problem s OpenCL.dll

[kallimka]

Ahoj dneska sem stahla asi neco co se nelibi memu pc a od te doby mi vyskakuje (co 2 min) okno
inet32upd.exe - system error
The program can't start because OpenCL.dll is missing from your computer. Try reinstalling the program to fi this problem.

Tohle okno vyskakuje i kdyz nic nedelam...moc prosim o pomoc.

[Márty84]

Zdravim

Jelikoz vestit zatim neumime (ale pracujem na tom ), dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[kallimka]

Doufam, ze je to ono a spravne
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Kamilka (administrator) on KAMILKA-PC on 08-05-2015 18:18:16
Running from C:\Users\Kamilka\Desktop
Loaded Profiles: Kamilka (Available profiles: Kamilka & Mcx1-KAMILKA-PC)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CANON INC.) C:\Program Files\Canon\My Image Garden\cnmigmain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Hide My IP) C:\Program Files\Hide My IP 6\HideMyIpSrv.exe
(HideMyIP) C:\Program Files\Hide My IP 6\HideMyIP.exe
() C:\Users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
() C:\Users\Kamilka\AppData\Roaming\Microsoft\Networking\inet32upd.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Kamilka\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2372800 2014-11-26] (Microsoft Corp.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-03-25] (APN)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [Google Update] => C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [Facebook Update] => C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-19] (Facebook Inc.)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [OneDrive] => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-26] (Microsoft Corporation)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\MountPoints2: {a0ebb023-b1c5-11e0-b6ad-002454bbb9e9} - G:\AutoRun.exe
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-05-08] ()
Startup: C:\Users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nero.bat.lnk [2011-07-16]
ShortcutTarget: nero.bat.lnk -> C:\Windows\System32\nero.bat (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3219418776-4157282183-555089908-1000] => 88.146.243.17:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=smsn
URLSearchHook: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
URLSearchHook: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7SMSN
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {2046C259-6CE9-4869-B991-91F1053D4FCD} URL = http://www.bing.com/search?FORM=BDKTDF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {D4CC3440-DCFD-4C59-9F60-236BA32D6711} URL = http://websearch.ask.com/redirect?clien ... 10E6266EB1&
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\ConduitEngine.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: uTorrentBar Toolbar -> {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -> C:\Program Files\uTorrentBar\tbuTor.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
Toolbar: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> uTorrentBar Toolbar - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll No File
Toolbar: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05] ()
Toolbar: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9 01 C:\windows\system32\HMIPCore.dll [353280 2015-05-07] (Hide My IP)
Winsock: Catalog9 02 C:\windows\system32\HMIPCore.dll [353280 2015-05-07] (Hide My IP)
Winsock: Catalog9 03 C:\windows\system32\HMIPCore.dll [353280 2015-05-07] (Hide My IP)
Winsock: Catalog9 04 C:\windows\system32\HMIPCore.dll [353280 2015-05-07] (Hide My IP)
Winsock: Catalog9 41 C:\windows\system32\HMIPCore.dll [353280 2015-05-07] (Hide My IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kamilka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kamilka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kamilka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-06-23] (Apple Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-01-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-27]
CHR Extension: (Google Search) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-27]
CHR Extension: (http://www.facebook.com/) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo [2012-11-23]
CHR Extension: (AdBlock) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-14]
CHR Extension: (Bookmark Manager) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Skype Click to Call) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-01]
CHR Extension: (Google Wallet) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-25] (APN LLC.)
R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1846968 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
R2 HideMyIpSRV; C:\Program Files\Hide My IP 6\HideMyIpSRV.exe [4341760 2015-04-26] (Hide My IP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-05-08] (Electronic Arts)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER; C:\windows\System32\Drivers\CH341SER.SYS [39632 2009-06-02] (www.winchiphead.com)
R2 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R3 ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2011-08-04] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2011-08-04] (ESET)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-08-17] (Windows (R) 2003 DDK 3790 provider)
S3 s0017bus; C:\windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-11-06] () [File not signed]
S3 ssudserd; C:\windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 abew5z2z; C:\windows\system32\Drivers\abew5z2z.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 18:18 - 2015-05-08 18:18 - 00025216 _____ () C:\Users\Kamilka\Desktop\FRST.txt
2015-05-08 18:17 - 2015-05-08 18:18 - 00000000 ____D () C:\FRST
2015-05-08 18:16 - 2015-05-08 18:17 - 01141248 _____ (Farbar) C:\Users\Kamilka\Desktop\FRST.exe
2015-05-08 18:15 - 2015-05-08 18:15 - 00112640 _____ (forum.viry.cz) C:\Users\Kamilka\Desktop\FRSTLauncher.exe
2015-05-08 18:13 - 2015-05-08 18:14 - 02102272 _____ (Farbar) C:\Users\Kamilka\Desktop\FRST64.exe
2015-05-07 14:53 - 2015-05-07 14:53 - 00002896 _____ () C:\windows\system32\HideMyIpSRVOff.ini
2015-05-07 14:53 - 2015-05-07 14:53 - 00000993 _____ () C:\Users\Kamilka\Desktop\Hide My IP 6.lnk
2015-05-07 14:53 - 2015-05-07 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP 6
2015-05-07 14:53 - 2015-05-07 14:53 - 00000000 ____D () C:\Program Files\Hide My IP 6
2015-05-07 14:53 - 2015-04-26 14:38 - 00353280 _____ (Hide My IP) C:\windows\system32\HMIPCore.dll
2015-05-07 14:51 - 2015-05-07 14:52 - 03047040 _____ (My Privacy Tools, Inc. ) C:\Users\Kamilka\Downloads\hidemyip.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-06 18:32 - 2015-04-27 20:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-06 18:32 - 2015-04-27 20:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-06 18:32 - 2015-04-27 20:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-06 18:32 - 2015-04-27 20:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-06 18:32 - 2015-04-27 20:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-06 18:32 - 2015-04-27 20:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-06 18:32 - 2015-04-27 19:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-06 18:32 - 2015-04-27 19:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-06 18:32 - 2015-04-27 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-06 18:30 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-04 17:58 - 2015-05-04 17:58 - 00242925 _____ () C:\Users\Kamilka\Downloads\[CzT]Lovci_duchu_Supernatural_1_4_serie_CZ_5_6_serie_EN_.torrent
2015-05-04 14:06 - 2015-05-04 14:06 - 00035172 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_3_serie_CZ_TvRip_.torrent
2015-05-04 14:04 - 2015-05-04 14:04 - 00023974 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_2_Serie_CZ_TvRip_.torrent
2015-05-04 14:02 - 2015-05-04 14:02 - 00017484 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_1_serie_CZ_TvRip_.torrent
2015-05-04 14:00 - 2015-05-04 14:00 - 00014901 _____ () C:\Users\Kamilka\Downloads\[CzT]Auta_Cars_1_2_2006_2011_CZ_.torrent
2015-05-02 10:16 - 2015-05-02 10:17 - 00028743 _____ () C:\Users\Kamilka\Downloads\[CzT]Padesat_odstinu_sedi_Fifty_Shades_of_Grey_2015_720pHD_.torrent
2015-05-01 10:42 - 2015-05-01 10:42 - 01556480 _____ () C:\windows\isRS-000.tmp
2015-04-28 00:54 - 2015-04-28 00:54 - 00015173 _____ () C:\Users\Kamilka\Downloads\[CzT]Nero_8_FULL_CZ.torrent
2015-04-27 17:13 - 2015-04-27 17:13 - 00014589 _____ () C:\Users\Kamilka\Downloads\[CzT]Microsoft_Windows_XP_Professional_SP3_CZ_8_2013_.torrent
2015-04-24 16:40 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-24 16:40 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-04-24 16:40 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-18 21:18 - 2015-04-18 21:18 - 00017701 _____ () C:\Users\Kamilka\Downloads\[CzT]Frajeri_ve_Vegas_Last_Vegas_2013_CZ_.torrent
2015-04-18 19:13 - 2015-04-18 19:13 - 00015237 _____ () C:\Users\Kamilka\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_4_serie_CZ_TVRip_.torrent
2015-04-16 14:02 - 2015-04-16 14:02 - 00015129 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_Beyonce_Platinum_Edition_2CD_2014_.torrent
2015-04-16 14:02 - 2015-04-16 14:02 - 00015129 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_Beyonce_Platinum_Edition_2CD_2014_ (1).torrent
2015-04-16 14:01 - 2015-04-16 14:01 - 00020883 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_2013_.torrent
2015-04-15 09:23 - 2015-03-23 04:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 09:23 - 2015-03-23 03:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 09:23 - 2015-03-04 05:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 09:23 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 09:22 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 09:22 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 09:22 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 09:22 - 2015-03-13 04:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 09:22 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 09:22 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 09:22 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 09:22 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 09:22 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 09:22 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 09:22 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 09:22 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 09:22 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 09:22 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 09:22 - 2015-03-13 04:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 09:22 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 09:22 - 2015-03-13 04:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:22 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 09:22 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:22 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 09:22 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 09:22 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 09:22 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 09:22 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 09:22 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 09:22 - 2015-03-13 03:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 09:22 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 09:22 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 09:22 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 09:22 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 09:22 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 09:22 - 2015-03-05 05:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 09:17 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 09:17 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 09:17 - 2015-02-25 04:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 09:16 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 09:16 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-09 13:58 - 2015-04-09 13:58 - 00012493 _____ () C:\Users\Kamilka\Downloads\[CzT]George_Ezra_Wanted_On_Voyage_2014_Deluxe_Edition_.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 18:17 - 2012-04-10 20:54 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 17:59 - 2013-10-19 20:54 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
2015-05-08 17:26 - 2012-02-27 21:22 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
2015-05-08 13:33 - 2010-11-13 19:09 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Skype
2015-05-08 13:28 - 2012-01-26 21:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-08 13:28 - 2012-01-05 22:06 - 00000000 ____D () C:\Users\Kamilka\AppData\Local\CrashDumps
2015-05-08 13:28 - 2010-11-06 21:22 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\DAEMON Tools Lite
2015-05-08 13:28 - 2010-11-06 21:07 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\uTorrent
2015-05-08 13:27 - 2014-09-18 19:17 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 12:25 - 2014-09-18 19:24 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Origin
2015-05-08 12:02 - 2014-09-18 19:23 - 00000000 ____D () C:\Program Files\Origin
2015-05-08 10:34 - 2014-02-28 11:04 - 00000000 ____D () C:\Users\Kamilka\Desktop\Hackovani & Siti
2015-05-08 09:37 - 2013-02-12 22:00 - 01131451 ____N () C:\windows\WindowsUpdate.log
2015-05-08 09:26 - 2012-02-27 21:21 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
2015-05-07 20:59 - 2013-10-19 20:54 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
2015-05-07 11:02 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-05-06 22:39 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-06 19:01 - 2014-02-23 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-06 19:01 - 2013-10-21 11:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-06 18:49 - 2009-07-14 05:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 18:49 - 2009-07-14 05:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 18:46 - 2009-07-26 21:06 - 00795502 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-06 18:42 - 2014-02-01 19:40 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-06 18:40 - 2010-11-06 18:10 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-06 18:39 - 2012-01-26 21:35 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-05-06 18:39 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-04 17:25 - 2013-10-28 21:06 - 00000000 ____D () C:\Users\Kamilka\Desktop\Jiricek
2015-05-04 13:13 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF
2015-05-01 10:42 - 2012-01-26 21:35 - 00001887 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-05-01 10:42 - 2012-01-26 21:35 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-04-29 14:21 - 2014-11-12 16:01 - 00000000 ____D () C:\Program Files\Full Tilt UK
2015-04-24 23:02 - 2014-12-16 00:51 - 00000000 ____D () C:\Users\Kamilka\Desktop\hlinikove klece
2015-04-24 16:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-22 10:29 - 2010-11-13 19:09 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 22:00 - 2010-12-29 21:06 - 00000000 ____D () C:\Users\Kamilka\Desktop\Hudba
2015-04-19 20:41 - 2012-12-18 23:19 - 00000000 ____D () C:\Users\Kamilka\Desktop\Jirka ptaci
2015-04-15 21:27 - 2012-04-10 20:54 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-04-15 21:27 - 2011-06-16 06:10 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 16:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat
2015-04-15 16:04 - 2014-12-13 16:52 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-15 16:04 - 2014-05-02 09:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-15 15:53 - 2013-08-13 13:04 - 00000000 ____D () C:\windows\system32\MRT
2015-04-15 15:43 - 2010-11-06 19:54 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-09 13:39 - 2011-01-30 17:15 - 00000121 ___SH () C:\ProgramData\.zreglib

