"SalEPLLus" - rozšíření do chromu,vir

[MrFruty]

Zdravím,do přohlížeče se mi dostal vir ve formě rozšíření pro chrome.Nebylo by to poprvé co se mi to stalo,poprvé je ale to,že nelze nijak smazat.Když ho smažu z prohlížeče,tak se při dalším startu prohlížeče stejně zapne sám.Vir se projevuje tak,že zapíná webové stránky,naštěstí Avast je vždy zablokuje.



Použil jsem již spousty programů na detekci,našel ho ADWCleaner,i přes to,že ho údajně vyčistil,tak tu zůstal.

Použité programy:

AVAST ANTIVIRUS FREE
MALWAREBYTES ANTI-MALWARE
TDSSKILLER
HITMANPRO (TRIAL VERZE)
ADWCLEANER
CCLEANER

A nakonec,když nic nepomohlo,tak zůstal už jen ComboFix,ani ten pomohl.

LOG ADWCLEANER:

AdwCleaner v4.201 - Log vytvořen 10/04/2015 v 23:01:18
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : Fruty - FRUTY-PC
# Spuštěno z : C:\Users\Fruty\Downloads\adwcleaner_4.201.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\bestadblocker
Složka Nalezeno : C:\Program Files (x86)\HyperCam Toolbar
Složka Nalezeno : C:\Program Files (x86)\Nation Toolbar
Složka Nalezeno : C:\Program Files (x86)\SalEPLLus
Složka Nalezeno : C:\ProgramData\baidu

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Nalezeno : HKCU\Software\APN PIP
Klíč Nalezeno : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Nalezeno : HKCU\Software\Nation Toolbar
Klíč Nalezeno : HKCU\Software\simplytech
Klíč Nalezeno : [x64] HKCU\Software\APN PIP
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Nalezeno : [x64] HKCU\Software\Nation Toolbar
Klíč Nalezeno : [x64] HKCU\Software\simplytech
Klíč Nalezeno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Nalezeno : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Nalezeno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Nalezeno : HKLM\SOFTWARE\aed5429f-712f-b8c4-1d64-1dd95e4832d5
Klíč Nalezeno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Klíč Nalezeno : HKLM\SOFTWARE\Conduit
Klíč Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fd81928a}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Nalezeno : HKLM\SOFTWARE\Nation Toolbar
Klíč Nalezeno : HKLM\SOFTWARE\SearchProtect
Klíč Nalezeno : HKLM\SOFTWARE\SpeedBit
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v40.0.2214.93

[C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=14286 ... 1_B4B57B6F

*************************

AdwCleaner[R0].txt - [6871 bytů] - [10/04/2015 23:01:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6929 bytů] ##########



LOG COMBOFIX:

