Skontrolovali by ste mi log, pls. bolo to infikovane reklamnym robotom a dufam ze to uz je ciste.
Logfile of random's system information tool 1.10 (written by random/random)
Run by P Balascak at 2015-07-03 22:10:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 3 GB (5%) free of 62 GB
Total RAM: 3767 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:59, on 03/07/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\trend micro\P Balascak.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
--
End of file - 10603 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe" -hidden /prefetch:1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4740.0.741334349\1310877056" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,21,44 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2622 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_DisplayHintTextControl_PostPeriod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_45/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=4740 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4740.2.736026581\2144330575" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_DisplayHintTextControl_PostPeriod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_45/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=4740 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4740.6.300373731\786829015" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="*AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_DisplayHintTextControl_PostPeriod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/OneWeek/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_45/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=4740 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4740.7.1630437662\1159247520" /prefetch:673131151
"D:\Download\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4740.8.2081127447\558803191" --ppapi-flash-args=enable_hw_video_decode=1 --lang=en-US --ignored=" --type=renderer " /prefetch:-632637702
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 878784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-12 1428264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 583360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 1109696]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 709312]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-12 1152808]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 1729744]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 891072]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-11 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-11 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-11 417560]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-12-11 1890088]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2010-05-26 585376]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2010-05-26 354464]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-08-13 137352]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2015-05-15 60712]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2015-06-29 157992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-11 390656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=60
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 3 months======
2015-07-03 19:47:28 ----D---- C:\Program Files\iPod
2015-07-03 19:47:27 ----D---- C:\Program Files\iTunes
2015-07-03 19:47:27 ----D---- C:\Program Files (x86)\iTunes
2015-07-03 19:40:57 ----SHD---- C:\Config.Msi
2015-07-03 18:38:43 ----D---- C:\zoek
2015-07-03 18:15:48 ----A---- C:\runcheck.txt
2015-07-03 18:15:43 ----D---- C:\zoek_backup
2015-07-03 17:56:52 ----A---- C:\ComboFix.txt
2015-07-03 17:50:43 ----D---- C:\$RECYCLE.BIN
2015-07-03 17:47:10 ----D---- C:\Windows\temp
2015-07-03 17:32:33 ----A---- C:\Windows\system32\FNTCACHE.DAT
2015-07-03 15:39:25 ----A---- C:\Windows\zip.exe
2015-07-03 15:39:25 ----A---- C:\Windows\SWSC.exe
2015-07-03 15:39:25 ----A---- C:\Windows\SWREG.exe
2015-07-03 15:39:25 ----A---- C:\Windows\sed.exe
2015-07-03 15:39:25 ----A---- C:\Windows\PEV.exe
2015-07-03 15:39:25 ----A---- C:\Windows\NIRCMD.exe
2015-07-03 15:39:25 ----A---- C:\Windows\MBR.exe
2015-07-03 15:39:25 ----A---- C:\Windows\grep.exe
2015-07-03 15:33:10 ----D---- C:\Qoobox
2015-07-03 15:31:48 ----D---- C:\Windows\erdnt
2015-07-03 15:30:47 ----D---- C:\FRST
2015-07-03 15:23:01 ----D---- C:\rsit
2015-07-03 15:23:01 ----D---- C:\Program Files\trend micro
2015-07-03 14:44:03 ----D---- C:\Program Files\Microsoft.NET
2015-06-28 23:15:15 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 22:35:49 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2015-06-28 22:34:42 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-28 22:33:02 ----D---- C:\Program Files (x86)\Apple Software Update