==================== Files in the root of some directories =======

2004-02-04 15:53 - 2004-02-04 15:53 - 0458752 ____H () C:\Program Files\Common Files\db.mdb
2004-02-04 14:54 - 2004-02-04 14:54 - 0000019 ____H () C:\Program Files\Common Files\General.txt
2004-02-04 15:53 - 2004-02-04 15:53 - 0458752 ____H () C:\Users\Kamilka\AppData\Roaming\db.mdb
2004-02-04 14:54 - 2004-02-04 14:54 - 0000019 ____H () C:\Users\Kamilka\AppData\Roaming\General.txt
2002-08-29 18:33 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\Kamilka\AppData\Roaming\MafiaSetup.exe
2012-11-23 14:50 - 2012-11-23 14:50 - 0003584 _____ () C:\Users\Kamilka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 16:00 - 2014-11-12 16:00 - 51027168 _____ () C:\Users\Kamilka\AppData\Local\TempFullTiltUkSetup.exe
2011-01-30 17:15 - 2015-04-09 13:39 - 0000121 ___SH () C:\ProgramData\.zreglib
2010-11-13 19:12 - 2010-11-13 19:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-11-06 18:12 - 2010-01-16 08:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2013-12-24 00:40 - 2013-12-24 00:41 - 0000348 _____ () C:\ProgramData\hpzinstall.log
2010-06-13 23:51 - 2010-06-13 23:51 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-06-13 23:49 - 2010-06-13 23:50 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-06-13 23:46 - 2010-06-13 23:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-06-13 23:50 - 2010-06-13 23:51 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-06-13 23:45 - 2010-06-13 23:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-06-13 23:47 - 2010-06-13 23:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\Users\ArivaUpgrade\ArivaUpgrade.exe
C:\Users\ArivaUpgrade\LZMA.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job => C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job => C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job => C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job => C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 5.0 (Disabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.0 (Disabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Kamilka\Desktop" je 27757 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Je to ono a je to spravne

Mate tam havet. Ale nedivim se, vidim, ze torrent jede o 106 a to je velmi casty zdroj nakazy


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[kallimka]

Tak tady je to prvni...
# AdwCleaner v4.203 - Logfile created 08/05/2015 at 18:54:58
# Updated 30/04/2015 by Xplode
# Database : 2015-05-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Kamilka - KAMILKA-PC
# Running from : C:\Users\Kamilka\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Users\Kamilka\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Kamilka\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kamilka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kamilka\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Kamilka\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kamilka\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Kamilka\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Kamilka\AppData\Roaming\SpeedMaxPc
File Deleted : C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Deleted : C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBF00E1-41EB-4197-B467-187CFB426650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCBF00E1-41EB-4197-B467-187CFB426650}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E4542A1-BBC4-40F4-9AAE-EE6165AB63BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D4CC3440-DCFD-4C59-9F60-236BA32D6711}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\uTorrentBar
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 88.146.243.17:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Google Chrome v

