prosím o kontrolu, moc děkuji

Zpráva

ultrakb · #1 Příspěvek od **ultrakb** » 15 led 2015 18:06

Zdravím, prosil bych o kontrolu logu. Velmi děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by a at 2015-01-15 17:55:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 42 GB (18%) free of 238 GB
Total RAM: 3959 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:55:27, on 15.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\a.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12902
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: PrivDogExtension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PrivDog - {2F5C139F-79BD-4C84-A95A-E7140525BC55} - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E577B17-7104-4B25-B1D0-51CE33A704AE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E19BF5-03D7-470F-9484-C1B195FEEEC5}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B311316-5D35-4948-8C9C-CE22E2D6DED0}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DD4CE98-AB81-48E6-98AA-35A7115A02AA}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEDA6959-562B-4353-BA94-5A72F804FB09}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E577B17-7104-4B25-B1D0-51CE33A704AE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E577B17-7104-4B25-B1D0-51CE33A704AE}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\Windows\SysWOW64\ssins.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10036 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 58332928
\??\C:\Windows\system32\conhost.exe "1490427973-1035306999-517055023-1929773945-1657615856759498445-1239146587-1487609382
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
taskeng.exe {912E27DE-8AE4-4177-81E5-92E16AD043EB}
"C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
"C:\Program Files\Mouse\Amoumain.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\valWBFPolicyService.exe
"C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe"
"C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
"C:\Program Files (x86)\Comodo\GeekBuddy\unit" "\"C:/Program Files (x86)/Comodo/GeekBuddy/lps-cspm\""
C:\Windows\SysWOW64\svchost.exe -k MbnExt
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "18891941571750202805-1803380462-1734515111-2049796119608392602-251279171-875967806
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c1c2dff1-ba46-4f73-8770-6e881c22f9fd -SystemEventPortName:HostProcess-77219aa9-a2da-4f88-93c9-2e4752fe6ff2 -IoCancelEventPortName:HostProcess-6ea033c4-7cc7-49f0-adf5-e07ee85fd895 -NonStateChangingEventPortName:HostProcess-74632392-2604-4843-8ccf-cbab5a43bed4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:383c38f9-4b8b-4c74-b6f7-a4dbdb259e73 -DeviceGroupId:
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"

taskeng.exe {9C8350CE-16A7-4260-A75B-EB41D1E2610E}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 840 844 852 65536 848
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\a\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1812h5sm.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.257 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
PrivDog Extension - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll [2013-11-15 842408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-27 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-27 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
PrivDog Extension - C:\Program Files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll [2013-11-15 744616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09 1297112]
"WheelMouse"=C:\Program Files\Mouse\Amoumain.exe [2000-01-01 196608]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-11 2774256]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-12-12 36352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7063832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\a\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\a\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager]
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2012-07-14 1841264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2012-10-23 1393016]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"=C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-09-24 2327248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Start GeekBuddy.lnk - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-14 16:47:20 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 16:47:19 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 16:47:19 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 16:47:19 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 16:47:18 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 16:47:17 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:47:10 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 16:47:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:47:09 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-14 16:47:09 ----A---- C:\Windows\system32\srcore.dll
2015-01-14 16:47:08 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-14 16:47:08 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 16:47:08 ----A---- C:\Windows\system32\rstrui.exe
2015-01-13 21:09:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2015-01-13 19:15:50 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-01 09:29:20 ----D---- C:\Windows\pss
2015-01-01 09:15:34 ----A---- C:\Windows\system32\drivers\stflt.sys
2015-01-01 09:14:37 ----D---- C:\Program Files (x86)\Spyware Terminator
2014-12-29 10:21:04 ----D---- C:\Users\a\AppData\Roaming\Samsung
2014-12-29 10:16:49 ----D---- C:\Program Files (x86)\MyFree Codec
2014-12-29 10:12:29 ----A---- C:\Windows\SYSWOW64\secman.dll
2014-12-29 10:12:23 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2014-12-29 10:09:30 ----D---- C:\ProgramData\Samsung
2014-12-29 10:09:30 ----D---- C:\Program Files (x86)\Samsung
2014-12-22 19:10:13 ----D---- C:\Program Files\NETGATE
2014-12-18 16:16:04 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-18 16:16:04 ----A---- C:\Windows\system32\ieUnatt.exe