2015-06-28 22:32:38 ----D---- C:\Program Files\Common Files\Apple
2015-06-28 22:30:51 ----D---- C:\ProgramData\GridinSoft
2015-06-24 14:33:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-21 13:26:31 ----D---- C:\Program Files\Microsoft Silverlight
2015-06-21 13:26:31 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-06-17 23:57:48 ----D---- C:\Windows\pss
2015-06-17 23:48:06 ----D---- C:\Users\P Balascak\AppData\Roaming\redsn0w
2015-06-17 03:30:52 ----D---- C:\Program Files\KMSpico
2015-06-17 02:25:58 ----D---- C:\Program Files (x86)\Opera
2015-06-17 02:19:45 ----D---- C:\Program Files (x86)\Microsoft Toolkit Final
2015-06-17 02:07:19 ----D---- C:\Program Files\Common Files\DESIGNER
2015-06-17 02:06:51 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2015-06-17 02:06:37 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-06-17 02:05:58 ----D---- C:\Windows\PCHEALTH
2015-06-17 02:05:58 ----D---- C:\Program Files\Microsoft SQL Server
2015-06-17 02:01:28 ----D---- C:\Program Files\Microsoft Analysis Services
2015-06-17 02:01:28 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2015-06-16 20:56:04 ----A---- C:\Windows\AutoKMS.ini
2015-06-16 20:32:48 ----D---- C:\Program Files\Microsoft Office
2015-06-16 20:32:06 ----D---- C:\Program Files (x86)\Microsoft Office
2015-06-16 20:32:05 ----D---- C:\ProgramData\Microsoft Help
2015-06-16 20:31:45 ----RD---- C:\MSOCache
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-06-10 17:36:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-06-10 17:36:08 ----A---- C:\Windows\system32\iernonce.dll
2015-06-10 17:36:08 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-06-10 17:36:08 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-06-10 17:36:08 ----A---- C:\Windows\system32\ie4uinit.exe
2015-06-10 17:36:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-06-10 17:36:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-06-10 17:36:07 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-06-10 17:36:07 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-06-10 17:36:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-06-10 17:36:06 ----A---- C:\Windows\system32\urlmon.dll
2015-06-10 17:36:06 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 17:36:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 17:36:06 ----A---- C:\Windows\system32\iedkcs32.dll
2015-06-10 17:36:05 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-06-10 17:36:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-06-10 17:36:05 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-06-10 17:36:05 ----A---- C:\Windows\system32\msfeeds.dll
2015-06-10 17:36:05 ----A---- C:\Windows\system32\iesetup.dll
2015-06-10 17:36:05 ----A---- C:\Windows\system32\dxtrans.dll
2015-06-10 17:36:04 ----A---- C:\Windows\system32\iertutil.dll
2015-06-10 17:36:04 ----A---- C:\Windows\system32\ieapfltr.dll
2015-06-10 17:36:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-06-10 17:36:03 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-06-10 17:36:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-06-10 17:36:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-06-10 17:36:03 ----A---- C:\Windows\system32\vbscript.dll
2015-06-10 17:36:03 ----A---- C:\Windows\system32\jsproxy.dll
2015-06-10 17:36:03 ----A---- C:\Windows\system32\ieUnatt.exe
2015-06-10 17:36:02 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-06-10 17:36:02 ----A---- C:\Windows\system32\mshtmled.dll
2015-06-10 17:36:02 ----A---- C:\Windows\system32\ieui.dll
2015-06-10 17:36:02 ----A---- C:\Windows\system32\ieframe.dll
2015-06-10 17:36:02 ----A---- C:\Windows\system32\dxtmsft.dll
2015-06-10 17:36:01 ----A---- C:\Windows\system32\wininet.dll
2015-06-10 17:36:01 ----A---- C:\Windows\system32\jscript9diag.dll
2015-06-10 17:36:01 ----A---- C:\Windows\system32\jscript9.dll
2015-06-10 17:36:01 ----A---- C:\Windows\system32\jscript.dll
2015-06-10 17:36:00 ----A---- C:\Windows\system32\msrating.dll
2015-06-10 17:36:00 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-06-10 17:36:00 ----A---- C:\Windows\system32\mshtml.dll
2015-06-10 17:35:13 ----A---- C:\Windows\system32\wmp.dll
2015-06-10 17:35:11 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-06-10 17:35:11 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-06-10 17:35:11 ----A---- C:\Windows\system32\spwmp.dll
2015-06-10 17:35:10 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-06-10 17:35:10 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-06-10 17:35:10 ----A---- C:\Windows\system32\wmploc.DLL