[C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ff&src=crm&tb=FTB&o=41648107&locale=en_UK&apn_uid=8B08EE65-7F98-49E9-BCF2-C806AF11D467&apn_ptnrs=9D&apn_sauid=C017B4BC-6C41-4140-99DF-4810E6266EB1&apn_dtid=YYYYYYYYGB&q={searchTerms}&

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [15603 bytes] - [08/05/2015 18:52:57]
AdwCleaner[S0].txt - [11664 bytes] - [08/05/2015 18:54:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11724 bytes] ##########

[kallimka]

A zde je to druhe..hloupa sem to omylem zavrela takze ten 2Hodinovy sken opakuju abych mohla ty hrozby vymazat...chjo
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 08/05/2015
Cas skenování: 19:09:36
Protokol: log.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.08.06
Databáze rootkitu: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Kamilka

Typ skenu: Vlastní sken
Výsledek: Dokonceno
Prohledaných objektu: 550768
Uplynulý cas: 2 hod, 29 min, 14 sek

Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíce registru: 4
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3219418776-4157282183-555089908-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [b77fb2df1e6c95a1f3ac63ee58ab45bb],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [b77fb2df1e6c95a1f3ac63ee58ab45bb],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-3219418776-4157282183-555089908-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [92a48c05dcaef83e1f2496b7f60d6898],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, , [92a48c05dcaef83e1f2496b7f60d6898],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
RiskWare.Tool.CK, D:\Stahnute\Nero 8 FULL CZ\nero-8.x-keygen\Nero 8.x KeyGen.exe, , [999dd6bbc6c49c9a06155e4df2103bc5],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[kallimka]

Tak po skenu jsem dala odstranit a restartoval se pc...okno stale vyskakuje
A muzu se zeptat odkud se ta havet primo vzala?
Dekuji

[Márty84]

Budte trpeliva, nejde to udelat najednou, musim to mazat postupne

To vam nereknu, z ceho presne. Nejpravdepodobneji z tech cracku.



Odinstalujte Spybota, program je zastaraly a k nicemu.



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[kallimka]

ComboFix 15-05-09.01 - Kamilka 09/05/2015 12:46:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.2164 [GMT 1:00]
Running from: c:\users\Kamilka\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ArivaUpgrade\LZMA.EXE
c:\users\Kamilka\AppData\Local\TempFullTiltUkSetup.exe
c:\users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-04-09 to 2015-05-09 )))))))))))))))))))))))))))))))
.
.
2015-05-08 18:07 . 2015-05-08 20:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 18:07 . 2015-04-14 08:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-08 18:07 . 2015-04-14 08:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-08 18:07 . 2015-04-14 08:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-08 18:07 . 2015-05-08 18:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-05-08 18:07 . 2015-05-08 18:07 -------- d-----w- c:\programdata\Malwarebytes
2015-05-08 17:52 . 2015-05-08 17:55 -------- d-----w- C:\AdwCleaner
2015-05-08 17:17 . 2015-05-08 17:18 -------- d-----w- C:\FRST
2015-05-08 12:15 . 2015-05-08 12:15 279955 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2015-05-08 12:15 . 2015-05-08 12:15 148760 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libpdcurses.dll
2015-05-08 12:15 . 2015-05-08 12:15 963232 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\msvcr120.dll
2015-05-08 12:15 . 2015-05-08 12:15 626176 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libcurl.dll
2015-05-08 12:15 . 2015-05-08 12:15 364544 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2015-05-08 12:15 . 2015-05-08 12:15 2418688 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\winnet32b.exe
2015-05-08 12:15 . 2015-05-08 12:15 1704448 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libeay32.dll
2015-05-08 12:15 . 2015-05-08 12:15 131598 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\zlib1.dll
2015-05-08 12:15 . 2015-05-08 12:15 119704 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\pthreadGC2.dll
2015-05-08 12:15 . 2015-05-08 12:15 112142 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libgcc_s_dw2-1.dll
2015-05-08 12:15 . 2015-05-08 12:15 494606 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\inet32upd.exe
2015-05-08 08:36 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AE8E1A2-A25E-4D52-8471-9874651D1BB5}\mpengine.dll
2015-05-07 13:53 . 2015-04-26 13:38 353280 ----a-w- c:\windows\system32\HMIPCore.dll
2015-05-07 13:53 . 2015-05-07 13:53 -------- d-----w- c:\program files\Hide My IP 6
2015-05-06 17:30 . 2015-02-18 07:06 123904 ----a-w- c:\windows\system32\poqexec.exe
2015-04-24 15:40 . 2015-01-29 03:02 844288 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-04-24 15:40 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-04-24 15:40 . 2015-03-14 03:04 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-04-24 15:40 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-04-15 08:23 . 2015-03-23 03:06 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-15 08:23 . 2015-03-23 03:06 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-15 08:23 . 2015-03-23 03:06 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-15 08:23 . 2015-03-23 03:06 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-15 08:23 . 2015-03-23 03:06 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-15 08:23 . 2015-03-23 02:59 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-15 08:23 . 2015-03-23 03:06 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-15 08:23 . 2015-03-23 03:06 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-15 08:23 . 2015-03-04 04:16 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 08:23 . 2015-03-04 04:10 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 08:17 . 2015-03-25 03:00 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-15 08:17 . 2015-03-25 03:00 35328 ----a-w- c:\windows\system32\wups2.dll
2015-04-15 08:17 . 2015-03-25 03:00 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 08:17 . 2015-03-25 03:00 29696 ----a-w- c:\windows\system32\wups.dll
2015-04-15 08:17 . 2015-03-25 03:00 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-15 08:17 . 2015-03-25 03:00 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-15 08:17 . 2015-03-25 03:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-15 08:17 . 2015-03-25 03:00 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-04-15 08:17 . 2015-03-25 03:00 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-04-15 08:17 . 2015-03-25 03:00 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-04-15 08:17 . 2015-03-25 03:00 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-15 08:17 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 08:16 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 08:16 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 20:27 . 2012-04-10 19:54 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 20:27 . 2011-06-16 05:10 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-10 07:22 . 2013-10-21 10:12 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-26 03:11 . 2015-03-11 09:08 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:23 . 2010-11-06 19:19 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13 . 2015-03-11 09:06 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 09:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 09:06 299008 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OneDrive"="c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-03-26 281248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2014-11-26 2372800]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 6\HideMyIpSRV.exe [2015-04-26 4341760]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-02 39632]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-27 13224]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-09 8576]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-05-08 1931632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-08-20 182680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-06 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-11-26 173248]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-04-22 1846968]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:27]
.
2015-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
- c:\users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 19:54]
.
2015-05-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
- c:\users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 19:54]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
- c:\users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 14:43]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
- c:\users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 88.146.243.17:8080
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
c:\users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nero.bat.lnk - c:\windows\System32\nero.bat
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3219418776-4157282183-555089908-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:e4,4e,6f,40,9a,2c,28,23,b4,c6,b0,41,b1,76,e0,ee,44,38,f2,f2,18,f0,7c,
47,b3,0e,71,8f,49,23,73,4f,c3,d2,7d,ec,fd,40,87,92,ac,76,74,c9,d9,49,88,60,\
"??"=hex:f6,ac,24,df,79,bb,6f,da,38,b1,39,b6,2f,65,8f,a2
.
[HKEY_USERS\S-1-5-21-3219418776-4157282183-555089908-1000\Software\SecuROM\License information*]
"datasecu"=hex:ba,ef,27,75,5e,94,03,7e,d2,75,4f,a0,1b,84,91,3c,1b,e3,3b,78,a4,
f4,e4,6f,5f,33,8d,38,22,bb,57,28,f6,67,2f,2e,fa,19,c6,19,ab,5f,c2,8a,e6,0d,\
"rkeysecu"=hex:59,0b,c1,eb,77,ea,c1,57,32,fb,02,75,79,86,80,e0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-09 12:58:40
ComboFix-quarantined-files.txt 2015-05-09 11:58
.
Pre-Run: 90,730,201,088 bytes free
Post-Run: 90,382,557,184 bytes free
.
- - End Of File - - E5875F15910F6694773EB2787B90B762
2E5DEBB2116B3417023E0D6562D7ED07

[kallimka]

Tak tady to je vse probehlo bez problemu...po restartu taky ok a okno zatim nevyskocilo

[Márty84]

Jojo, vidim, ze CF uz brouka smaznul Ale hlavne neutikejte, je potreba to docistit, aby to nebylo za chvili zpet.



