () C:\Users\Martin\AppData\Local\EdgeOfReality
2014-12-15 16:38 - 2014-12-15 16:38 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\.lifecraft
2014-12-15 15:21 - 2014-12-15 15:29 - 00000000 ____D () C:\Users\Martin\Desktop\Skola PC
2014-12-15 13:48 - 2014-12-22 11:14 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-13 00:48 - 2014-12-13 00:48 - 00000000 ____D () C:\Users\Martin\AppData\Local\Extra_Miner
2014-12-13 00:30 - 2014-12-13 00:30 - 00000000 ____D () C:\Users\Martin\Documents\Nový priečinok
2014-12-12 23:53 - 2014-12-13 00:48 - 00000000 ____D () C:\Users\Martin\Documents\GameMaker
2014-12-12 23:52 - 2014-12-13 00:51 - 00000000 ____D () C:\Users\Martin\AppData\Local\gamemaker_studio
2014-12-12 23:50 - 2014-12-12 23:50 - 00000000 ____D () C:\Users\Martin\AppData\Local\YoYo_Games_Ltd
2014-12-12 23:49 - 2014-12-13 00:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\GameMaker-Studio
2014-12-12 23:48 - 2014-12-12 23:48 - 00000000 ____D () C:\Users\Martin\GameMaker-Studio 1.4
2014-12-12 23:47 - 2014-12-12 23:47 - 00000000 ____D () C:\ProgramData\gamemaker_studio
2014-12-12 23:47 - 2014-12-12 23:47 - 00000000 ____D () C:\ProgramData\FB836480DA7E08179A4FC7BA698155BC
2014-12-12 23:45 - 2014-12-12 23:45 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
2014-12-12 23:44 - 2014-12-12 23:52 - 00000000 ____D () C:\Users\Martin\AppData\Local\GameMaker-Studio
2014-12-12 23:29 - 2014-12-12 23:29 - 00067584 _____ () C:\Users\Martin\Desktop\chrome.EXE
2014-12-12 23:09 - 2014-12-12 23:09 - 00001141 _____ () C:\Users\Martin\Desktop\Continue installation .lnk
2014-12-12 23:02 - 2014-12-12 23:11 - 00006144 _____ () C:\Important.exe
2014-12-12 21:51 - 2014-12-12 21:56 - 00000000 ____D () C:\Users\Martin\Desktop\Hra
2014-12-12 19:06 - 2014-12-12 19:06 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-09 17:17 - 2014-12-09 17:18 - 00000000 ____D () C:\Users\Martin\.gradle
2014-12-09 17:17 - 2014-12-09 17:17 - 00000000 ____D () C:\Users\Martin\AndroidStudioProjects
2014-12-09 16:48 - 2014-12-09 16:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\JetBrains
2014-12-09 16:47 - 2014-12-09 16:47 - 00000000 ____D () C:\Users\Martin\.AndroidStudio
2014-12-09 16:46 - 2014-12-09 17:25 - 00000000 ____D () C:\Users\Martin\.android
2014-12-09 16:46 - 2014-12-09 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2014-12-09 16:43 - 2014-12-09 16:43 - 00000000 ____D () C:\Users\Martin\AppData\Local\Android
2014-12-09 16:42 - 2014-12-09 16:42 - 00000000 ____D () C:\Users\Martin\Desktop\Sicko
2014-12-09 16:42 - 2014-12-09 16:42 - 00000000 ____D () C:\Program Files\Android
2014-12-09 16:39 - 2014-12-09 16:39 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-09 16:39 - 2014-12-09 16:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-09 16:39 - 2014-12-09 16:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-09 16:39 - 2014-12-09 16:39 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-09 16:38 - 2014-12-09 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-09 16:37 - 2014-12-09 16:39 - 00000000 ____D () C:\Program Files\Java
2014-12-09 15:48 - 2014-12-22 11:27 - 00000000 ____D () C:\Users\Martin\Desktop\Android Studio
2014-12-07 12:05 - 2014-12-07 12:05 - 00000000 ____D () C:\Users\Martin\Documents\7 Days To Die
2014-12-07 11:43 - 2014-12-14 13:07 - 00660747 _____ () C:\Users\Martin\Desktop\Meine stadt.pptx
2014-12-07 11:18 - 2014-12-09 16:42 - 01742321 _____ () C:\Users\Martin\Desktop\My Future.pptx
2014-12-06 20:58 - 2014-12-06 20:58 - 00000000 ____D () C:\Users\Martin\AppData\Local\RammBase
2014-12-06 19:53 - 2014-12-20 20:08 - 00035102 _____ () C:\Windows\DirectX.log
2014-12-06 19:32 - 2014-12-06 19:32 - 00000000 _____ () C:\Users\Martin\Desktop\Nový textový dokument (2).txt
2014-12-06 19:04 - 2014-12-06 19:04 - 00000000 ____D () C:\Program Files\Strogino CS Portal