2015-06-10 17:35:10 ----A---- C:\Windows\system32\dxmasf.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\invagent.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\generaltel.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\devinv.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\appraiser.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\aepic.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\aeinv.dll
2015-06-10 17:35:07 ----A---- C:\Windows\system32\acmigration.dll
2015-06-10 17:35:06 ----A---- C:\Windows\system32\aepdu.dll
2015-06-10 17:34:55 ----A---- C:\Windows\system32\diagtrack.dll
2015-06-10 17:34:54 ----A---- C:\Windows\system32\kerberos.dll
2015-06-10 17:34:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-06-10 17:34:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-06-10 17:34:52 ----A---- C:\Windows\system32\kernel32.dll
2015-06-10 17:34:51 ----A---- C:\Windows\system32\lsasrv.dll
2015-06-10 17:34:49 ----A---- C:\Windows\system32\advapi32.dll
2015-06-10 17:34:46 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-06-10 17:34:44 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-06-10 17:34:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-06-10 17:34:43 ----A---- C:\Windows\system32\ntdll.dll
2015-06-10 17:34:42 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-06-10 17:34:42 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-06-10 17:34:42 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-06-10 17:34:42 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-06-10 17:34:42 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\wow64.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\winsrv.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\tracerpt.exe
2015-06-10 17:34:42 ----A---- C:\Windows\system32\tdh.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\srcore.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\schannel.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\rstrui.exe
2015-06-10 17:34:42 ----A---- C:\Windows\system32\msv1_0.dll
2015-06-10 17:34:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-06-10 17:34:42 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-06-10 17:34:42 ----A---- C:\Windows\system32\conhost.exe
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 17:34:41 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-06-10 17:34:41 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\wow64win.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\wow64cpu.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\wdigest.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\typeperf.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\TSpkg.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\sspisrv.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\sspicli.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\srclient.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\smss.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\secur32.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\sechost.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\relog.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\ntvdm64.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\ncrypt.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\lsass.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\logman.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\diskperf.exe
2015-06-10 17:34:41 ----A---- C:\Windows\system32\csrsrv.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\credssp.dll
2015-06-10 17:34:41 ----A---- C:\Windows\system32\auditpol.exe
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 17:34:40 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\user.exe
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-06-10 17:34:40 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-06-10 17:34:40 ----A---- C:\Windows\system32\UtcResources.dll
2015-06-10 17:34:40 ----A---- C:\Windows\system32\msobjs.dll
2015-06-10 17:34:40 ----A---- C:\Windows\system32\msaudite.dll
2015-06-10 17:34:40 ----A---- C:\Windows\system32\apisetschema.dll
2015-06-10 17:34:40 ----A---- C:\Windows\system32\adtschema.dll
2015-06-10 17:34:22 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-06-10 17:34:22 ----A---- C:\Windows\system32\comctl32.dll
2015-06-10 17:34:20 ----A---- C:\Windows\system32\win32k.sys
2015-06-10 17:34:16 ----A---- C:\Windows\system32\drivers\stream.sys
2015-06-04 21:59:31 ----D---- C:\Program Files (x86)\CheckPoint
2015-06-04 21:58:45 ----D---- C:\ProgramData\CheckPoint
2015-06-03 17:26:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2015-06-03 17:26:55 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-01 18:37:50 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-06-01 18:37:32 ----D---- C:\ProgramData\Malwarebytes