Vypnete trvale Windows Defender



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"=-
"BingDesktop"=-
"QuickTime Task"=-
"Adobe ARM"=-

Regnull::
[HKEY_USERS\S-1-5-21-3219418776-4157282183-555089908-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-3219418776-4157282183-555089908-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
c2cautoupdatesvc
c2cpnrsvc

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[kallimka]

Tak tady je...
ComboFix 15-05-09.01 - Kamilka 09/05/2015 13:50:47.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3005.1974 [GMT 1:00]
Running from: c:\users\Kamilka\Desktop\ComboFix.exe
Command switches used :: c:\users\Kamilka\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2015-04-09 to 2015-05-09 )))))))))))))))))))))))))))))))
.
.
2015-05-09 12:59 . 2015-05-09 12:59 -------- d-----w- c:\users\Mcx1-KAMILKA-PC\AppData\Local\temp
2015-05-09 12:59 . 2015-05-09 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-09 11:58 . 2015-05-09 13:01 -------- d-----w- c:\users\Kamilka\AppData\Local\temp
2015-05-08 18:07 . 2015-05-08 20:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 18:07 . 2015-04-14 08:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-08 18:07 . 2015-04-14 08:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-08 18:07 . 2015-04-14 08:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-08 18:07 . 2015-05-08 18:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-05-08 18:07 . 2015-05-08 18:07 -------- d-----w- c:\programdata\Malwarebytes
2015-05-08 17:52 . 2015-05-08 17:55 -------- d-----w- C:\AdwCleaner
2015-05-08 17:17 . 2015-05-08 17:18 -------- d-----w- C:\FRST
2015-05-08 12:15 . 2015-05-08 12:15 494606 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\inet32upd.exe
2015-05-08 08:36 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AE8E1A2-A25E-4D52-8471-9874651D1BB5}\mpengine.dll
2015-05-07 13:53 . 2015-04-26 13:38 353280 ----a-w- c:\windows\system32\HMIPCore.dll
2015-05-07 13:53 . 2015-05-07 13:53 -------- d-----w- c:\program files\Hide My IP 6
2015-05-06 17:30 . 2015-02-18 07:06 123904 ----a-w- c:\windows\system32\poqexec.exe
2015-04-24 15:40 . 2015-01-29 03:02 844288 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-04-24 15:40 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-04-24 15:40 . 2015-03-14 03:04 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-04-24 15:40 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-04-15 08:23 . 2015-03-23 03:06 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-15 08:23 . 2015-03-23 03:06 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-15 08:23 . 2015-03-23 03:06 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-15 08:23 . 2015-03-23 03:06 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-15 08:23 . 2015-03-23 03:06 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-15 08:23 . 2015-03-23 02:59 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-15 08:23 . 2015-03-23 03:06 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-15 08:23 . 2015-03-23 03:06 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-15 08:23 . 2015-03-04 04:16 249784 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 08:23 . 2015-03-04 04:10 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 08:17 . 2015-03-25 03:00 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-04-15 08:17 . 2015-03-25 03:00 35328 ----a-w- c:\windows\system32\wups2.dll
2015-04-15 08:17 . 2015-03-25 03:00 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-04-15 08:17 . 2015-03-25 03:00 29696 ----a-w- c:\windows\system32\wups.dll
2015-04-15 08:17 . 2015-03-25 03:00 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-04-15 08:17 . 2015-03-25 03:00 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-04-15 08:17 . 2015-03-25 03:00 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-04-15 08:17 . 2015-03-25 03:00 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-04-15 08:17 . 2015-03-25 03:00 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-04-15 08:17 . 2015-03-25 03:00 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-04-15 08:17 . 2015-03-25 03:00 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-04-15 08:17 . 2015-02-25 03:03 514560 ----a-w- c:\windows\system32\drivers\http.sys
2015-04-15 08:16 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 08:16 . 2015-03-10 03:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-08 12:15 . 2015-05-08 12:15 279955 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libidn-11.dll
2015-05-08 12:15 . 2015-05-08 12:15 148760 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libpdcurses.dll
2015-05-08 12:15 . 2015-05-08 12:15 963232 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\msvcr120.dll
2015-05-08 12:15 . 2015-05-08 12:15 626176 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libcurl.dll
2015-05-08 12:15 . 2015-05-08 12:15 364544 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\ssleay32.dll
2015-05-08 12:15 . 2015-05-08 12:15 2418688 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\winnet32b.exe
2015-05-08 12:15 . 2015-05-08 12:15 1704448 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libeay32.dll
2015-05-08 12:15 . 2015-05-08 12:15 131598 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\zlib1.dll
2015-05-08 12:15 . 2015-05-08 12:15 119704 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\pthreadGC2.dll
2015-05-08 12:15 . 2015-05-08 12:15 112142 ----a-w- c:\users\Kamilka\AppData\Roaming\Microsoft\Networking\libgcc_s_dw2-1.dll
2015-04-15 20:27 . 2012-04-10 19:54 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 20:27 . 2011-06-16 05:10 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-10 07:22 . 2013-10-21 10:12 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-26 03:11 . 2015-03-11 09:08 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:23 . 2010-11-06 19:19 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13 . 2015-03-11 09:06 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 09:06 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:06 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 09:06 299008 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-26 08:08 329376 ----a-w- c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-03-10 07:22 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OneDrive"="c:\users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-03-26 281248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-15 8120864]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 6\HideMyIpSRV.exe [2015-04-26 4341760]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-02 39632]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-27 13224]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-09 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-09 8576]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-05-08 1931632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-08-20 182680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-06 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-11-26 173248]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-04-22 1846968]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 20:27]
.
2015-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
- c:\users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 19:54]
.
2015-05-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
- c:\users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 19:54]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
- c:\users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 14:43]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
- c:\users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 88.146.243.17:8080
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\windows\system32\conhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2015-05-09 14:08:24 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-09 13:08
ComboFix2.txt 2015-05-09 11:58
.
Pre-Run: 90,333,286,400 bytes free
Post-Run: 90,044,092,416 bytes free
.
- - End Of File - - 5A11D6FA9DCD1E75EBD1107FF6D13284
2E5DEBB2116B3417023E0D6562D7ED07

[Márty84]

Dejte prosim novy log z FRST

a k tomu

Dejte i log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786 a doladime to

[kallimka]