ComboFix 15-04-09.01 - Fruty 10.04.2015 23:54:45.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4094.2262 [GMT 2:00]
Spuštěný z: c:\users\Fruty\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\10830536841880610876
c:\programdata\10830536841880610876\cd5b15e575e1c3d0a5481b543d7c3d60.ini
c:\programdata\10830536841880610876\cd5b15e575e1c3d0b726372c58098f0a.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-10 do 2015-04-10 )))))))))))))))))))))))))))))))
.
.
2015-04-10 22:02 . 2015-04-10 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-10 21:33 . 2015-04-10 21:47 -------- d-----w- c:\programdata\HitmanPro
2015-04-10 21:30 . 2015-04-10 21:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F5CDCE8-BC73-49B8-9CA1-8189379C9B8B}\offreg.dll
2015-04-10 21:01 . 2015-04-10 21:48 -------- d-----w- C:\AdwCleaner
2015-04-10 10:18 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F5CDCE8-BC73-49B8-9CA1-8189379C9B8B}\mpengine.dll
2015-04-09 21:50 . 2015-04-09 21:50 -------- d-----w- c:\users\Fruty\AppData\Roaming\SoundSpectrum
2015-04-09 21:50 . 2015-04-09 21:50 -------- d-----w- c:\users\Fruty\AppData\Local\SoundSpectrum
2015-04-09 21:49 . 2015-04-09 21:49 -------- d-----w- c:\program files (x86)\SoundSpectrum
2015-04-09 20:43 . 2015-04-10 05:29 -------- d-----w- c:\programdata\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f}
2015-04-09 20:40 . 2015-04-10 05:26 -------- d-----w- c:\program files (x86)\ToolMaker
2015-04-09 20:38 . 2015-04-09 20:38 -------- d-----w- c:\programdata\liljmjphpiockfblanbjbacccjkklfcj
2015-04-09 20:37 . 2015-04-09 21:41 -------- d-----w- c:\programdata\{84b0828e-4151-863b-84b0-0828e4150a39}
2015-04-09 20:27 . 2015-04-09 20:27 -------- d-----w- c:\programdata\FLEXnet
2015-04-09 15:48 . 2015-04-09 15:48 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2015-04-09 15:24 . 2015-04-09 15:49 -------- d-----w- c:\program files\Autodesk
2015-04-09 15:16 . 2015-04-09 20:40 -------- d-----w- c:\users\Fruty\AppData\Local\Autodesk
2015-04-09 15:15 . 2015-04-09 15:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2015-04-09 15:15 . 2015-04-09 15:48 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2015-04-09 15:12 . 2015-04-09 15:15 -------- d-----w- c:\programdata\Package Cache
2015-04-09 15:10 . 2015-04-09 20:39 -------- d-----w- c:\users\Fruty\AppData\Roaming\Autodesk
2015-04-09 15:10 . 2015-04-09 20:39 -------- d-----w- c:\programdata\Autodesk
2015-04-05 09:47 . 2015-04-05 09:47 -------- d-s---w- c:\windows\system32\GWX
2015-04-05 09:47 . 2015-04-05 09:47 -------- d-s---w- c:\windows\SysWow64\GWX
2015-03-31 18:46 . 2015-03-31 18:46 -------- d-----w- c:\users\Fruty\AppData\Local\ElevatedDiagnostics
2015-03-31 18:38 . 2015-03-31 18:38 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2015-03-31 18:36 . 2015-03-31 18:36 -------- d-----w- C:\HP
2015-03-31 18:36 . 2015-03-31 18:36 -------- d-----w- c:\users\Fruty\AppData\Roaming\WinBatch
2015-03-31 17:31 . 2015-03-30 13:25 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-03-31 17:31 . 2015-03-31 17:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-03-25 14:58 . 2015-03-25 14:58 -------- d-----w- c:\users\Fruty\AppData\Local\4A Games
2015-03-24 19:29 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-24 19:29 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-24 19:29 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-24 19:29 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-24 19:29 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
2015-03-24 19:29 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
2015-03-24 19:29 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-24 19:29 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 04:04 . 2015-03-23 04:04 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-23 04:04 . 2015-03-23 04:04 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-10 21:15 . 2015-02-05 20:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-23 04:04 . 2015-01-12 03:12 268640 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-23 04:04 . 2015-01-12 03:12 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-23 04:04 . 2015-01-12 03:12 441728 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-23 04:04 . 2015-01-12 03:12 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-23 04:04 . 2015-01-12 03:12 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-23 04:04 . 2015-01-12 03:12 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-23 04:04 . 2015-01-12 03:12 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-23 04:03 . 2015-01-12 03:12 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-19 22:41 . 2015-02-23 18:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-19 22:41 . 2015-02-23 18:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-18 22:28 . 2015-02-23 18:39 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-11 01:59 . 2015-01-12 08:06 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-09 09:09 . 2015-02-23 18:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-03-06 05:56 . 2015-03-11 00:43 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:56 . 2015-03-11 00:43 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:42 . 2015-03-11 00:43 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 00:43 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 00:43 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 00:43 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 00:43 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 00:43 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 00:43 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 00:43 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 00:43 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 00:43 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 00:43 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 00:43 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 00:43 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 00:43 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 00:43 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 00:43 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 00:43 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 00:43 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 00:43 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 00:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 00:43 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 00:43 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 00:43 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 00:43 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 00:43 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 00:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 00:43 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 00:43 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 00:43 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 00:42 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-24 03:15 . 2015-03-11 00:45 389800 ----a-w- c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 00:45 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 00:45 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 00:45 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 00:45 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 00:45 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 00:45 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 00:45 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 00:45 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 00:45 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 00:45 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 00:45 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 00:45 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 00:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 00:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 00:45 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 00:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 00:45 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 00:45 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 00:45 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 00:45 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 00:45 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 00:45 633856 ----a-w- c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 00:45 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 00:45 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 00:45 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 00:45 6035456 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 00:45 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 00:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 00:45 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 00:45 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 00:45 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 00:45 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 00:45 199680 ----a-w- c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 00:45 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 00:45 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 00:45 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 00:45 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 00:45 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 00:45 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 00:45 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 00:45 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 00:45 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 00:45 14398976 ----a-w- c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 00:45 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 00:45 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 00:45 2358784 ----a-w- c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 00:45 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 00:45 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 00:45 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 00:45 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 00:45 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-02-17 14:19 . 2015-02-17 14:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-23 5511352]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-12-05 493960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 04:13 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 03:07]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 03:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-23 04:04 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
------- Asociace souborů -------
.
regedit=regedit.exe "%1"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro37CrusaderBoot]
"ImagePath"="\"c:\users\Fruty\Downloads\HitmanPro_x64.exe\" /crusader:boot"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-11 00:32:03
ComboFix-quarantined-files.txt 2015-04-10 22:31
.
Před spuštěním: Volných bajtů: 162 301 075 456
Po spuštění: Volných bajtů: 162 416 435 200
.
- - End Of File - - 6617666A6FB96AE5451A94BF8A0C4ECC
A36C5E4F47E84449FF07ED3517B43A31




Snažil jsem si pročistit složky downloads,temp a pokusit se ho najít v AppData,dokumentech prostě všude,ale pořád mi uniká.Jediná věc,co mohu udělat je ta,že ho deaktivuju,ale neodstraním.