======List of files/folders modified in the last 1 month======

2015-01-15 17:55:26 ----D---- C:\Program Files\trend micro
2015-01-15 17:55:25 ----D---- C:\Windows\Temp
2015-01-15 17:52:41 ----D---- C:\Windows\inf
2015-01-15 17:52:38 ----D---- C:\Windows\debug
2015-01-15 17:52:38 ----D---- C:\Windows
2015-01-15 16:23:42 ----D---- C:\Windows\system32\config
2015-01-15 15:59:38 ----D---- C:\ProgramData\NVIDIA
2015-01-15 04:17:18 ----D---- C:\Windows\winsxs
2015-01-15 04:15:40 ----D---- C:\Windows\System32
2015-01-15 04:15:39 ----D---- C:\Windows\SysWOW64
2015-01-15 04:15:39 ----AD---- C:\Windows\system32\drivers
2015-01-14 21:32:48 ----D---- C:\Windows\system32\MRT
2015-01-14 21:25:25 ----A---- C:\Windows\system32\MRT.exe
2015-01-14 21:25:10 ----SHD---- C:\System Volume Information
2015-01-14 16:46:59 ----D---- C:\Windows\system32\catroot
2015-01-14 16:46:50 ----D---- C:\Windows\system32\catroot2
2015-01-14 16:34:47 ----RD---- C:\Program Files (x86)
2015-01-14 16:34:47 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 06:09:33 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-07 15:25:52 ----N---- C:\Windows\system32\MpSigStub.exe
2015-01-05 19:37:24 ----D---- C:\Windows\system32\NDF
2015-01-03 20:59:43 ----D---- C:\Users\a\AppData\Roaming\vlc
2015-01-01 12:03:13 ----D---- C:\Windows\system32\wdi
2015-01-01 09:30:11 ----D---- C:\Windows\system32\Tasks
2015-01-01 09:30:06 ----D---- C:\Windows\Tasks
2015-01-01 09:27:49 ----RD---- C:\Program Files
2015-01-01 09:27:46 ----HD---- C:\ProgramData
2015-01-01 07:38:45 ----D---- C:\Users\a\AppData\Roaming\Seznam.cz
2015-01-01 06:54:37 ----D---- C:\Windows\system32\DriverStore
2015-01-01 06:53:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-01-01 06:53:11 ----SHD---- C:\Windows\Installer
2015-01-01 06:44:28 ----D---- C:\Windows\Microsoft.NET
2014-12-31 20:52:58 ----D---- C:\Windows\SoftwareDistribution
2014-12-29 12:44:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-29 10:10:00 ----A---- C:\Windows\SYSWOW64\muzapp.exe
2014-12-29 10:09:59 ----A---- C:\Windows\SYSWOW64\MASetupCleaner.exe
2014-12-27 13:29:16 ----D---- C:\ProgramData\Oracle
2014-12-27 13:29:05 ----D---- C:\Program Files (x86)\Java
2014-12-27 13:28:20 ----D---- C:\Program Files (x86)\Common Files
2014-12-27 13:27:33 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-12-27 13:27:17 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-12-27 13:27:17 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-12-27 13:27:17 ----A---- C:\Windows\SYSWOW64\java.exe
2014-12-22 19:12:14 ----SD---- C:\Users\a\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-12-12 644968]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-12-12 28008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 Amfilter;Compatible Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2000-01-01 12288]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2014-12-09 20184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2014-12-09 792648]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2014-12-09 45880]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2014-12-09 104608]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2000-01-01 17920]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2000-01-01 6534248]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 90112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-12-12 941272]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-08-11 34544]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-08-11 524016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S1 CFRMD;CFRMD; C:\Windows\system32\DRIVERS\CFRMD.sys []
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2013-10-28 507392]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 598328]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 184144]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2000-01-01 210984]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 21544]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 104448]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 238080]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2013-06-15 82816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2014-12-12 16152]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-26 81088]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-10-23 1005944]
R2 CLPSLauncher;COMODO LPS Launcher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-09-25 70864]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-12-09 7618952]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-11-27 2370240]
R2 GeekBuddyRSP;GeekBuddyRSP Server; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-09-24 2327248]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-12-12 15720]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 935368]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-17 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2013-05-17 107832]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 411936]
R2 valWBFPolicyService;Validity WBF Policy Service; C:\Windows\system32\valWBFPolicyService.exe [2013-10-11 35328]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 116648]
S2 ssinstall;SInstalátor; C:\Windows\SysWOW64\ssins.exe [2014-07-08 2324216]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14 267440]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-12-09 2265304]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-14 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-20 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 16 led 2015 10:35

Zdravim

Pokud nepouzivate, odinstalujte Seznam Software.