Zde je 1.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Kamilka (administrator) on KAMILKA-PC on 09-05-2015 14:42:26
Running from C:\Users\Kamilka\Desktop
Loaded Profiles: Kamilka (Available profiles: Kamilka & Mcx1-KAMILKA-PC)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Kamilka\Desktop\FRSTLauncher.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [CloneCDTray] => C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\...\Run: [OneDrive] => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-26] (Microsoft Corporation)
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3219418776-4157282183-555089908-1000] => 88.146.243.17:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3219418776-4157282183-555089908-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7SMSN
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {2046C259-6CE9-4869-B991-91F1053D4FCD} URL = http://www.bing.com/search?FORM=BDKTDF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3219418776-4157282183-555089908-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [2011-11-22] (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kamilka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Kamilka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3219418776-4157282183-555089908-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Kamilka\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-06-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-06-23] (Apple Inc.)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-01-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-01-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-27]
CHR Extension: (Google Search) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-27]
CHR Extension: (http://www.facebook.com/) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo [2012-11-23]
CHR Extension: (AdBlock) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-14]
CHR Extension: (Bookmark Manager) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Skype Click to Call) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-01]
CHR Extension: (Google Wallet) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Kamilka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1846968 2015-04-22] (Microsoft Corporation)
R2 DiagTrack; C:\windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
S2 HideMyIpSRV; C:\Program Files\Hide My IP 6\HideMyIpSRV.exe [4341760 2015-04-26] (Hide My IP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1931632 2015-05-08] (Electronic Arts)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER; C:\windows\System32\Drivers\CH341SER.SYS [39632 2009-06-02] (www.winchiphead.com)
R2 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R3 ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [33656 2011-08-04] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [50624 2011-08-04] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-08-17] (Windows (R) 2003 DDK 3790 provider)
S3 s0017bus; C:\windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-11-06] () [File not signed]
S3 ssudserd; C:\windows\System32\DRIVERS\ssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a87uwnk5; C:\windows\system32\Drivers\a87uwnk5.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\Users\Kamilka\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 14:42 - 2015-05-09 14:43 - 00020151 _____ () C:\Users\Kamilka\Desktop\FRST.txt
2015-05-09 14:08 - 2015-05-09 14:08 - 00018197 _____ () C:\ComboFix.txt
2015-05-09 12:43 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-05-09 12:43 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-05-09 12:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-05-09 12:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-05-09 12:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-05-09 12:43 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-05-09 12:43 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-05-09 12:43 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-05-09 12:42 - 2015-05-09 14:08 - 00000000 ____D () C:\Qoobox
2015-05-09 12:42 - 2015-05-09 13:59 - 00000000 ____D () C:\windows\erdnt
2015-05-09 12:39 - 2015-05-09 12:40 - 05623215 ____R (Swearware) C:\Users\Kamilka\Desktop\ComboFix.exe
2015-05-08 21:46 - 2015-05-09 00:04 - 00000000 ____D () C:\Users\Kamilka\Desktop\New folder (2)
2015-05-08 19:07 - 2015-05-08 21:56 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 19:07 - 2015-05-08 19:07 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 19:07 - 2015-05-08 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 19:07 - 2015-05-08 19:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-08 19:07 - 2015-05-08 19:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 19:07 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-08 19:07 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-08 19:07 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-08 19:02 - 2015-05-08 19:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Kamilka\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-08 18:56 - 2015-05-09 14:00 - 00007970 _____ () C:\windows\PFRO.log
2015-05-08 18:56 - 2015-05-09 14:00 - 00000280 _____ () C:\windows\setupact.log
2015-05-08 18:56 - 2015-05-08 18:56 - 00000000 _____ () C:\windows\setuperr.log
2015-05-08 18:52 - 2015-05-08 18:55 - 00000000 ____D () C:\AdwCleaner
2015-05-08 18:51 - 2015-05-08 18:52 - 02204160 _____ () C:\Users\Kamilka\Desktop\adwcleaner_4.203.exe
2015-05-08 18:17 - 2015-05-09 14:42 - 00000000 ____D () C:\FRST
2015-05-08 18:16 - 2015-05-08 18:17 - 01141248 _____ (Farbar) C:\Users\Kamilka\Desktop\FRST.exe
2015-05-08 18:15 - 2015-05-08 18:15 - 00112640 _____ (forum.viry.cz) C:\Users\Kamilka\Desktop\FRSTLauncher.exe
2015-05-08 18:13 - 2015-05-08 18:14 - 02102272 _____ (Farbar) C:\Users\Kamilka\Desktop\FRST64.exe
2015-05-07 14:53 - 2015-05-07 14:53 - 00002896 _____ () C:\windows\system32\HideMyIpSRVOff.ini
2015-05-07 14:53 - 2015-05-07 14:53 - 00000993 _____ () C:\Users\Kamilka\Desktop\Hide My IP 6.lnk
2015-05-07 14:53 - 2015-05-07 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP 6
2015-05-07 14:53 - 2015-05-07 14:53 - 00000000 ____D () C:\Program Files\Hide My IP 6
2015-05-07 14:53 - 2015-04-26 14:38 - 00353280 _____ (Hide My IP) C:\windows\system32\HMIPCore.dll
2015-05-07 14:51 - 2015-05-07 14:52 - 03047040 _____ (My Privacy Tools, Inc. ) C:\Users\Kamilka\Downloads\hidemyip.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-06 18:32 - 2015-04-27 20:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-06 18:32 - 2015-04-27 20:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-06 18:32 - 2015-04-27 20:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-06 18:32 - 2015-04-27 20:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-06 18:32 - 2015-04-27 20:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-06 18:32 - 2015-04-27 20:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-06 18:32 - 2015-04-27 20:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-06 18:32 - 2015-04-27 20:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-06 18:32 - 2015-04-27 20:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-06 18:32 - 2015-04-27 20:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-06 18:32 - 2015-04-27 19:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-06 18:32 - 2015-04-27 19:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-06 18:32 - 2015-04-27 19:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-06 18:30 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-04 17:58 - 2015-05-04 17:58 - 00242925 _____ () C:\Users\Kamilka\Downloads\[CzT]Lovci_duchu_Supernatural_1_4_serie_CZ_5_6_serie_EN_.torrent
2015-05-04 14:06 - 2015-05-04 14:06 - 00035172 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_3_serie_CZ_TvRip_.torrent
2015-05-04 14:04 - 2015-05-04 14:04 - 00023974 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_2_Serie_CZ_TvRip_.torrent
2015-05-04 14:02 - 2015-05-04 14:02 - 00017484 _____ () C:\Users\Kamilka\Downloads\[CzT]Mickeyho_klubik_Mickey_Mouse_Clubhouse_1_serie_CZ_TvRip_.torrent
2015-05-04 14:00 - 2015-05-04 14:00 - 00014901 _____ () C:\Users\Kamilka\Downloads\[CzT]Auta_Cars_1_2_2006_2011_CZ_.torrent
2015-05-02 10:16 - 2015-05-02 10:17 - 00028743 _____ () C:\Users\Kamilka\Downloads\[CzT]Padesat_odstinu_sedi_Fifty_Shades_of_Grey_2015_720pHD_.torrent
2015-04-28 00:54 - 2015-04-28 00:54 - 00015173 _____ () C:\Users\Kamilka\Downloads\[CzT]Nero_8_FULL_CZ.torrent
2015-04-27 17:13 - 2015-04-27 17:13 - 00014589 _____ () C:\Users\Kamilka\Downloads\[CzT]Microsoft_Windows_XP_Professional_SP3_CZ_8_2013_.torrent
2015-04-24 16:40 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-24 16:40 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-04-24 16:40 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-18 21:18 - 2015-04-18 21:18 - 00017701 _____ () C:\Users\Kamilka\Downloads\[CzT]Frajeri_ve_Vegas_Last_Vegas_2013_CZ_.torrent
2015-04-18 19:13 - 2015-04-18 19:13 - 00015237 _____ () C:\Users\Kamilka\Downloads\[CzT]Hra_o_truny_Game_of_Thrones_4_serie_CZ_TVRip_.torrent
2015-04-16 14:02 - 2015-04-16 14:02 - 00015129 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_Beyonce_Platinum_Edition_2CD_2014_.torrent
2015-04-16 14:02 - 2015-04-16 14:02 - 00015129 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_Beyonce_Platinum_Edition_2CD_2014_ (1).torrent
2015-04-16 14:01 - 2015-04-16 14:01 - 00020883 _____ () C:\Users\Kamilka\Downloads\[CzT]Beyonce_2013_.torrent
2015-04-15 09:23 - 2015-03-23 04:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 09:23 - 2015-03-23 04:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 09:23 - 2015-03-23 03:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 09:23 - 2015-03-04 05:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 09:23 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 09:22 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-15 09:22 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-15 09:22 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-15 09:22 - 2015-03-13 04:42 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-15 09:22 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-15 09:22 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-15 09:22 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-15 09:22 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-15 09:22 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-15 09:22 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-15 09:22 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-15 09:22 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-15 09:22 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-15 09:22 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-15 09:22 - 2015-03-13 04:16 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-15 09:22 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-15 09:22 - 2015-03-13 04:09 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:22 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-15 09:22 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:22 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-15 09:22 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-15 09:22 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-15 09:22 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-15 09:22 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-15 09:22 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-15 09:22 - 2015-03-13 03:43 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-15 09:22 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-15 09:22 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-15 09:22 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-15 09:22 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-15 09:22 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-15 09:22 - 2015-03-05 05:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 09:17 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 09:17 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 09:17 - 2015-03-25 04:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 09:17 - 2015-02-25 04:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 09:16 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 09:16 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-09 13:58 - 2015-04-09 13:58 - 00012493 _____ () C:\Users\Kamilka\Downloads\[CzT]George_Ezra_Wanted_On_Voyage_2014_Deluxe_Edition_.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 14:38 - 2013-02-12 22:00 - 01228823 _____ () C:\windows\WindowsUpdate.log
2015-05-09 14:26 - 2012-02-27 21:22 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
2015-05-09 14:17 - 2012-04-10 20:54 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-09 14:10 - 2009-07-14 05:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-09 14:10 - 2009-07-14 05:34 - 00023552 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-09 14:01 - 2010-11-06 18:10 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-09 14:01 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini
2015-05-09 14:00 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-09 13:59 - 2009-07-14 03:03 - 72613888 _____ () C:\windows\system32\config\SOFTWARE.bak
2015-05-09 13:59 - 2009-07-14 03:03 - 22544384 _____ () C:\windows\system32\config\SYSTEM.bak
2015-05-09 13:59 - 2009-07-14 03:03 - 05767168 _____ () C:\windows\system32\config\DEFAULT.bak
2015-05-09 13:59 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2015-05-09 13:59 - 2009-07-14 03:03 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2015-05-09 12:58 - 2014-09-13 11:48 - 00000000 ____D () C:\Users\ArivaUpgrade
2015-05-09 12:58 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-05-09 11:59 - 2013-10-19 20:54 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job
2015-05-09 10:44 - 2013-10-28 21:06 - 00000000 ____D () C:\Users\Kamilka\Desktop\Jiricek
2015-05-09 10:43 - 2012-01-26 21:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-05-09 10:42 - 2012-02-27 21:21 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
2015-05-09 10:42 - 2012-01-26 21:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-09 00:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\schemas
2015-05-08 21:59 - 2010-11-06 21:07 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\uTorrent
2015-05-08 20:59 - 2013-10-19 20:54 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job
2015-05-08 18:59 - 2012-01-05 22:06 - 00000000 ____D () C:\Users\Kamilka\AppData\Local\CrashDumps
2015-05-08 13:33 - 2010-11-13 19:09 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Skype
2015-05-08 13:28 - 2010-11-06 21:22 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\DAEMON Tools Lite
2015-05-08 13:27 - 2014-09-18 19:17 - 00000000 ____D () C:\ProgramData\Origin
2015-05-08 12:25 - 2014-09-18 19:24 - 00000000 ____D () C:\Users\Kamilka\AppData\Roaming\Origin
2015-05-08 12:02 - 2014-09-18 19:23 - 00000000 ____D () C:\Program Files\Origin
2015-05-08 10:34 - 2014-02-28 11:04 - 00000000 ____D () C:\Users\Kamilka\Desktop\Hackovani & Siti
2015-05-07 11:02 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache
2015-05-06 22:39 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-06 19:01 - 2014-02-23 03:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-06 19:01 - 2013-10-21 11:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-06 18:46 - 2009-07-26 21:06 - 00795502 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-06 18:42 - 2014-02-01 19:40 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-06 18:39 - 2012-01-26 21:35 - 00000000 ____D () C:\Program Files\CDBurnerXP
2015-05-04 13:13 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF
2015-05-01 10:42 - 2012-01-26 21:35 - 00001887 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-05-01 10:42 - 2012-01-26 21:35 - 00001845 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-04-29 14:21 - 2014-11-12 16:01 - 00000000 ____D () C:\Program Files\Full Tilt UK
2015-04-24 23:02 - 2014-12-16 00:51 - 00000000 ____D () C:\Users\Kamilka\Desktop\hlinikove klece
2015-04-24 16:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-22 10:29 - 2010-11-13 19:09 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 22:00 - 2010-12-29 21:06 - 00000000 ____D () C:\Users\Kamilka\Desktop\Hudba
2015-04-19 20:41 - 2012-12-18 23:19 - 00000000 ____D () C:\Users\Kamilka\Desktop\Jirka ptaci
2015-04-15 21:27 - 2012-04-10 20:54 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-04-15 21:27 - 2011-06-16 06:10 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 16:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\AppCompat
2015-04-15 16:04 - 2014-12-13 16:52 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-15 16:04 - 2014-05-02 09:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-15 15:53 - 2013-08-13 13:04 - 00000000 ____D () C:\windows\system32\MRT
2015-04-15 15:43 - 2010-11-06 19:54 - 125832184 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-09 13:39 - 2011-01-30 17:15 - 00000121 ___SH () C:\ProgramData\.zreglib