Budu rád za jakoukoliv pomoc !

[vyosek]

Zdravim

Leceni stylem "az vse selze, tak si necham poradit" neni dobry - tohle je jen zameteni pripadnych stop

Parvidla fora

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je! Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád či nějaký rádoby odborný web. Naše fórum je jediné z CZ\SK antivirových fór, které má právo luštit logy z ComboFixu a máme též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Nedavejte prosim logy do code, spatne se to lusti

Dejte mi log z MBAMu, TDSSKilleru a kdyz najdete tak i HitmanPro

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[MrFruty]

Beru na vědomí,děkuji.

Jediný LOG,který se mi podařilo z MBAMU vyhledat je tento a ten asi k ničemu nebude)


<mbam-log>
<header>
<date>2015/04/11 00:36:44 +0200</date>
<logfile>mbam-log-2015-04-11 (00-36-44).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.04.04.05</malware-database>
<rootkit-database>v2015.03.31.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Fruty</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>376746</objects>
<time>832</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>

LOG Hitman :

HitmanPro 3.7.9.240
www.hitmanpro.com

Computer name . . . . : FRUTY-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Fruty-PC\Fruty
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2015-04-10 23:34:00
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 11s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 0
Traces . . . . . . . : 14

Objects scanned . . . : 1 489 785
Files scanned . . . . : 27 271
Remnants scanned . . : 343 824 files / 1 118 690 keys

Suspicious files ____________________________________________________________

C:\Users\Fruty\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
Size . . . . . . . : 967 165 bytes
Age . . . . . . . : 46.1 days (2015-02-23 20:39:22)
Entropy . . . . . : 7.6
SHA-256 . . . . . : B1B32990F47ED2E39EB18AEA0839D9521B87E9ED18C0BCA8E2C6873FBA9D6494
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Fruty\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
Size . . . . . . . : 139 832 bytes
Age . . . . . . . : 46.1 days (2015-02-23 20:39:55)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 3CB5C8CB071375FDE6E9269000B78E65DB29D585B2775E66C8B9F6E47E0012D1
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Fruty\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
Size . . . . . . . : 953 886 bytes
Age . . . . . . . : 32.5 days (2015-03-09 11:11:42)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Fruty\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
Size . . . . . . . : 953 886 bytes
Age . . . . . . . : 32.5 days (2015-03-09 11:11:42)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.

C:\Users\Fruty\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
Size . . . . . . . : 138 032 bytes
Age . . . . . . . : 32.5 days (2015-03-09 11:11:58)
Entropy . . . . . : 7.8
SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Users\Fruty\GSplay\csko\cstrike\dlls\mp.dll
Size . . . . . . . : 1 316 152 bytes
Age . . . . . . . : 52.9 days (2015-02-17 00:56:06)
Entropy . . . . . : 6.7
SHA-256 . . . . . : B995320A5053343062590F3F144C64FA1E0A73608EA6EA41888E20E4E58750B6
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

C:\Users\Fruty\GSplay\csko\swds.dll
Size . . . . . . . : 1 668 968 bytes
Age . . . . . . . : 52.9 days (2015-02-17 00:58:05)
Entropy . . . . . : 6.9
SHA-256 . . . . . : B4F7C407482FC016E7D77CB0D1AEDAA99E11154B836D6FE3EDA282212504BCEF
RSA Key Size . . . : 1024
Authenticode . . . : Invalid
Fuzzy . . . . . . : 26.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> Deleted
HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals) -> PendingDelete
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) -> Deleted
HKU\S-1-5-21-103076760-3154198757-3525002997-1000_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> PendingDelete
HKU\S-1-5-21-103076760-3154198757-3525002997-1000_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals) -> PendingDelete
HKU\S-1-5-21-103076760-3154198757-3525002997-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals) -> Deleted

[MrFruty]

Log TDSSKILLERU je přílíš dlouhý a nemohu ho poslat na foro,proto ho uploadnu na leteckou poštu.