2015-06-01 18:37:32 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-01 18:37:32 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-06-01 18:37:32 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-06-01 18:37:32 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-06-01 18:17:50 ----D---- C:\AdwCleaner
2015-06-01 16:40:21 ----D---- C:\Program Files (x86)\ControlThis Parental Control
2015-06-01 16:21:09 ----A---- C:\Windows\ODBC.INI
2015-06-01 15:54:19 ----D---- C:\Program Files (x86)\isomount_setup
2015-06-01 15:41:40 ----A---- C:\Windows\system32\drivers\VCdRom.sys
2015-05-14 19:41:26 ----D---- C:\Program Files\Lightworks
2015-05-14 16:45:56 ----D---- C:\Program Files (x86)\QuickTime
2015-05-14 16:12:29 ----D---- C:\Users\P Balascak\AppData\Roaming\muvee Technologies
2015-05-14 12:18:02 ----D---- C:\Users\P Balascak\AppData\Roaming\Macromedia
2015-05-14 11:12:04 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 11:12:04 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:50:47 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 21:50:47 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 21:50:04 ----A---- C:\Windows\system32\services.exe
2015-05-13 21:50:01 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 21:50:01 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 21:50:01 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 21:49:33 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 21:49:33 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 21:49:33 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 21:49:32 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 21:49:31 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-13 21:49:29 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 21:49:29 ----A---- C:\Windows\system32\poqexec.exe
2015-05-13 21:49:27 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-13 21:49:27 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-13 21:49:27 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-13 21:49:27 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 21:49:27 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 21:49:27 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 21:49:27 ----A---- C:\Windows\system32\aelupsvc.dll
2015-04-28 20:09:49 ----AH---- C:\Windows\system32\mlfcache.dat
2015-04-21 14:44:37 ----D---- C:\Users\P Balascak\AppData\Roaming\streamWriter
2015-04-21 14:43:48 ----D---- C:\Program Files (x86)\streamWriter
2015-04-16 13:11:38 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-16 13:11:38 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-16 13:11:38 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-16 13:11:38 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-16 13:11:38 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wups2.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wups.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wudriver.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wucltux.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wuapp.exe
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wuapi.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 13:11:38 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-16 13:11:32 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-16 13:11:32 ----A---- C:\Windows\system32\gdi32.dll
2015-04-16 13:11:31 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-16 13:11:31 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-16 13:11:31 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-16 13:11:31 ----A---- C:\Windows\system32\msxml3.dll
2015-04-16 13:11:12 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-16 13:10:55 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-16 13:10:55 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-16 13:10:55 ----A---- C:\Windows\system32\clfs.sys
2015-04-11 23:21:02 ----D---- C:\Program Files\CPUID
2015-04-08 14:29:45 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-08 14:29:44 ----SD---- C:\Windows\system32\GWX
======List of files/folders modified in the last 3 months======
2015-07-03 22:09:05 ----D---- C:\ProgramData\Kaspersky Lab
2015-07-03 19:49:09 ----SHD---- C:\Windows\Installer
2015-07-03 19:48:08 ----SHD---- C:\System Volume Information
2015-07-03 19:47:28 ----RD---- C:\Program Files
2015-07-03 19:47:27 ----RD---- C:\Program Files (x86)
2015-07-03 19:41:58 ----D---- C:\Windows\system32\DriverStore
2015-07-03 19:41:57 ----D---- C:\Windows\inf
2015-07-03 19:41:55 ----D---- C:\Windows\system32\catroot
2015-07-03 19:12:27 ----D---- C:\ProgramData
2015-07-03 18:40:20 ----D---- C:\Windows\system32\GroupPolicy