2014-12-06 16:54 - 2014-12-06 16:54 - 00029301 _____ () C:\Users\Martin\Documents\[CzT]The_Elder_Scrolls_V_Skyrim_CZ_.torrent
2014-12-06 13:16 - 2014-12-06 13:17 - 15164860 _____ () C:\Users\Martin\Documents\SMG 1.63 beta.zip
2014-12-06 12:56 - 2014-12-06 12:58 - 34278647 _____ () C:\Users\Martin\Documents\CLRBrowserSourcePlugin-20140909x64.7z
2014-12-06 12:51 - 2014-12-06 12:52 - 05231573 _____ () C:\Users\Martin\Documents\BobDevs_FSN_1.061_BETA.zip
2014-12-06 12:35 - 2014-12-16 17:27 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\OBS
2014-12-06 12:35 - 2014-12-06 12:35 - 00000939 _____ () C:\Users\Martin\Desktop\Open Broadcaster Software.lnk
2014-12-06 12:35 - 2014-12-06 12:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-06 12:35 - 2014-12-06 12:35 - 00000000 ____D () C:\Program Files\OBS
2014-12-06 12:35 - 2014-12-06 12:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-06 12:34 - 2014-12-06 12:35 - 07518634 _____ () C:\Users\Martin\Documents\OBS_0_638b_Installer.exe
2014-12-06 10:25 - 2014-12-06 10:25 - 00009638 _____ () C:\Users\Martin\Desktop\Mikuláš 2014 zhrnutie.xlsx
2014-12-05 22:54 - 2014-12-05 22:54 - 00142773 _____ () C:\Users\Martin\Documents\[CzT]Far_Cry_4_2014_CZ_.torrent
2014-12-05 18:48 - 2014-12-05 18:48 - 00000222 _____ () C:\Users\Martin\Desktop\Unturned.url
2014-12-05 16:13 - 2014-12-05 16:13 - 00000000 ____D () C:\TempDump
2014-12-05 16:00 - 2014-12-05 16:05 - 12686254 _____ () C:\Users\Martin\Documents\TS2015.7z
2014-12-05 15:30 - 2014-12-05 15:30 - 00002238 _____ () C:\Users\Public\Desktop\Train Simulator 2015.lnk
2014-12-05 15:30 - 2014-12-05 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RailSimulator.com
2014-12-05 15:14 - 2014-12-05 15:14 - 00000000 ____D () C:\Program Files (x86)\RailSimulator.com
2014-12-03 18:57 - 2014-12-09 15:38 - 00085504 ___SH () C:\Users\Martin\Documents\Thumbs.db
2014-12-03 18:49 - 2014-12-03 18:49 - 00002655 _____ () C:\Users\Martin\Documents\[CzT]Aktivatory_Legalizatory_Windows_XP_Vista_7 (1).torrent
2014-12-03 18:49 - 2014-12-03 18:49 - 00002654 _____ () C:\Users\Martin\Documents\[CzT]Aktivatory_Legalizatory_Windows_XP_Vista_7.torrent
2014-12-01 16:19 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\Windows\system32\CNMLMBY.DLL
2014-11-30 09:44 - 2014-11-30 09:44 - 00093337 _____ () C:\Users\Martin\Documents\[CzT]Train_Simulator_2015_2014_.torrent
2014-11-29 20:09 - 2014-12-06 13:17 - 00000000 ____D () C:\Users\Martin\Desktop\YT
2014-11-29 20:07 - 2014-11-29 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-11-29 20:07 - 2014-11-29 20:07 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-11-29 20:06 - 2014-11-29 20:07 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Martin\Documents\WinPcap_4_1_3.exe
2014-11-29 20:04 - 2014-11-29 20:04 - 00000000 _____ () C:\Users\Martin\Desktop\Nový textový dokument.txt
2014-11-29 20:01 - 2014-11-29 20:01 - 00000000 ____D () C:\Users\Martin\AppData\Local\IsolatedStorage
2014-11-29 20:00 - 2014-12-13 00:40 - 00002145 _____ () C:\Users\Martin\Desktop\WeatherBug®.lnk
2014-11-29 20:00 - 2014-11-29 20:00 - 00001919 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
2014-11-29 20:00 - 2014-11-29 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2014-11-29 20:00 - 2014-11-29 20:00 - 00000000 ____D () C:\Program Files\Earth Networks
2014-11-29 19:59 - 2014-11-29 20:00 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-29 19:59 - 2014-11-29 19:59 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-11-29 19:59 - 2014-11-29 19:59 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log
2014-11-29 19:59 - 2014-11-29 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-11-29 19:59 - 2014-11-29 19:59 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-11-29 19:59 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2014-11-29 19:54 - 2014-11-29 19:55 - 17090512 _____ (DsNET Corp ) C:\Users\Martin\Documents\aTubeCatcher.exe