Je s pc nejaky konkretni problem, nebo jde ciste jen o prevenci?

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

ultrakb · #3 Příspěvek od **ultrakb** » 16 led 2015 11:33

Dobrý den

Seznam software nejde odinstalovat přes ccleaner, vždy se ntb kousne a musí se natvrdo vypnout.

Minulý týden mi vyskočila ve firefoxu stránka, kde bylo napsáno Interpol a nějaká výzva k zaplacení. Ntb jsem restartoval a vyčistil a ani antivir nic nenašel, tak se chci ujistit, že je vše v pořádku a že můžu nadále ntb používat.

Zde je log z adw

# AdwCleaner v4.107 - Report created 16/01/2015 at 11:18:19
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : a - A-PC
# Running from : C:\Users\a\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AdTrustMedia
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\Program Files (x86)\AdTrustMedia
Folder Deleted : C:\Program Files\AdTrustMedia
File Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Myfree Codec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v35.0 (x86 cs)

[1812h5sm.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack\":{\"d\":\"C:\\\\Users\\\\a\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1812h5sm.default\\[...]

-\\ Google Chrome v39.0.2171.99

-\\ Comodo Dragon v36.1.1.21

*************************

AdwCleaner[R1].txt - [3397 octets] - [16/01/2015 11:13:47]
AdwCleaner[S1].txt - [3271 octets] - [16/01/2015 11:18:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3331 octets] ##########

#4 Příspěvek od **Márty84** » 16 led 2015 12:17

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

ultrakb · #5 Příspěvek od **ultrakb** » 16 led 2015 13:20

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.1.2015
Scan Time: 15:42:25
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: a

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 468585
Time Elapsed: 1 hr, 49 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\a\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, , [af676d8b840576c09b2802bb08fd07f9],

Physical Sectors: 0
(No malicious items detected)

(end)

#6 Příspěvek od **Márty84** » 16 led 2015 19:42

Nalez smazte, pak muzete MBAM odinstalovat.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

ultrakb · #7 Příspěvek od **ultrakb** » 16 led 2015 19:59

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by a (administrator) on A-PC on 16-01-2015 19:56:16
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available profiles: a)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Mouse\Amoumain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(dotPDN LLC) C:\Program Files\Paint.NET\PaintDotNet.exe
(forum.viry.cz) C:\Users\a\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-09] (COMODO)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [196608 2000-01-01] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-11] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-12-12] (Intel Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-01-16] (Malwarebytes Corporation)
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: F - F:\blank.exe
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: {33df4979-31c0-11e3-8ebc-782bcbcc02ed} - I:\Autorun.exe
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: {5fe7f78e-b4c9-11e2-9288-782bcbcc02ed} - H:\Autorun.exe
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: {75552595-b4b9-11e2-a608-782bcbcc02ed} - E:\Autorun.exe
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\MountPoints2: {755525ac-b4b9-11e2-a608-782bcbcc02ed} - I:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1202963784-976797541-3014665301-1000 -> {EE7C8517-1DBD-41D6-812C-3C331470A41F} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_12902
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{2E577B17-7104-4B25-B1D0-51CE33A704AE}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{49E19BF5-03D7-470F-9484-C1B195FEEEC5}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{5B311316-5D35-4948-8C9C-CE22E2D6DED0}: [NameServer]
Tcpip\..\Interfaces\{8DD4CE98-AB81-48E6-98AA-35A7115A02AA}: [NameServer]
Tcpip\..\Interfaces\{AEDA6959-562B-4353-BA94-5A72F804FB09}: [NameServer]

FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1812h5sm.default
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Self-Destructing Cookies - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1812h5sm.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2013-04-14]
FF Extension: block.it - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1812h5sm.default\Extensions\jid1-FCwgKOzPHifHUA@jetpack.xpi [2013-04-13]
FF Extension: Adblock Plus - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\1812h5sm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/?clid=12902
CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-14]
CHR Extension: (Dokumenty Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Disk Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-14]
CHR Extension: (Seznam Lištička - Email) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-09-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-09-15]
CHR Extension: (YouTube) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-14]
CHR Extension: (Vyhledávání Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-14]
CHR Extension: (Tabulky Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-14]
CHR Extension: (Peněženka Google) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-14]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-09-15]
CHR Extension: (Gmail) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-09] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-12-12] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [311216 2012-07-13] (Gemfor s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-05-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2013-05-17] ()
S2 ssinstall; C:\Windows\SysWOW64\ssins.exe [2324216 2014-07-08] (PS Media s.r.o.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-11] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2000-01-01] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2000-01-01] (A4Tech Co.,Ltd.)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-09] (COMODO)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-12-12] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-09] (COMODO)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-12] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:56 - 2015-01-16 19:56 - 00015323 _____ () C:\Users\a\Desktop\FRST.txt
2015-01-16 19:55 - 2015-01-16 19:56 - 00000000 ____D () C:\FRST
2015-01-16 19:54 - 2015-01-16 19:54 - 02125312 _____ (Farbar) C:\Users\a\Desktop\FRST64.exe
2015-01-16 19:46 - 2015-01-16 19:46 - 00112640 _____ (forum.viry.cz) C:\Users\a\Desktop\FRSTLauncher.exe
2015-01-16 13:19 - 2015-01-16 17:33 - 00001149 _____ () C:\Users\a\Desktop\mbam.txt
2015-01-16 12:56 - 2015-01-16 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 12:33 - 2015-01-16 12:33 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-16 12:33 - 2015-01-16 12:33 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-16 12:33 - 2015-01-16 12:33 - 00001077 _____ () C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2015-01-16 12:33 - 2015-01-16 12:33 - 00000000 ____D () C:\Users\a\AppData\Local\VS Revo Group
2015-01-16 12:33 - 2015-01-16 12:33 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-16 12:33 - 2015-01-16 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-16 12:33 - 2015-01-16 12:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-16 12:32 - 2015-01-16 12:32 - 10031224 _____ (VS Revo Group ) C:\Users\a\Desktop\RevoUninProSetup.exe
2015-01-16 11:13 - 2015-01-16 11:18 - 00000000 ____D () C:\AdwCleaner
2015-01-14 16:47 - 2015-01-14 16:47 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:47 - 2015-01-14 16:47 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:47 - 2015-01-14 16:47 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:47 - 2015-01-14 16:47 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:47 - 2015-01-14 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:47 - 2015-01-14 16:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:47 - 2015-01-14 16:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:47 - 2015-01-14 16:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:09 - 2015-01-14 06:09 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 19:15 - 2015-01-13 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:51 - 2015-01-02 16:51 - 00077312 _____ () C:\Users\a\Desktop\seznam.xls
2015-01-01 09:29 - 2015-01-01 09:29 - 00000000 ____D () C:\Windows\pss
2015-01-01 09:15 - 2015-01-01 09:15 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2015-01-01 09:14 - 2015-01-01 09:32 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-12-29 12:48 - 2014-12-29 12:48 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-29 12:48 - 2014-12-29 12:48 - 00000000 ____D () C:\ProgramData\Documents\CrashDump