->http://leteckaposta.cz/373668687

[vyosek]

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

[MrFruty]

FRST :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Fruty (administrator) on FRUTY-PC on 11-04-2015 10:53:10
Running from C:\Users\Fruty\Downloads
Loaded Profiles: Fruty (Available profiles: Fruty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-23] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-103076760-3154198757-3525002997-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12]
CHR Extension: (Adblock Plus) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-29]
CHR Extension: (Google Search) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Fruty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-23] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-16] (Disc Soft Ltd)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-23] (Avast Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 10:53 - 2015-04-11 10:53 - 00016550 _____ () C:\Users\Fruty\Downloads\FRST.txt
2015-04-11 10:52 - 2015-04-11 10:53 - 00000000 ____D () C:\FRST
2015-04-11 10:52 - 2015-04-11 10:52 - 02095616 _____ (Farbar) C:\Users\Fruty\Downloads\FRST64.exe
2015-04-11 00:55 - 2015-04-11 00:56 - 00000168 _____ () C:\Windows\setupact.log
2015-04-11 00:55 - 2015-04-11 00:55 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-11 00:55 - 2015-04-11 00:55 - 00002440 _____ () C:\Windows\PFRO.log
2015-04-11 00:55 - 2015-04-11 00:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 00:32 - 2015-04-11 00:32 - 00022154 _____ () C:\ComboFix.txt
2015-04-10 23:53 - 2015-04-11 00:34 - 00000000 ____D () C:\ComboFix
2015-04-10 23:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-10 23:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-10 23:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-10 23:52 - 2015-04-11 00:33 - 00000000 ____D () C:\Qoobox
2015-04-10 23:51 - 2015-04-11 00:05 - 00000000 ____D () C:\Windows\erdnt
2015-04-10 23:49 - 2015-04-10 23:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fruty\Downloads\tdsskiller.exe
2015-04-10 23:48 - 2015-04-10 23:48 - 05617275 ____R (Swearware) C:\Users\Fruty\Downloads\ComboFix.exe
2015-04-10 23:46 - 2015-04-10 23:46 - 00001788 _____ () C:\Windows\system32\.crusader
2015-04-10 23:33 - 2015-04-10 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-10 23:32 - 2015-04-10 23:33 - 11028616 _____ (SurfRight B.V.) C:\Users\Fruty\Downloads\HitmanPro_x64.exe
2015-04-10 23:01 - 2015-04-11 00:54 - 00000000 ____D () C:\AdwCleaner
2015-04-10 23:00 - 2015-04-10 23:01 - 02217984 _____ () C:\Users\Fruty\Downloads\adwcleaner_4.201.exe
2015-04-10 15:57 - 2015-04-10 15:57 - 22617644 _____ () C:\Users\Fruty\Desktop\informačka jaký program.wav
2015-04-10 13:26 - 2015-04-10 13:26 - 21977644 _____ () C:\Users\Fruty\Desktop\far cry 6.wav
2015-04-10 10:31 - 2015-04-10 10:31 - 00000000 ____D () C:\Users\Fruty\Downloads\Batman.Arkham.Origins-RELOADED
2015-04-10 10:30 - 2015-04-11 08:07 - 00000000 ____D () C:\Users\Fruty\Downloads\Batman - Arkham Origins [Update 11 + 8 DLC] Repack - Joker_RETURNS
2015-04-09 23:50 - 2015-04-09 23:50 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\SoundSpectrum
2015-04-09 23:50 - 2015-04-09 23:50 - 00000000 ____D () C:\Users\Fruty\AppData\Local\SoundSpectrum
2015-04-09 23:49 - 2015-04-09 23:49 - 00000000 ____D () C:\Program Files (x86)\SoundSpectrum
2015-04-09 23:48 - 2015-04-09 23:49 - 13765408 _____ () C:\Users\Fruty\Downloads\WhiteCap_641.exe
2015-04-09 23:48 - 2015-04-09 23:48 - 00173264 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\colorcubesviz.exe
2015-04-09 23:46 - 2015-04-09 23:46 - 00182168 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\trilogyiii.exe
2015-04-09 23:45 - 2015-04-09 23:47 - 05805056 _____ () C:\Users\Fruty\Downloads\PsychedeliaVizPack.msi
2015-04-09 23:45 - 2015-04-09 23:46 - 02488320 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\Grindvis.exe
2015-04-09 23:45 - 2015-04-09 23:46 - 00174288 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\pulsingcolorsviz.exe
2015-04-09 23:45 - 2015-04-09 23:45 - 00533768 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\MP10_EnergyBlissViz.exe
2015-04-09 22:47 - 2015-04-09 22:47 - 00000000 ____D () C:\Users\Fruty\Desktop\Sven
2015-04-09 22:43 - 2015-04-10 07:29 - 00000000 ____D () C:\ProgramData\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f}
2015-04-09 22:40 - 2015-04-10 07:26 - 00000000 ____D () C:\Program Files (x86)\ToolMaker
2015-04-09 22:38 - 2015-04-09 22:38 - 00000000 ____D () C:\ProgramData\liljmjphpiockfblanbjbacccjkklfcj
2015-04-09 22:37 - 2015-04-09 23:41 - 00000000 ____D () C:\ProgramData\{84b0828e-4151-863b-84b0-0828e4150a39}
2015-04-09 22:27 - 2015-04-09 22:38 - 00000000 ____D () C:\Users\Fruty\Documents\maya
2015-04-09 22:27 - 2015-04-09 22:27 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-09 17:56 - 2015-04-09 17:56 - 00000000 ____D () C:\Users\Fruty\Documents\Direct Connect
2015-04-09 17:48 - 2015-04-09 19:04 - 00001792 _____ () C:\Users\Public\Desktop\Maya 2015.lnk
2015-04-09 17:48 - 2015-04-09 17:48 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2015-04-09 17:24 - 2015-04-09 17:49 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-09 17:16 - 2015-04-09 22:40 - 00000000 ____D () C:\Users\Fruty\AppData\Local\Autodesk
2015-04-09 17:16 - 2015-04-09 18:34 - 00000000 ____D () C:\Users\Fruty\Documents\Autodesk Application Manager
2015-04-09 17:15 - 2015-04-09 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-09 17:15 - 2015-04-09 17:52 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-04-09 17:12 - 2015-04-09 17:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 17:10 - 2015-04-09 22:39 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\Autodesk
2015-04-09 17:10 - 2015-04-09 22:39 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-09 11:14 - 2015-04-09 12:38 - 00000000 ____D () C:\Users\Fruty\Downloads\AUTODESK.MAYA.V2015.WIN64-ISO[rarbg]