2014-11-29 19:44 - 2014-11-29 19:45 - 00068984 _____ () C:\Users\Martin\Desktop\Nuclear Bomb Test Compilation HD.mp4.sfk
2014-11-29 19:44 - 2014-11-29 19:45 - 00012472 _____ () C:\Users\Martin\Desktop\Ultimate Allahu Akbar Fails Compilation (15 Minutes).mp4.sfk
2014-11-29 13:25 - 2014-11-29 13:25 - 00003572 _____ () C:\Users\Martin\Documents\[CzT]Bandicam_2_1_0_707_Final_CZ_SK_.torrent
2014-11-29 12:34 - 2014-11-29 12:34 - 05759618 _____ () C:\Users\Martin\Documents\Faithful Texture Pack 64x64 up by Terror12Woj.zip
2014-11-29 09:37 - 2014-11-29 09:37 - 00034216 _____ () C:\Users\Martin\Documents\[CzT]Borderlands_2_Ultimate_Edition_1_8_1_47_DLC.torrent
2014-11-29 09:33 - 2014-11-29 09:33 - 00001686 _____ () C:\Users\Martin\Desktop\Minecraft.lnk
2014-11-29 09:31 - 2014-11-29 09:36 - 00000184 _____ () C:\Users\Martin\Desktop\RAM.bat
2014-11-29 09:15 - 2014-11-29 09:15 - 00818111 _____ () C:\Users\Martin\Documents\OptiFine_1.7.10_HD_U_A4.jar
2014-11-29 09:06 - 2014-11-29 09:07 - 07291524 _____ () C:\Users\Martin\Documents\faithful64pack-v1.4.0.zip
2014-11-28 23:42 - 2014-11-28 23:43 - 31934945 _____ () C:\Users\Martin\Documents\DHW14-GroupA-hellraisers-vs-fnatic-mirage.zip
2014-11-28 17:13 - 2014-11-28 17:13 - 04013568 _____ () C:\Users\Martin\Desktop\Uber Cheat.EXE
2014-11-23 17:54 - 2014-11-23 17:58 - 129599998 _____ () C:\Users\Martin\Documents\Milan.mp4
2014-11-23 17:17 - 2014-11-23 17:17 - 00000000 __SHD () C:\Users\Martin\AppData\Local\EmieUserList
2014-11-23 17:17 - 2014-11-23 17:17 - 00000000 __SHD () C:\Users\Martin\AppData\Local\EmieSiteList
2014-11-23 17:17 - 2014-11-23 17:17 - 00000000 __SHD () C:\Users\Martin\AppData\Local\EmieBrowserModeList
2014-11-23 17:04 - 2014-11-23 17:04 - 07953095 _____ () C:\Users\Martin\Desktop\Nuclear Bomb Test Compilation HD.mp4
2014-11-23 16:56 - 2014-11-23 16:56 - 01213976 _____ () C:\Users\Martin\Desktop\Ultimate Allahu Akbar Fails Compilation (15 Minutes).mp4
2014-11-22 19:41 - 2014-11-22 19:41 - 00000000 ____D () C:\Users\Martin\Documents\Skype Voice Records
2014-11-22 19:41 - 2014-11-22 19:41 - 00000000 ____D () C:\Users\Martin\Documents\Clownfish Avatars
2014-11-22 19:40 - 2014-11-22 19:40 - 00790240 _____ (Shark Labs) C:\Users\Martin\Downloads\CFSetup360.exe
2014-11-22 19:40 - 2014-11-22 19:40 - 00001905 _____ () C:\Users\Martin\Desktop\Clownfish.lnk
2014-11-22 19:40 - 2014-11-22 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2014-11-22 19:40 - 2014-11-22 19:40 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-11-22 16:00 - 2014-11-22 16:00 - 00002184 _____ () C:\Users\Martin\Downloads\CSS Scout & AWP CrossHairs.rar
2014-11-22 11:31 - 2014-11-22 11:35 - 08358979 _____ () C:\Users\Martin\Downloads\Euro-Truck-Multiplayer-0.1.0.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 11:30 - 2014-10-29 15:32 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\BitTorrent
2014-12-22 11:29 - 2014-11-07 23:03 - 00000000 ____D () C:\Users\Martin\Documents\City Car Cars
2014-12-22 11:29 - 2014-11-02 10:35 - 00000163 _____ () C:\Windows\SysWOW64\arcconfig.xml
2014-12-22 11:24 - 2014-10-30 09:13 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 11:21 - 2014-10-29 14:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 11:19 - 2009-07-14 05:45 - 00017792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 11:19 - 2009-07-14 05:45 - 00017792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 11:18 - 2014-10-29 14:41 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-12-22 11:17 - 2014-10-29 15:03 - 01660377 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 11:16 - 2014-10-29 19:48 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-22 11:15 - 2014-10-29 19:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-22 11:13 - 2014-10-29 17:19 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Spotify
2014-12-22 11:12 - 2014-11-15 22:03 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\ViberPC