==================== Files in the root of some directories =======

2004-02-04 15:53 - 2004-02-04 15:53 - 0458752 ____H () C:\Program Files\Common Files\db.mdb
2004-02-04 14:54 - 2004-02-04 14:54 - 0000019 ____H () C:\Program Files\Common Files\General.txt
2004-02-04 15:53 - 2004-02-04 15:53 - 0458752 ____H () C:\Users\Kamilka\AppData\Roaming\db.mdb
2004-02-04 14:54 - 2004-02-04 14:54 - 0000019 ____H () C:\Users\Kamilka\AppData\Roaming\General.txt
2002-08-29 18:33 - 2002-08-29 18:33 - 0319488 ____R () C:\Users\Kamilka\AppData\Roaming\MafiaSetup.exe
2012-11-23 14:50 - 2012-11-23 14:50 - 0003584 _____ () C:\Users\Kamilka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-30 17:15 - 2015-04-09 13:39 - 0000121 ___SH () C:\ProgramData\.zreglib
2010-11-13 19:12 - 2010-11-13 19:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-11-06 18:12 - 2010-01-16 08:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2013-12-24 00:40 - 2013-12-24 00:41 - 0000348 _____ () C:\ProgramData\hpzinstall.log
2010-06-13 23:51 - 2010-06-13 23:51 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-06-13 23:49 - 2010-06-13 23:50 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-06-13 23:46 - 2010-06-13 23:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-06-13 23:50 - 2010-06-13 23:51 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-06-13 23:45 - 2010-06-13 23:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-06-13 23:47 - 2010-06-13 23:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\Users\ArivaUpgrade\ArivaUpgrade.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job => C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job => C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job => C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job => C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:268F887D
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:5C270C64
AlternateDataStreams: C:\ProgramData\Temp:6FB93194
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8530A643
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E7BA7168