2015-04-08 11:19 - 2015-04-08 11:19 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-04-05 11:47 - 2015-04-05 11:47 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 11:47 - 2015-04-05 11:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 20:38 - 2015-03-31 20:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-31 20:36 - 2015-03-31 20:36 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\WinBatch
2015-03-31 20:36 - 2015-03-31 20:36 - 00000000 ____D () C:\HP
2015-03-31 19:31 - 2015-03-31 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 19:31 - 2015-03-31 19:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-31 19:31 - 2015-03-30 15:25 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-25 16:58 - 2015-03-25 16:58 - 00000000 ____D () C:\Users\Fruty\AppData\Local\4A Games
2015-03-24 21:29 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 21:29 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 21:29 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 21:29 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 21:29 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 21:29 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 21:29 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 21:29 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 06:04 - 2015-03-23 06:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-23 06:04 - 2015-03-23 06:04 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-22 12:36 - 2015-03-29 23:39 - 00001460 _____ () C:\Users\Fruty\Desktop\ShadowOfMordor – zástupce.lnk
2015-03-18 18:58 - 2015-04-11 09:21 - 01364550 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 01:37 - 2015-03-14 02:13 - 00000045 _____ () C:\Users\Fruty\Desktop\VInes.txt
2015-03-13 02:05 - 2015-03-13 02:05 - 00000218 _____ () C:\Users\Fruty\Desktop\Counter-Strike.url
2015-03-12 12:27 - 2015-03-12 12:27 - 00000221 _____ () C:\Users\Fruty\Desktop\Metro 2033.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 10:49 - 2015-01-15 12:51 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\BitTorrent
2015-04-11 10:12 - 2015-01-12 05:07 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 04:12 - 2015-01-12 05:07 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 01:03 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 01:03 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 01:01 - 2015-01-13 00:47 - 00668160 _____ () C:\Windows\system32\perfh005.dat
2015-04-11 01:01 - 2015-01-13 00:47 - 00140806 _____ () C:\Windows\system32\perfc005.dat
2015-04-11 01:01 - 2009-07-14 07:13 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 00:56 - 2015-03-07 20:35 - 00000000 ____D () C:\Users\Fruty\AppData\Local\LogMeIn Hamachi
2015-04-11 00:56 - 2015-01-12 05:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-11 00:55 - 2015-01-12 04:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 00:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 00:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 00:36 - 2015-02-05 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 00:33 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-11 00:02 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-10 23:29 - 2015-01-16 10:40 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\DAEMON Tools Lite
2015-04-10 23:29 - 2015-01-12 04:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-10 22:40 - 2015-03-03 23:23 - 00000000 ____D () C:\Users\Fruty\AppData\Local\Warframe
2015-04-10 21:59 - 2015-01-29 01:57 - 00000000 ____D () C:\ProgramData\penhefebgfkkddaagcaknmodjneeimbk
2015-04-10 21:59 - 2015-01-29 01:56 - 00000000 ____D () C:\ProgramData\ileckgaakgbfkkdfocfolmggcdngpcii
2015-04-10 19:34 - 2015-01-15 00:31 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\Skype
2015-04-10 15:57 - 2015-01-24 17:58 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\Audacity
2015-04-10 15:53 - 2015-01-20 23:28 - 00000000 ____D () C:\Users\Fruty\Documents\Camtasia Studio
2015-04-10 15:52 - 2015-02-02 22:50 - 00008704 _____ () C:\Users\Fruty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-10 01:38 - 2015-01-12 06:01 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-10 00:39 - 2015-01-26 22:49 - 00000000 ____D () C:\Program Files\Recuva
2015-04-08 11:19 - 2015-03-11 11:24 - 00000000 ____D () C:\FFOutput
2015-04-08 11:17 - 2015-02-17 20:53 - 00000000 ____D () C:\Users\Fruty\Documents\Videa z YT
2015-04-04 20:21 - 2015-01-16 10:49 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-04 20:21 - 2015-01-16 10:49 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-31 20:12 - 2015-01-12 04:50 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-31 20:07 - 2015-01-12 06:06 - 00007602 _____ () C:\Users\Fruty\AppData\Local\Resmon.ResmonCfg
2015-03-31 19:31 - 2015-03-07 20:35 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-03-28 13:27 - 2015-02-17 00:18 - 00000000 ____D () C:\Users\Fruty\AppData\Roaming\Notepad++
2015-03-24 21:34 - 2015-01-12 18:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 21:34 - 2015-01-12 18:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-23 06:04 - 2015-01-12 05:12 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-23 06:04 - 2015-01-12 05:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-23 06:03 - 2015-01-12 05:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 16:24 - 2015-01-29 01:55 - 00000000 ____D () C:\ProgramData\{33baba84-9d11-6763-33ba-aba849d1ea12}
2015-03-22 12:32 - 2015-02-22 23:52 - 00000000 ____D () C:\Games
2015-03-20 00:41 - 2015-02-23 20:39 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-20 00:41 - 2015-02-23 20:39 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-19 00:28 - 2015-02-23 20:39 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-03-15 16:31 - 2015-03-02 20:14 - 00000000 ____D () C:\Users\Fruty\Desktop\DOTA 2 SUPPORT
2015-03-13 21:22 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 08:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:10 - 2009-07-14 06:45 - 01543632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 03:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 14:57 - 2015-03-09 08:52 - 00000000 ____D () C:\Users\Fruty\Documents\4a games