2014-12-22 11:12 - 2014-10-29 15:21 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Skype
2014-12-22 11:11 - 2014-10-29 20:22 - 00000000 ____D () C:\Users\Martin\AppData\Local\LogMeIn Hamachi
2014-12-22 11:11 - 2014-10-29 15:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-22 11:10 - 2014-11-15 22:01 - 00000000 ____D () C:\Users\Martin\AppData\Local\Viber
2014-12-22 11:09 - 2014-10-30 09:13 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 11:08 - 2014-11-11 17:27 - 00006635 _____ () C:\Windows\setupact.log
2014-12-22 11:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-19 15:15 - 2014-10-29 15:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 15:15 - 2014-10-29 15:21 - 00000000 ____D () C:\ProgramData\Skype
2014-12-19 12:47 - 2014-10-29 17:20 - 00000000 ____D () C:\Users\Martin\AppData\Local\Spotify
2014-12-17 19:01 - 2009-07-26 19:41 - 00660434 _____ () C:\Windows\system32\perfh005.dat
2014-12-17 19:01 - 2009-07-26 19:41 - 00141084 _____ () C:\Windows\system32\perfc005.dat
2014-12-17 19:01 - 2009-07-14 06:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-13 14:22 - 2014-10-29 16:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\.minecraft
2014-12-13 13:56 - 2014-11-14 22:10 - 00000132 _____ () C:\Users\Martin\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-13 12:28 - 2014-10-30 09:15 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 23:48 - 2014-10-29 15:04 - 00000000 ____D () C:\Users\Martin
2014-12-12 23:44 - 2014-10-29 15:36 - 00000000 ____D () C:\Users\Martin\Documents\Torrenty
2014-12-12 20:30 - 2014-10-30 10:44 - 00000000 ____D () C:\Users\Martin\Documents\Bandicam
2014-12-12 20:28 - 2014-10-29 17:36 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2014-12-12 19:06 - 2014-10-29 14:52 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Adobe
2014-12-11 17:22 - 2014-10-30 15:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\FileZilla
2014-12-11 17:21 - 2014-10-29 14:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 17:21 - 2014-10-29 14:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 17:21 - 2014-10-29 14:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 16:50 - 2014-11-09 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-06 19:55 - 2014-10-29 14:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-05 21:45 - 2014-10-30 20:59 - 00000000 ____D () C:\Users\Martin\Desktop\MLG
2014-12-05 15:58 - 2014-10-29 20:08 - 00000000 ____D () C:\Users\Martin\AppData\Local\SKIDROW
2014-12-03 18:46 - 2014-10-30 09:25 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-11-30 14:56 - 2014-11-11 20:41 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TeamViewer
2014-11-29 20:00 - 2014-11-15 09:39 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-11-29 14:32 - 2014-10-30 10:39 - 00001076 _____ () C:\Users\Martin\Desktop\Counter-Strike 1.6.lnk
2014-11-29 14:32 - 2014-10-30 10:38 - 00000000 ____D () C:\Program Files (x86)\Counter-Strike 1.6
2014-11-29 14:21 - 2014-11-16 22:23 - 00000000 ____D () C:\Counter-Strike 1.6
2014-11-29 10:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-29 07:57 - 2014-11-02 10:32 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-29 07:57 - 2014-11-01 23:06 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-11-23 18:08 - 2014-11-21 22:59 - 00143088 _____ () C:\Users\Martin\Desktop\Milan.veg
2014-11-22 13:00 - 2014-11-02 10:35 - 01048582 _____ () C:\Windows\SysWOW64\arcerror.txt
2014-11-22 12:35 - 2014-11-01 17:23 - 00000000 ____D () C:\Users\Martin\Documents\Euro Truck Simulator 2
2014-11-22 08:47 - 2014-10-29 15:47 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\COMAP.EXE
C:\Users\Martin\AppData\Local\Temp\UberStrikeHackV12__7934_il1075711.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 6079 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================
==