2014-12-29 10:21 - 2015-01-01 06:54 - 00000000 ____D () C:\Users\a\AppData\Roaming\Samsung
2014-12-29 10:21 - 2015-01-01 06:54 - 00000000 ____D () C:\Users\a\AppData\Local\Samsung
2014-12-29 10:21 - 2014-12-29 10:21 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-29 10:21 - 2014-12-29 10:21 - 00000000 ____D () C:\ProgramData\Documents\NativeFus_Log
2014-12-29 10:20 - 2014-12-29 10:20 - 00000000 ____D () C:\Users\a\Documents\samsung
2014-12-29 10:16 - 2014-12-29 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-12-29 10:16 - 2014-12-29 10:16 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-12-29 10:12 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-12-29 10:12 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-12-29 10:09 - 2015-01-01 06:54 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-29 10:09 - 2015-01-01 06:53 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-26 12:24 - 2014-12-26 12:24 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 10:09 - 2014-12-23 10:09 - 00028903 _____ () C:\Users\a\Desktop\Dohledávání úkony.xlsx
2014-12-22 19:10 - 2014-12-22 19:10 - 00000000 ____D () C:\Program Files\NETGATE
2014-12-22 19:07 - 2014-12-22 19:08 - 24391168 _____ (NETGATE Technologies s.r.o. ) C:\Users\a\Desktop\se-setup-ngt.exe
2014-12-18 16:16 - 2014-12-18 16:16 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 16:16 - 2014-12-18 16:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:48 - 2013-04-14 16:38 - 00000000 ____D () C:\Users\a\AppData\Local\Paint.NET
2015-01-16 19:10 - 2014-11-22 08:23 - 01149839 ____N () C:\Windows\WindowsUpdate.log
2015-01-16 19:09 - 2013-04-12 05:13 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 15:38 - 2009-07-14 05:45 - 00023040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 15:38 - 2009-07-14 05:45 - 00023040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 15:31 - 2014-07-08 14:40 - 00000000 _____ () C:\Windows\SysWOW64\sinstall.log
2015-01-16 15:30 - 2013-03-20 12:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 15:30 - 2009-07-14 16:36 - 00000000 ____D () C:\Windows\ShellNew
2015-01-16 15:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 14:25 - 2013-03-20 13:24 - 01712024 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 14:25 - 2009-07-14 16:18 - 00763956 _____ () C:\Windows\system32\perfh005.dat
2015-01-16 14:25 - 2009-07-14 16:18 - 00195048 _____ () C:\Windows\system32\perfc005.dat
2015-01-16 14:25 - 2009-07-14 06:13 - 01712024 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 13:24 - 2014-11-30 14:33 - 00000430 _____ () C:\Users\a\Desktop\ukoly.txt
2015-01-16 12:55 - 2014-05-20 15:51 - 00000000 ____D () C:\Users\a\AppData\Local\CrashDumps
2015-01-16 12:51 - 2014-07-08 14:41 - 00000000 ____D () C:\Users\a\AppData\Roaming\Seznam.cz
2015-01-16 10:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-16 07:33 - 2014-12-12 06:40 - 00089088 _____ () C:\Users\a\Desktop\mapa prosinec¨.xls
2015-01-15 17:55 - 2014-02-14 16:48 - 00000000 ____D () C:\Program Files\trend micro
2015-01-14 21:32 - 2013-07-21 07:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:25 - 2013-03-20 11:42 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:34 - 2013-03-20 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 06:09 - 2013-04-12 05:13 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 06:09 - 2013-03-20 12:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 06:09 - 2013-03-20 12:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-07 15:25 - 2013-03-20 10:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 20:59 - 2013-05-11 12:02 - 00000000 ____D () C:\Users\a\AppData\Roaming\vlc
2015-01-01 09:27 - 2014-07-29 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-01 06:53 - 2013-04-18 18:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-29 10:10 - 2014-04-30 19:47 - 00172032 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2014-12-29 10:09 - 2013-12-30 10:52 - 00024576 _____ ((주)마크애니) C:\Windows\SysWOW64\MASetupCleaner.exe
2014-12-29 10:07 - 2014-05-06 15:47 - 00000000 ____D () C:\Users\a\AppData\Local\Downloaded Installations
2014-12-27 13:29 - 2013-10-19 05:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 13:29 - 2013-10-19 05:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-27 13:27 - 2014-04-23 05:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-27 13:27 - 2014-04-23 05:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-27 13:27 - 2014-04-23 05:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-27 13:27 - 2014-04-23 05:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-27 13:25 - 2013-10-19 05:33 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-27 13:25 - 2013-10-19 05:33 - 00001066 _____ () C:\ProgramData\Desktop\VLC media player.lnk
2014-12-27 13:25 - 2013-10-19 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