==================== Security Center ==================

AV: ESET Smart Security 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Kamilka\Desktop" je 27785 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[kallimka]

A 2.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kamilka at 2015-05-09 14:46:14
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 86 GB (38%) free of 228 GB
Total RAM: 3005 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:47:16, on 09/05/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\Explorer.exe
C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kamilka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kamilka\Downloads\RSIT.exe
C:\Program Files\trend micro\Kamilka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 88.146.243.17:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Skype Click to Call for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files\Hide My IP 6\HideMyIpSRV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6704 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job - C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job - C:\Users\Kamilka\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000Core.job - C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3219418776-4157282183-555089908-1000UA.job - C:\Users\Kamilka\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04 153760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-04 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10 710872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10 1729752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-04 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28 4438104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-15 8120864]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 1713448]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-02-11 172568]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
"CanonQuickMenu"=C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2012-03-26 449168]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"OneDrive"=C:\Users\Kamilka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-03-26 281248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HideMyIpSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.VP60"=C:\windows\system32\vp6vfw.dll
"vidc.VP61"=C:\windows\system32\vp6vfw.dll
"vidc.VP62"=vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-05-09 14:46:14 ----D---- C:\rsit
2015-05-09 14:46:14 ----D---- C:\Program Files\trend micro
2015-05-09 14:08:24 ----A---- C:\ComboFix.txt
2015-05-09 14:01:25 ----SHD---- C:\$RECYCLE.BIN
2015-05-09 12:43:07 ----A---- C:\windows\zip.exe
2015-05-09 12:43:07 ----A---- C:\windows\SWSC.exe
2015-05-09 12:43:07 ----A---- C:\windows\SWREG.exe
2015-05-09 12:43:07 ----A---- C:\windows\sed.exe
2015-05-09 12:43:07 ----A---- C:\windows\PEV.exe
2015-05-09 12:43:07 ----A---- C:\windows\NIRCMD.exe
2015-05-09 12:43:07 ----A---- C:\windows\MBR.exe
2015-05-09 12:43:07 ----A---- C:\windows\grep.exe
2015-05-09 12:42:58 ----D---- C:\Qoobox
2015-05-09 12:42:32 ----D---- C:\windows\erdnt
2015-05-08 19:07:37 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 19:07:17 ----A---- C:\windows\system32\drivers\mwac.sys
2015-05-08 19:07:17 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2015-05-08 19:07:17 ----A---- C:\windows\system32\drivers\mbam.sys
2015-05-08 19:07:16 ----D---- C:\ProgramData\Malwarebytes
2015-05-08 19:07:16 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 18:52:41 ----D---- C:\AdwCleaner
2015-05-08 18:17:41 ----D---- C:\FRST
2015-05-07 14:53:44 ----A---- C:\windows\system32\HideMyIpSRVOff.ini
2015-05-07 14:53:38 ----A---- C:\windows\system32\HMIPCore.dll
2015-05-07 14:53:34 ----D---- C:\Program Files\Hide My IP 6
2015-05-06 18:32:22 ----A---- C:\windows\system32\UtcResources.dll
2015-05-06 18:32:21 ----A---- C:\windows\system32\diagtrack.dll
2015-05-06 18:32:20 ----A---- C:\windows\system32\ntkrnlpa.exe
2015-05-06 18:32:19 ----A---- C:\windows\system32\ntoskrnl.exe
2015-05-06 18:32:18 ----A---- C:\windows\system32\tdh.dll
2015-05-06 18:32:16 ----A---- C:\windows\system32\ntdll.dll
2015-05-06 18:32:15 ----A---- C:\windows\system32\advapi32.dll
2015-05-06 18:32:14 ----A---- C:\windows\system32\tracerpt.exe
2015-05-06 18:32:14 ----A---- C:\windows\system32\lsasrv.dll
2015-05-06 18:32:14 ----A---- C:\windows\system32\drivers\ksecdd.sys
2015-05-06 18:32:13 ----A---- C:\windows\system32\srcore.dll
2015-05-06 18:32:13 ----A---- C:\windows\system32\sechost.dll
2015-05-06 18:32:13 ----A---- C:\windows\system32\schannel.dll
2015-05-06 18:32:13 ----A---- C:\windows\system32\rstrui.exe
2015-05-06 18:32:13 ----A---- C:\windows\system32\msv1_0.dll
2015-05-06 18:32:13 ----A---- C:\windows\system32\logman.exe
2015-05-06 18:32:13 ----A---- C:\windows\system32\kerberos.dll
2015-05-06 18:32:13 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-05-06 18:32:12 ----A---- C:\windows\system32\wdigest.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\typeperf.exe
2015-05-06 18:32:12 ----A---- C:\windows\system32\TSpkg.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\sspicli.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\srclient.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\smss.exe
2015-05-06 18:32:12 ----A---- C:\windows\system32\secur32.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\relog.exe
2015-05-06 18:32:12 ----A---- C:\windows\system32\ncrypt.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\lsass.exe
2015-05-06 18:32:12 ----A---- C:\windows\system32\diskperf.exe
2015-05-06 18:32:12 ----A---- C:\windows\system32\csrsrv.dll
2015-05-06 18:32:12 ----A---- C:\windows\system32\auditpol.exe
2015-05-06 18:32:11 ----A---- C:\windows\system32\sspisrv.dll
2015-05-06 18:32:11 ----A---- C:\windows\system32\msobjs.dll
2015-05-06 18:32:11 ----A---- C:\windows\system32\msaudite.dll
2015-05-06 18:32:11 ----A---- C:\windows\system32\credssp.dll
2015-05-06 18:32:11 ----A---- C:\windows\system32\apisetschema.dll
2015-05-06 18:32:11 ----A---- C:\windows\system32\adtschema.dll
2015-05-06 18:30:52 ----A---- C:\windows\system32\poqexec.exe
2015-04-24 16:40:18 ----A---- C:\windows\system32\wpdshext.dll
2015-04-24 16:40:05 ----A---- C:\windows\system32\dwmcore.dll
2015-04-24 16:40:05 ----A---- C:\windows\system32\dwmapi.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\invagent.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\generaltel.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\devinv.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\appraiser.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\aeinv.dll
2015-04-15 09:23:34 ----A---- C:\windows\system32\acmigration.dll
2015-04-15 09:23:33 ----A---- C:\windows\system32\aepic.dll
2015-04-15 09:23:33 ----A---- C:\windows\system32\aepdu.dll
2015-04-15 09:23:11 ----A---- C:\windows\system32\clfsw32.dll
2015-04-15 09:23:11 ----A---- C:\windows\system32\clfs.sys
2015-04-15 09:22:44 ----A---- C:\windows\system32\gdi32.dll
2015-04-15 09:22:43 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 09:22:43 ----A---- C:\windows\system32\ieetwcollector.exe
2015-04-15 09:22:42 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-15 09:22:42 ----A---- C:\windows\system32\iernonce.dll
2015-04-15 09:22:42 ----A---- C:\windows\system32\ieetwproxystub.dll
2015-04-15 09:22:42 ----A---- C:\windows\system32\ie4uinit.exe
2015-04-15 09:22:41 ----A---- C:\windows\system32\urlmon.dll
2015-04-15 09:22:41 ----A---- C:\windows\system32\jsproxy.dll
2015-04-15 09:22:41 ----A---- C:\windows\system32\iedkcs32.dll
2015-04-15 09:22:40 ----A---- C:\windows\system32\msfeeds.dll
2015-04-15 09:22:40 ----A---- C:\windows\system32\jscript9diag.dll
2015-04-15 09:22:40 ----A---- C:\windows\system32\ieUnatt.exe
2015-04-15 09:22:40 ----A---- C:\windows\system32\ieapfltr.dll
2015-04-15 09:22:40 ----A---- C:\windows\system32\dxtmsft.dll
2015-04-15 09:22:38 ----A---- C:\windows\system32\msrating.dll
2015-04-15 09:22:38 ----A---- C:\windows\system32\iesetup.dll
2015-04-15 09:22:38 ----A---- C:\windows\system32\ieetwcollectorres.dll
2015-04-15 09:22:37 ----A---- C:\windows\system32\wininet.dll
2015-04-15 09:22:36 ----A---- C:\windows\system32\ieui.dll
2015-04-15 09:22:36 ----A---- C:\windows\system32\dxtrans.dll
2015-04-15 09:22:35 ----A---- C:\windows\system32\ieframe.dll
2015-04-15 09:22:33 ----A---- C:\windows\system32\mshtmlmedia.dll
2015-04-15 09:22:33 ----A---- C:\windows\system32\mshtmled.dll
2015-04-15 09:22:33 ----A---- C:\windows\system32\MshtmlDac.dll
2015-04-15 09:22:32 ----A---- C:\windows\system32\iertutil.dll
2015-04-15 09:22:30 ----A---- C:\windows\system32\mshtml.dll
2015-04-15 09:22:29 ----A---- C:\windows\system32\vbscript.dll
2015-04-15 09:22:29 ----A---- C:\windows\system32\jscript9.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wuwebv.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wups2.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wups.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wudriver.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wucltux.dll
2015-04-15 09:17:54 ----A---- C:\windows\system32\wuauclt.exe
2015-04-15 09:17:54 ----A---- C:\windows\system32\wuapp.exe
2015-04-15 09:17:54 ----A---- C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 09:17:53 ----A---- C:\windows\system32\wuaueng.dll
2015-04-15 09:17:53 ----A---- C:\windows\system32\wuapi.dll
2015-04-15 09:17:53 ----A---- C:\windows\system32\WinSetupUI.dll
2015-04-15 09:17:05 ----A---- C:\windows\system32\drivers\http.sys
2015-04-15 09:16:52 ----A---- C:\windows\system32\msxml3.dll
2015-04-15 09:16:51 ----A---- C:\windows\system32\msxml3r.dll