Addition.rar: (9.09 KiB) Staženo 41 x

#2 Příspěvek od **Rudy** » 22 pro 2014 11:44

Zdravím!
Jak je na tom váš operační systém s legalitou?

Ratulo · #3 Příspěvek od **Ratulo** » 22 pro 2014 11:48

Je stiahnutý ale plne aktivovaný všetko funguje ako má.

#4 Příspěvek od **Rudy** » 22 pro 2014 13:36

To vím, že je ativovaný, mne ale zajímá, zda je legální. Pokud jste ho jen stáhnul a nezaplatil, pak legální není.

Ratulo · #5 Příspěvek od **Ratulo** » 22 pro 2014 14:36

Je zaplateny

#6 Příspěvek od **Rudy** » 22 pro 2014 17:33

OK. Zkusíme tento postup:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Ratulo · #7 Příspěvek od **Ratulo** » 22 pro 2014 21:32

Nezmestili sa mi do prispevku tak som ich dal do raru.

Logy.rar: (45.17 KiB) Staženo 41 x

#8 Příspěvek od **Rudy** » 22 pro 2014 21:57

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3579024049-2649704320-4024500901-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkhibaldadnecdehgbklkiffofaebnn\1.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljgfogmfiepjlefknbnfopdoabpldcb\0.0.0.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam\0.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljbcjbfojhlfhgenhepllagfecdpchb\1.38.9.4120_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jflocljnfndnnnlmfaamgbkbibnfmlkf\2.0.5.25_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcankginpidjapmhjmjfgpicjpfhfdop\1.4_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.9.10_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk\1.1.120_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.7.1_0\
CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3579024049-2649704320-4024500901-1001..\RunOnce: [Adobe Speed Launcher] 1419242950 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O33 - MountPoints2\{6b599eec-5f6f-11e4-99a8-1c6f65b14b6a}\Shell - "" = AutoRun
O33 - MountPoints2\{6b599eec-5f6f-11e4-99a8-1c6f65b14b6a}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2014/09/20 19:22:08 | 010,672,893 | R--- | M] (RailSimulator.com )

:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\SysWow64\acumncxigju.exe
C:\Windows\SysWow64\dcgmncxigju.exe
C:\Windows\SysWow64\lcpmncxigju.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Ratulo · #9 Příspěvek od **Ratulo** » 23 pro 2014 12:59

Tak tu je...

Files\Folders moved on Reboot...
File\Folder F:\Setup.exe not found!
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#10 Příspěvek od **Rudy** » 23 pro 2014 14:41

To je všechno?

Ratulo · #11 Příspěvek od **Ratulo** » 23 pro 2014 17:57

Ano po restarte vyskocilo len toto.