==================== Files in the root of some directories =======

2015-02-02 22:50 - 2015-04-10 15:52 - 0008704 _____ () C:\Users\Fruty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-12 06:06 - 2015-03-31 20:07 - 0007602 _____ () C:\Users\Fruty\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Fruty\AppData\Local\Temp\Quarantine.exe
C:\Users\Fruty\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 00:48

==================== End Of Log ============================

[MrFruty]

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

Ano,počítač býval firemní.

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
  HKU\S-1-5-21-103076760-3154198757-3525002997-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-103076760-3154198757-3525002997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
  BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
  Toolbar: HKU\S-1-5-21-103076760-3154198757-3525002997-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
  Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
  Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
  Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
  Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
  
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
  
  R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
  R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
  R3 WinHttpAutoProxySvc; winhttp.dll [X]
  
  C:\Program Files (x86)\Skype\Toolbars
  2015-04-11 10:53 - 2015-04-11 10:53 - 00016550 _____ () C:\Users\Fruty\Downloads\FRST.txt
  2015-04-11 00:55 - 2015-04-11 00:56 - 00000168 _____ () C:\Windows\setupact.log
  2015-04-11 00:55 - 2015-04-11 00:55 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
  2015-04-11 00:55 - 2015-04-11 00:55 - 00002440 _____ () C:\Windows\PFRO.log
  2015-04-11 00:55 - 2015-04-11 00:55 - 00000000 _____ () C:\Windows\setuperr.log
  2015-04-11 00:32 - 2015-04-11 00:32 - 00022154 _____ () C:\ComboFix.txt
  2015-04-10 23:53 - 2015-04-11 00:34 - 00000000 ____D () C:\ComboFix
  2015-04-10 23:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
  2015-04-10 23:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
  2015-04-10 23:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
  2015-04-10 23:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
  2015-04-10 23:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
  2015-04-10 23:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
  2015-04-10 23:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
  2015-04-10 23:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
  2015-04-10 23:52 - 2015-04-11 00:33 - 00000000 ____D () C:\Qoobox
  2015-04-10 23:51 - 2015-04-11 00:05 - 00000000 ____D () C:\Windows\erdnt
  2015-04-10 23:49 - 2015-04-10 23:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fruty\Downloads\tdsskiller.exe
  2015-04-10 23:48 - 2015-04-10 23:48 - 05617275 ____R (Swearware) C:\Users\Fruty\Downloads\ComboFix.exe
  2015-04-10 23:46 - 2015-04-10 23:46 - 00001788 _____ () C:\Windows\system32\.crusader
  2015-04-10 23:33 - 2015-04-10 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
  2015-04-10 23:32 - 2015-04-10 23:33 - 11028616 _____ (SurfRight B.V.) C:\Users\Fruty\Downloads\HitmanPro_x64.exe
  2015-04-10 23:01 - 2015-04-11 00:54 - 00000000 ____D () C:\AdwCleaner
  2015-04-10 23:00 - 2015-04-10 23:01 - 02217984 _____ () C:\Users\Fruty\Downloads\adwcleaner_4.201.exe
  2015-04-09 23:48 - 2015-04-09 23:48 - 00173264 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\colorcubesviz.exe
  2015-04-09 23:46 - 2015-04-09 23:46 - 00182168 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\trilogyiii.exe
  2015-04-09 23:45 - 2015-04-09 23:47 - 05805056 _____ () C:\Users\Fruty\Downloads\PsychedeliaVizPack.msi
  2015-04-09 23:45 - 2015-04-09 23:46 - 02488320 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\Grindvis.exe
  2015-04-09 23:45 - 2015-04-09 23:46 - 00174288 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\pulsingcolorsviz.exe
  2015-04-09 23:45 - 2015-04-09 23:45 - 00533768 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\MP10_EnergyBlissViz.exe