======List of files/folders modified in the last 1 month======

2015-05-09 14:46:14 ----RD---- C:\Program Files
2015-05-09 14:45:50 ----D---- C:\windows\Temp
2015-05-09 14:37:42 ----D---- C:\windows\system32\config
2015-05-09 14:08:27 ----D---- C:\windows\system32\drivers
2015-05-09 14:01:03 ----AD---- C:\Windows
2015-05-09 14:01:03 ----A---- C:\windows\system.ini
2015-05-09 14:00:59 ----D---- C:\windows\system32\drivers\etc
2015-05-09 13:56:05 ----D---- C:\windows\System32
2015-05-09 13:56:05 ----D---- C:\windows\AppPatch
2015-05-09 13:56:03 ----D---- C:\Program Files\Common Files
2015-05-09 12:43:08 ----D---- C:\windows\Prefetch
2015-05-09 10:43:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2015-05-09 10:42:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2015-05-09 00:06:04 ----D---- C:\windows\schemas
2015-05-08 21:59:22 ----D---- C:\Users\Kamilka\AppData\Roaming\uTorrent
2015-05-08 19:07:16 ----D---- C:\ProgramData
2015-05-08 16:55:43 ----D---- C:\windows\inf
2015-05-08 13:33:26 ----D---- C:\Users\Kamilka\AppData\Roaming\Skype
2015-05-08 13:28:27 ----D---- C:\Users\Kamilka\AppData\Roaming\DAEMON Tools Lite
2015-05-08 13:27:08 ----D---- C:\ProgramData\Origin
2015-05-08 13:15:36 ----SD---- C:\Users\Kamilka\AppData\Roaming\Microsoft
2015-05-08 13:03:13 ----SHD---- C:\windows\Installer
2015-05-08 12:53:44 ----SHD---- C:\System Volume Information
2015-05-08 12:25:00 ----D---- C:\Users\Kamilka\AppData\Roaming\Origin
2015-05-08 12:02:41 ----D---- C:\Program Files\Origin
2015-05-07 11:02:40 ----D---- C:\windows\rescache
2015-05-06 22:39:57 ----D---- C:\windows\Microsoft.NET
2015-05-06 22:39:01 ----RSD---- C:\windows\assembly
2015-05-06 19:02:44 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-05-06 19:01:05 ----D---- C:\Program Files\Microsoft Office 15
2015-05-06 18:46:48 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-05-06 18:42:24 ----D---- C:\ProgramData\CanonIJPLM
2015-05-06 18:40:32 ----D---- C:\windows\winsxs
2015-05-06 18:39:38 ----D---- C:\Program Files\CDBurnerXP
2015-05-06 18:37:26 ----D---- C:\windows\system32\en-US
2015-05-06 18:31:41 ----D---- C:\windows\system32\catroot2
2015-05-04 13:13:48 ----D---- C:\windows\system32\NDF
2015-05-03 14:33:11 ----D---- C:\windows\debug
2015-04-29 14:21:39 ----D---- C:\Program Files\Full Tilt UK
2015-04-24 16:42:53 ----D---- C:\windows\system32\DriverStore
2015-04-24 16:42:53 ----D---- C:\windows\system32\AdvancedInstallers
2015-04-24 16:42:52 ----D---- C:\windows\system32\drivers\UMDF
2015-04-22 10:29:39 ----D---- C:\ProgramData\Skype
2015-04-15 21:27:31 ----A---- C:\windows\system32\FlashPlayerApp.exe
2015-04-15 16:53:39 ----D---- C:\windows\AppCompat
2015-04-15 16:04:37 ----SD---- C:\windows\system32\CompatTel
2015-04-15 16:04:36 ----D---- C:\windows\system32\appraiser
2015-04-15 16:04:33 ----D---- C:\Program Files\Internet Explorer
2015-04-15 16:04:32 ----D---- C:\windows\PolicyDefinitions
2015-04-15 15:53:27 ----D---- C:\windows\system32\MRT
2015-04-15 15:43:37 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-10-13 331288]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-11-06 691696]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2010-03-31 10752]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2011-12-13 2228224]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-12-15 2977248]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-02-26 242992]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CH341SER;CH341SER; C:\windows\System32\Drivers\CH341SER.SYS [2009-06-02 39632]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2010-12-27 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2010-12-27 25512]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmb.sys [2012-11-09 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbo.sys [2012-11-09 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsu.sys [2012-11-09 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-09 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2012-10-17 19072]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 rtport;rtport; \??\C:\windows\system32\drivers\rtport.sys [2010-08-17 15656]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudserd.sys [2013-08-20 182680]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-09 8192]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-09 8192]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb Driver; C:\windows\system32\drivers\WinUsb.sys [2010-11-20 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-01-19 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\windows\system32\DRIVERS\ZTEusbnmea.sys [2010-01-19 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\windows\system32\DRIVERS\ZTEusbser6k.sys [2010-01-19 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 BingDesktopUpdate;Bing Desktop Update service; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-11-26 173248]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-04-22 1846968]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2012-03-28 140456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 HideMyIpSRV;HideMyIpSRV; C:\Program Files\Hide My IP 6\HideMyIpSRV.exe [2015-04-26 4341760]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
S3 Origin Client Service;Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2015-05-08 1931632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-10-03 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-10-03 4846168]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-11-06 1343400]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------