#12 Příspěvek od **Rudy** » 23 pro 2014 17:59

Tak to je divné. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Ratulo · #13 Příspěvek od **Ratulo** » 23 pro 2014 19:03

Tu je:

ComboFix 14-12-14.01 - Martin . 12. 2014 18:34:08.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.4094.2031 [GMT 1:00]
Running from: c:\users\Martin\Desktop\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2014-11-23 to 2014-12-23 )))))))))))))))))))))))))))))))
.
.
2014-12-23 17:44 . 2014-12-23 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-23 11:59 . 2014-12-23 11:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7774A5F5-4EC7-4FB9-928A-E6003259A77C}\offreg.dll
2014-12-23 11:45 . 2014-12-23 11:45 -------- d-----w- C:\_OTL
2014-12-22 20:34 . 2014-12-22 20:34 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2014-12-22 20:34 . 2014-12-22 20:34 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-12-22 18:07 . 2014-12-22 18:07 512 ----a-w- C:\PhysicalMBR.bin
2014-12-22 11:42 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\plugins\nppdf32.dll
2014-12-22 10:29 . 2014-12-22 10:31 -------- d-----w- C:\FRST
2014-12-17 15:40 . 2014-12-17 15:40 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-12-16 16:23 . 2014-12-16 16:23 -------- d-----w- c:\users\Martin\AppData\Local\EdgeOfReality
2014-12-15 15:38 . 2014-12-15 15:38 -------- d-----w- c:\users\Martin\AppData\Roaming\.lifecraft
2014-12-12 23:48 . 2014-12-12 23:48 -------- d-----w- c:\users\Martin\AppData\Local\Extra_Miner
2014-12-12 22:52 . 2014-12-12 23:51 -------- d-----w- c:\users\Martin\AppData\Local\gamemaker_studio
2014-12-12 22:50 . 2014-12-12 22:50 -------- d-----w- c:\users\Martin\AppData\Local\YoYo_Games_Ltd
2014-12-12 22:49 . 2014-12-12 23:48 -------- d-----w- c:\users\Martin\AppData\Roaming\GameMaker-Studio
2014-12-12 22:48 . 2014-12-12 22:48 -------- d-----w- c:\users\Martin\GameMaker-Studio 1.4
2014-12-12 22:47 . 2014-12-12 22:47 -------- d-----w- c:\programdata\FB836480DA7E08179A4FC7BA698155BC
2014-12-12 22:47 . 2014-12-12 22:47 -------- d-----w- c:\programdata\gamemaker_studio
2014-12-12 22:44 . 2014-12-12 22:52 -------- d-----w- c:\users\Martin\AppData\Local\GameMaker-Studio
2014-12-12 22:02 . 2014-12-12 22:11 6144 ----a-w- C:\Important.exe
2014-12-12 18:06 . 2014-12-12 18:06 -------- d-----w- c:\users\Martin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-09 16:17 . 2014-12-09 16:18 -------- d-----w- c:\users\Martin\.gradle
2014-12-09 16:17 . 2014-12-09 16:17 -------- d-----w- c:\users\Martin\AndroidStudioProjects
2014-12-09 15:48 . 2014-12-09 15:48 -------- d-----w- c:\users\Martin\AppData\Roaming\JetBrains
2014-12-09 15:47 . 2014-12-09 15:47 -------- d-----w- c:\users\Martin\.AndroidStudio
2014-12-09 15:46 . 2014-12-09 16:25 -------- d-----w- c:\users\Martin\.android
2014-12-09 15:43 . 2014-12-09 15:43 -------- d-----w- c:\users\Martin\AppData\Local\Android
2014-12-09 15:42 . 2014-12-09 15:42 -------- d-----w- c:\program files\Android
2014-12-09 15:39 . 2014-12-09 15:39 319912 ----a-w- c:\windows\system32\javaws.exe
2014-12-09 15:39 . 2014-12-09 15:39 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-12-09 15:39 . 2014-12-09 15:39 189352 ----a-w- c:\windows\system32\javaw.exe
2014-12-09 15:39 . 2014-12-09 15:39 189352 ----a-w- c:\windows\system32\java.exe
2014-12-09 15:37 . 2014-12-09 15:39 -------- d-----w- c:\program files\Java
2014-12-06 19:58 . 2014-12-06 19:58 -------- d-----w- c:\users\Martin\AppData\Local\RammBase
2014-12-06 18:04 . 2014-12-06 18:04 -------- d-----w- c:\program files\Strogino CS Portal
2014-12-06 11:35 . 2014-12-16 16:27 -------- d-----w- c:\users\Martin\AppData\Roaming\OBS
2014-12-06 11:35 . 2014-12-06 11:35 -------- d-----w- c:\program files\OBS
2014-12-06 11:35 . 2014-12-06 11:35 -------- d-----w- c:\program files (x86)\OBS
2014-12-05 15:13 . 2014-12-05 15:13 -------- d-----w- C:\TempDump
2014-12-05 14:14 . 2014-12-05 14:14 -------- d-----w- c:\program files (x86)\RailSimulator.com
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-01 15:19 . 2013-03-24 04:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDBY.DLL
2014-12-01 15:19 . 2013-03-24 04:00 101888 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPBY.DLL
2014-12-01 15:19 . 2013-03-24 04:00 391168 ----a-w- c:\windows\system32\CNMLMBY.DLL
2014-11-29 19:07 . 2014-11-29 19:07 -------- d-----w- c:\program files (x86)\WinPcap
2014-11-29 19:01 . 2014-11-29 19:01 -------- d-----w- c:\users\Martin\AppData\Local\IsolatedStorage
2014-11-29 19:00 . 2014-11-29 19:00 -------- d-----w- c:\program files\Earth Networks
2014-11-29 18:59 . 2014-11-29 19:00 -------- dc-h--w- c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-11-29 18:59 . 2008-08-18 18:18 77824 ----a-w- c:\windows\SysWow64\fmcodec.DLL
2014-11-29 18:59 . 2014-11-29 18:59 -------- d-----w- c:\program files (x86)\DsNET Corp