  2015-04-09 22:43 - 2015-04-10 07:29 - 00000000 ____D () C:\ProgramData\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f}
  2015-04-09 22:40 - 2015-04-10 07:26 - 00000000 ____D () C:\Program Files (x86)\ToolMaker
  2015-04-09 22:38 - 2015-04-09 22:38 - 00000000 ____D () C:\ProgramData\liljmjphpiockfblanbjbacccjkklfcj
  2015-04-09 22:37 - 2015-04-09 23:41 - 00000000 ____D () C:\ProgramData\{84b0828e-4151-863b-84b0-0828e4150a39}
  C:\Program Files (x86)\bestadblocker
  C:\Program Files (x86)\HyperCam Toolbar
  C:\Program Files (x86)\Nation Toolbar
  C:\Program Files (x86)\SalEPLLus
  
  2015-04-11 10:12 - 2015-01-12 05:07 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  2015-04-11 04:12 - 2015-01-12 05:07 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[MrFruty]

Zde dodávám LOG,ale očividně to pomohlo !Díky moc !(pochvala jistá )

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Fruty at 2015-04-11 11:25:17 Run:1
Running from C:\Users\Fruty\Downloads
Loaded Profiles: Fruty (Available profiles: Fruty)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-103076760-3154198757-3525002997-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

C:\Program Files (x86)\Skype\Toolbars
2015-04-11 10:53 - 2015-04-11 10:53 - 00016550 _____ () C:\Users\Fruty\Downloads\FRST.txt
2015-04-11 00:55 - 2015-04-11 00:56 - 00000168 _____ () C:\Windows\setupact.log
2015-04-11 00:55 - 2015-04-11 00:55 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-04-11 00:55 - 2015-04-11 00:55 - 00002440 _____ () C:\Windows\PFRO.log
2015-04-11 00:55 - 2015-04-11 00:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 00:32 - 2015-04-11 00:32 - 00022154 _____ () C:\ComboFix.txt
2015-04-10 23:53 - 2015-04-11 00:34 - 00000000 ____D () C:\ComboFix
2015-04-10 23:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-10 23:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-10 23:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-10 23:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-10 23:52 - 2015-04-11 00:33 - 00000000 ____D () C:\Qoobox
2015-04-10 23:51 - 2015-04-11 00:05 - 00000000 ____D () C:\Windows\erdnt
2015-04-10 23:49 - 2015-04-10 23:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fruty\Downloads\tdsskiller.exe
2015-04-10 23:48 - 2015-04-10 23:48 - 05617275 ____R (Swearware) C:\Users\Fruty\Downloads\ComboFix.exe
2015-04-10 23:46 - 2015-04-10 23:46 - 00001788 _____ () C:\Windows\system32\.crusader
2015-04-10 23:33 - 2015-04-10 23:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-10 23:32 - 2015-04-10 23:33 - 11028616 _____ (SurfRight B.V.) C:\Users\Fruty\Downloads\HitmanPro_x64.exe
2015-04-10 23:01 - 2015-04-11 00:54 - 00000000 ____D () C:\AdwCleaner
2015-04-10 23:00 - 2015-04-10 23:01 - 02217984 _____ () C:\Users\Fruty\Downloads\adwcleaner_4.201.exe
2015-04-09 23:48 - 2015-04-09 23:48 - 00173264 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\colorcubesviz.exe
2015-04-09 23:46 - 2015-04-09 23:46 - 00182168 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\trilogyiii.exe
2015-04-09 23:45 - 2015-04-09 23:47 - 05805056 _____ () C:\Users\Fruty\Downloads\PsychedeliaVizPack.msi
2015-04-09 23:45 - 2015-04-09 23:46 - 02488320 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\Grindvis.exe
2015-04-09 23:45 - 2015-04-09 23:46 - 00174288 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\pulsingcolorsviz.exe
2015-04-09 23:45 - 2015-04-09 23:45 - 00533768 _____ (Microsoft Corporation) C:\Users\Fruty\Downloads\MP10_EnergyBlissViz.exe
2015-04-09 22:43 - 2015-04-10 07:29 - 00000000 ____D () C:\ProgramData\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f}
2015-04-09 22:40 - 2015-04-10 07:26 - 00000000 ____D () C:\Program Files (x86)\ToolMaker
2015-04-09 22:38 - 2015-04-09 22:38 - 00000000 ____D () C:\ProgramData\liljmjphpiockfblanbjbacccjkklfcj
2015-04-09 22:37 - 2015-04-09 23:41 - 00000000 ____D () C:\ProgramData\{84b0828e-4151-863b-84b0-0828e4150a39}
C:\Program Files (x86)\bestadblocker
C:\Program Files (x86)\HyperCam Toolbar
C:\Program Files (x86)\Nation Toolbar
C:\Program Files (x86)\SalEPLLus