Some content of TEMP:
====================
C:\Users\a\AppData\Local\Temp\Quarantine.exe
C:\Users\a\AppData\Local\Temp\sqlite3.dll
C:\Users\a\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RtNicProp64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RTNUninst64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MASetupCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\muzapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\revoflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Rt64win7.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stflt.sys:$CmdTcID
AlternateDataStreams: C:\Users\a\Desktop\9bcCKDC.jpg:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\Dohledávání úkony.xlsx:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\DSC_1179.JPG:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\FRSTLauncher.exe:$CmdTcID
AlternateDataStreams: C:\Users\a\Desktop\FRSTLauncher.exe:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\LV.pdf:$CmdTcID
AlternateDataStreams: C:\Users\a\Desktop\LV.pdf:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\průmysl.jpg:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\RevoUninProSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\a\Desktop\RevoUninProSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\se-setup-ngt.exe:$CmdTcID
AlternateDataStreams: C:\Users\a\Desktop\se-setup-ngt.exe:$CmdZnID
AlternateDataStreams: C:\Users\a\Desktop\seznam.xls:$CmdZnID

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\a\Desktop" je 815 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\a\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\a\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **Márty84** » 16 led 2015 20:18

ultrakb píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\a\Desktop" je 815 MB.

Velikost plochy by nemela preshovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Pokud jeste v pc je, odinstalujte Spyware Terminatora

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-01-16] (Malwarebytes Corporation)
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-12-12] (Piriform Ltd)

CHR Extension: (Seznam Lištička - Email) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-09-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-09-15]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-09-15]

2015-01-16 13:19 - 2015-01-16 17:33 - 00001149 _____ () C:\Users\a\Desktop\mbam.txt
2015-01-16 12:56 - 2015-01-16 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 09:14 - 2015-01-01 09:32 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-26 81088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14 116648]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

ultrakb · #9 Příspěvek od **ultrakb** » 16 led 2015 20:33

Takový chlív, uklizeno

Spyware Terminatora nemám

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by a at 2015-01-16 20:27:32 Run:1
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available profiles: a)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-01-16] (Malwarebytes Corporation)
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-12-12] (Piriform Ltd)

CHR Extension: (Seznam Lištička - Email) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-09-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-09-15]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-09-15]

2015-01-16 13:19 - 2015-01-16 17:33 - 00001149 _____ () C:\Users\a\Desktop\mbam.txt
2015-01-16 12:56 - 2015-01-16 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 09:14 - 2015-01-01 09:32 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => value deleted successfully.
HKU\S-1-5-21-1202963784-976797541-3014665301-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig => Moved successfully.
C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd => Moved successfully.
C:\Users\a\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak => Moved successfully.
"C:\Users\a\Desktop\mbam.txt" => File/Directory not found.
C:\ProgramData\Malwarebytes => Moved successfully.
C:\Program Files (x86)\Spyware Terminator => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 99 MB temporary data.

The system needed a reboot.

==== End of Fixlog 20:27:56 ====

#10 Příspěvek od **Márty84** » 16 led 2015 22:59

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remote disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak je na tom pc.

ultrakb · #11 Příspěvek od **ultrakb** » 17 led 2015 08:53

Vše vypadá v pořádku, mohl byste se mi, prosím, ještě podívat na přílohu? Tento problém ukazuje ccleaner pokaždé, Je to něco důležitého?

#12 Příspěvek od **Márty84** » 17 led 2015 10:47

Myslim, ze to souvisi s Comodem.

Zkuste to CCleanerem smazat v nouzovem rezimu.

ultrakb · #13 Příspěvek od **ultrakb** » 17 led 2015 12:35

V nouzovém režimu odstraněno, ale začalo se mi to více sekat

Pokud je to tedy vše a můžu bez obav vlézt na int.bankovnictví, tak Vám velmi děkuji za Vaši ochotu a Vás čas a podpořím Vaše forum.

#14 Příspěvek od **Márty84** » 17 led 2015 12:52

Co se zaclo sekat?

Ona tam vlastne zadna havet nebyla, jen nejake zbytecnosti a brzdy, tak jsem myslel, ze mame hotovo, ale jestli se neco zaclo sekat...

ultrakb · #15 Příspěvek od **ultrakb** » 17 led 2015 12:55

Přeinstaloval jsem ccleaner a bude to v pohodě, takže za mě, děkuji moc!
Pošlu to na Paypal.

VIRY.CZ

prosím o kontrolu, moc děkuji

prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji

Re: prosím o kontrolu, moc děkuji