2014-11-28 13:48 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7774A5F5-4EC7-4FB9-928A-E6003259A77C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 16:21 . 2014-10-29 13:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 16:21 . 2014-10-29 13:42 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-29 06:57 . 2014-11-01 22:06 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-11-29 06:57 . 2014-11-02 09:32 25640 ----a-w- c:\windows\gdrv.sys
2014-11-22 07:47 . 2014-10-29 14:47 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-11 03:08 . 2014-11-19 16:17 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 16:17 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 16:17 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 16:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-07 19:49 . 2014-11-12 18:42 388272 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-06 04:04 . 2014-11-12 18:42 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 04:03 . 2014-11-12 18:42 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 04:03 . 2014-11-12 18:42 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-06 03:47 . 2014-11-12 18:42 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:46 . 2014-11-12 18:42 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:46 . 2014-11-12 18:42 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:44 . 2014-11-12 18:42 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 03:43 . 2014-11-12 18:42 2884096 ----a-w- c:\windows\system32\iertutil.dll
2014-11-06 03:36 . 2014-11-12 18:42 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-06 03:35 . 2014-11-12 18:42 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-06 03:31 . 2014-11-12 18:42 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-06 03:30 . 2014-11-12 18:42 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 03:30 . 2014-11-12 18:42 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 03:29 . 2014-11-12 18:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 03:28 . 2014-11-12 18:42 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23 . 2014-11-12 18:42 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 03:20 . 2014-11-12 18:42 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 03:16 . 2014-11-12 18:42 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-06 03:13 . 2014-11-12 18:42 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-06 03:13 . 2014-11-12 18:42 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-06 03:12 . 2014-11-12 18:42 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10 . 2014-11-12 18:42 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07 . 2014-11-12 18:42 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 03:02 . 2014-11-12 18:42 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-06 03:00 . 2014-11-12 18:42 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-06 02:59 . 2014-11-12 18:42 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58 . 2014-11-12 18:42 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:57 . 2014-11-12 18:42 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-06 02:42 . 2014-11-12 18:42 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:41 . 2014-11-12 18:42 716800 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-06 02:41 . 2014-11-12 18:42 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-06 02:39 . 2014-11-12 18:42 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 02:38 . 2014-11-12 18:42 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:30 . 2014-11-12 18:42 14390272 ----a-w- c:\windows\system32\ieframe.dll
2014-11-06 02:21 . 2014-11-12 18:42 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-06 02:21 . 2014-11-12 18:42 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20 . 2014-11-12 18:42 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17 . 2014-11-12 18:42 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-06 02:04 . 2014-11-12 18:42 1550336 ----a-w- c:\windows\system32\urlmon.dll
2014-11-06 01:53 . 2014-11-12 18:42 799232 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-06 01:52 . 2014-11-12 18:42 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-05 17:56 . 2014-11-12 18:42 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:56 . 2014-11-12 18:42 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:52 . 2014-11-12 18:42 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-04 18:10 . 2014-11-04 18:10 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-04 18:10 . 2014-11-04 18:10 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-04 18:10 . 2014-11-04 18:10 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-04 18:10 . 2014-11-04 18:10 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-04 18:10 . 2014-11-04 18:10 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-04 18:10 . 2014-11-04 18:10 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-04 18:10 . 2014-11-04 18:10 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-04 18:10 . 2014-11-04 18:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-04 18:10 . 2014-11-04 18:10 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-04 18:10 . 2014-11-04 18:10 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-04 18:10 . 