2015-04-11 10:12 - 2015-01-12 05:07 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 04:12 - 2015-01-12 05:07 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-103076760-3154198757-3525002997-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
HKU\S-1-5-21-103076760-3154198757-3525002997-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => Key deleted successfully.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Filter\application/x-complus" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => Key deleted successfully.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => Service deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\Fruty\Downloads\FRST.txt => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\system32\Drivers\hitmanpro37.sys => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\ComboFix => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Windows\erdnt => Moved successfully.
C:\Users\Fruty\Downloads\tdsskiller.exe => Moved successfully.
C:\Users\Fruty\Downloads\ComboFix.exe => Moved successfully.
C:\Windows\system32\.crusader => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Users\Fruty\Downloads\HitmanPro_x64.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Fruty\Downloads\adwcleaner_4.201.exe => Moved successfully.
C:\Users\Fruty\Downloads\colorcubesviz.exe => Moved successfully.
C:\Users\Fruty\Downloads\trilogyiii.exe => Moved successfully.
C:\Users\Fruty\Downloads\PsychedeliaVizPack.msi => Moved successfully.
C:\Users\Fruty\Downloads\Grindvis.exe => Moved successfully.
C:\Users\Fruty\Downloads\pulsingcolorsviz.exe => Moved successfully.
C:\Users\Fruty\Downloads\MP10_EnergyBlissViz.exe => Moved successfully.
C:\ProgramData\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f} => Moved successfully.
C:\Program Files (x86)\ToolMaker => Moved successfully.
C:\ProgramData\liljmjphpiockfblanbjbacccjkklfcj => Moved successfully.
C:\ProgramData\{84b0828e-4151-863b-84b0-0828e4150a39} => Moved successfully.
"C:\Program Files (x86)\bestadblocker" => File/Directory not found.
"C:\Program Files (x86)\HyperCam Toolbar" => File/Directory not found.
"C:\Program Files (x86)\Nation Toolbar" => File/Directory not found.
"C:\Program Files (x86)\SalEPLLus" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 68.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:25:59 ====

[MrFruty]

Omlouvám se za doublepost,ale jen tak čistě ze zvědavosti (a třeba se to bude jednou hodit) kde se ten šmejd ukrýval ? Že ho nešlo najít.

[vyosek]

Nelze presne rict odkud se natahoval, jelikoz se ukryva ve slozkach s nahodnymi znaky, ale rekl bych ze tady

2015-04-09 22:43 - 2015-04-10 07:29 - 00000000 ____D () C:\ProgramData\{d4af6dd3-cb18-b23f-d4af-f6dd3cb1b74f}
2015-04-09 22:38 - 2015-04-09 22:38 - 00000000 ____D () C:\ProgramData\liljmjphpiockfblanbjbacccjkklfcj
2015-04-09 22:37 - 2015-04-09 23:41 - 00000000 ____D () C:\ProgramData\{84b0828e-4151-863b-84b0-0828e4150a39}
C:\Program Files (x86)\SalEPLLus

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[MrFruty]

Vše provedeno a pročištěno,akorát si tak říkám že :

Kód: Vybrat vše

C:\Program Files (x86)\SalEPLLus

jsem tam neviděl,že by byl skrytý?Něčeho takového bych si všiml,protože jsem to sám kontroloval¨a nechal Avast aby projel Program Files.No nicméně,ještě jednou máte mé díky !

[vyosek]

Nevim kam se chlapec schoval

Nemate zac, rad jsem pomohl Zase nekdy


A na zaklade Pravidla o zamykani temat