2015-07-03 18:40:19 ----D---- C:\Windows\system32\Tasks
2015-07-03 18:22:09 ----D---- C:\Program Files (x86)\Common Files
2015-07-03 18:15:45 ----D---- C:\Windows\SysWOW64
2015-07-03 17:57:03 ----D---- C:\Windows\system32\drivers
2015-07-03 17:56:13 ----D---- C:\Windows\system32\config
2015-07-03 17:54:19 ----D---- C:\Windows\Tasks
2015-07-03 17:50:57 ----D---- C:\Windows
2015-07-03 17:50:57 ----A---- C:\Windows\system.ini
2015-07-03 17:50:34 ----D---- C:\Windows\system32\drivers\etc
2015-07-03 17:48:21 ----D---- C:\Program Files (x86)\TeamViewer
2015-07-03 17:45:43 ----SD---- C:\ProgramData\Microsoft
2015-07-03 17:45:43 ----D---- C:\Windows\System32
2015-07-03 17:45:03 ----RSD---- C:\Windows\Fonts
2015-07-03 17:44:21 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-03 17:44:21 ----D---- C:\Windows\AppPatch
2015-07-03 17:37:52 ----D---- C:\Windows\SoftwareDistribution
2015-07-03 17:36:25 ----D---- C:\Windows\Prefetch
2015-07-03 15:14:42 ----D---- C:\Windows\system32\LogFiles
2015-07-03 14:44:42 ----RSD---- C:\Windows\assembly
2015-07-03 14:44:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-07-03 14:44:03 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-06-28 23:10:59 ----D---- C:\ProgramData\Apple
2015-06-28 22:35:49 ----DC---- C:\Windows\system32\DRVSTORE
2015-06-28 22:32:38 ----D---- C:\Program Files\Common Files
2015-06-26 14:07:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-26 00:16:23 ----SD---- C:\Users\P Balascak\AppData\Roaming\Microsoft
2015-06-24 15:19:12 ----D---- C:\Windows\Microsoft.NET
2015-06-24 14:49:31 ----D---- C:\Windows\winsxs
2015-06-24 14:35:08 ----A---- C:\Windows\win.ini
2015-06-24 13:10:00 ----D---- C:\Users\P Balascak\AppData\Roaming\TaiG
2015-06-20 19:05:49 ----D---- C:\Windows\rescache
2015-06-19 17:34:36 ----D---- C:\Program Files\SUPERAntiSpyware
2015-06-17 23:59:50 ----D---- C:\Users\P Balascak\AppData\Roaming\DAEMON Tools Lite
2015-06-17 23:58:36 ----D---- C:\Windows\debug
2015-06-17 13:27:06 ----D---- C:\Users\P Balascak\AppData\Roaming\vlc
2015-06-17 13:13:44 ----D---- C:\Users\P Balascak\AppData\Roaming\Skype
2015-06-17 03:11:43 ----D---- C:\Windows\LiveKernelReports
2015-06-17 03:09:42 ----D---- C:\Program Files (x86)\AcerCrystalEye
2015-06-17 02:32:22 ----D---- C:\Program Files\Unlocker
2015-06-17 02:07:31 ----D---- C:\Windows\ShellNew
2015-06-17 02:03:29 ----D---- C:\Program Files\Common Files\System
2015-06-17 01:41:02 ----D---- C:\Program Files (x86)\MSBuild
2015-06-15 13:15:31 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-10 19:45:35 ----D---- C:\Program Files\Windows Media Player
2015-06-10 19:45:35 ----D---- C:\Program Files (x86)\Windows Media Player
2015-06-10 19:45:34 ----SD---- C:\Windows\system32\CompatTel
2015-06-10 19:45:34 ----D---- C:\Windows\system32\appraiser
2015-06-10 19:45:31 ----D---- C:\Windows\SYSWOW64\en-US
2015-06-10 19:45:30 ----D---- C:\Windows\system32\en-US
2015-06-10 19:45:25 ----D---- C:\Program Files\Internet Explorer
2015-06-10 19:45:23 ----D---- C:\Windows\PolicyDefinitions
2015-06-10 18:03:23 ----D---- C:\Windows\system32\MRT
2015-06-10 17:53:47 ----A---- C:\Windows\system32\MRT.exe
2015-06-10 17:31:27 ----D---- C:\Windows\system32\catroot2
2015-06-06 01:44:36 ----D---- C:\Users\P Balascak\AppData\Roaming\TeamViewer
2015-06-03 17:04:57 ----D---- C:\Windows\Vss
2015-06-01 21:07:34 ----D---- C:\Windows\Globalization
2015-06-01 16:46:27 ----D---- C:\Windows\SYSWOW64\config
2015-06-01 16:15:52 ----D---- C:\Windows\system
2015-05-25 18:21:30 ----D---- C:\ProgramData\Skype
2015-05-25 18:21:00 ----RD---- C:\Program Files (x86)\Skype
2015-05-14 17:22:03 ----D---- C:\Program Files (x86)\Google
2015-05-14 17:08:16 ----D---- C:\Program Files\Windows Journal
2015-05-14 17:08:15 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 17:08:10 ----D---- C:\Windows\system32\drivers\UMDF
2015-05-11 16:39:27 ----D---- C:\Program Files (x86)\Garmin
2015-04-19 21:18:42 ----D---- C:\Windows\AppCompat
2015-04-17 09:49:57 ----D---- C:\Windows\system32\wdi
2015-04-16 21:19:07 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-09 14:49:24 ----D---- C:\Program Files\DIFX
2015-04-09 14:49:13 ----D---- C:\Users\P Balascak\AppData\Roaming\Garmin
2015-04-09 14:48:56 ----D---- C:\ProgramData\Garmin
2015-04-09 14:47:13 ----D---- C:\Program Files\Nikon
2015-04-09 14:44:20 ----D---- C:\Program Files\Common Files\Nikon