2014-11-04 18:10 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-04 18:10 . 2014-11-04 18:10 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-04 18:10 . 2014-11-04 18:10 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-04 18:10 . 2014-11-04 18:10 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-04 18:10 . 2014-11-04 18:10 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-04 18:10 . 2014-11-04 18:10 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-04 18:10 . 2014-11-04 18:10 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-04 18:10 . 2014-11-04 18:10 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-04 18:10 . 2014-11-04 18:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-04 18:10 . 2014-11-04 18:10 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-04 18:10 . 2014-11-04 18:10 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-04 18:10 . 2014-11-04 18:10 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-04 18:10 . 2014-11-04 18:10 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-04 18:10 . 2014-11-04 18:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-04 18:10 . 2014-11-04 18:10 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-04 18:10 . 2014-11-04 18:10 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-04 18:10 . 2014-11-04 18:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-04 18:10 . 2014-11-04 18:10 413696 ----a-w- c:\windows\system32\html.iec
2014-11-04 18:10 . 2014-11-04 18:10 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-04 18:10 . 2014-11-04 18:10 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-04 18:10 . 2014-11-04 18:10 235520 ----a-w- c:\windows\system32\url.dll
2014-11-04 18:10 . 2014-11-04 18:10 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-04 18:10 . 2014-11-04 18:10 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-04 18:10 . 2014-11-04 18:10 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-04 18:10 . 2014-11-04 18:10 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-04 18:10 . 2014-11-04 18:10 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-04 18:10 . 2014-11-04 18:10 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-04 18:10 . 2014-11-04 18:10 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-04 18:10 . 2014-11-04 18:10 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-04 18:10 . 2014-11-04 18:10 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-04 18:10 . 2014-11-04 18:10 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-04 18:08 . 2014-11-04 18:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-04 18:08 . 2014-11-04 18:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-04 18:08 . 2014-11-04 18:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-04 18:08 . 2014-11-04 18:08 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-04 18:08 . 2014-11-04 18:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 22:31 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 22:31 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 22:31 1729752 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"BitTorrent"="c:\users\Martin\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-11-27 1388888]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-13 1676344]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"Viber"="c:\users\Martin\AppData\Local\Viber\Viber.exe" [2014-10-20 936656]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
"WeatherBug"="c:\program files\Earth Networks\WeatherBug\WeatherBug.exe" [2014-09-23 146736]
"Spotify"="c:\users\Martin\AppData\Roaming\Spotify\spotify.exe" [2014-12-13 6737976]
"GoogleChromeAutoLaunch_B3FBEF5462B7ECF3CF8933E4FE9764B6"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-31 5223016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"PowerDVD13Agent"="c:\program files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe" [2013-07-05 517144]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-08 843480]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2014/11/15 00:07];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 11:28 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 22:27 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 22:27 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 22:27 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-29 14:46 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z0miwbym.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Counter-Strike 1.6 v36 protokol 48 - c:\program files (x86)\Counter-Strike 1.6\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-12-23 18:48:39
ComboFix-quarantined-files.txt 2014-12-23 17:48
.
Pre-Run: 750 004 531 200 bytes free
Post-Run: 749 676 486 656 bytes free
.
- - End Of File - - 53FDBB4249C69DF4F2ADDFF69D1FBD1A
A36C5E4F47E84449FF07ED3517B43A31

#14 Příspěvek od **Rudy** » 23 pro 2014 19:31

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přtáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Important.exe Pomoc

Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc

Re: Important.exe Pomoc