2015-04-08 14:30:07 ----D---- C:\Windows\Logs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-20 457824]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-01-26 283064]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2014-04-11 243808]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-01-12 793800]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2014-02-25 30304]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-13 15456]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2014-03-26 55904]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-03-27 179296]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-08-13 450456]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-08-06 2768384]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2010-05-20 32296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-11 12311904]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-01-12 141320]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-03-29 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-08-09 29280]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-12-11 301104]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 63704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-18 246376]
S3 RT-USB;Ross-Tech USB driver; C:\Windows\system32\drivers\RT-USB64.SYS [2014-05-12 97152]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2014-11-05 27136]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-05-29 60744]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
R2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-21 233552]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-08-13 3596752]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-11 57344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-06-29 644904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-12 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 107912]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 Garmin Device Interaction Service;Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [2015-04-23 713736]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 107912]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-12 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-01-12 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-12 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-12 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-12 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-12 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivna kontrola po vycisteni
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivna kontrola po vycisteni
Zdravim 
Co jste tam nacvicoval s utilitami??
Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu) 
Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Nebezpeci CFka
Log z CF byste tedy aspon nasel??
Co jste tam nacvicoval s utilitami?? Co se tyce ComboFixu, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu) Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby" Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Log z CF byste tedy aspon nasel??"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivna kontrola po vycisteni
Tak Combofix som pouzil na zaklade toho ze ak nieco najde tak nech to aj vymaze. Co sa tyka jeho citania z kodu tak nie velmi a script vobec.
S utilitami som sa trochu hral koli spomalenemu pc. niektore procesy si brali pamet medzi 2.5 - 3G.
Urobil som to este horsie? ram uz az tak nekolise ako predtym.
tu je log z Combofixu
ComboFix 15-06-30.01 - P Balascak 03/07/2015 17:40:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.1694 [GMT 1:00]
Running from: d:\download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\P Balascak\AppData\Local\Temp\_iu14D2N.tmp
c:\users\PBALAS~1\AppData\Local\Temp\_iu14D2N.tmp
c:\windows\hosts
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((((( Files Created from 2015-06-03 to 2015-07-03 )))))))))))))))))))))))))))))))
.
.
2015-07-03 14:30 . 2015-07-03 14:37 -------- d-----w- C:\FRST
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- C:\rsit
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- c:\program files\trend micro
2015-07-03 13:48 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\mpengine.dll
2015-07-03 13:44 . 2015-07-03 13:44 -------- d-----w- c:\program files\Microsoft.NET
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files\iPod
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files\iTunes
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files (x86)\iTunes
2015-06-28 21:35 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-06-28 21:34 . 2015-06-28 22:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-28 21:33 . 2015-06-28 21:33 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-06-28 21:32 . 2015-06-28 22:15 -------- d-----w- c:\program files\Common Files\Apple
2015-06-28 21:30 . 2015-06-28 21:30 -------- d-----w- c:\programdata\GridinSoft
2015-06-24 13:35 . 2015-06-24 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-06-17 22:48 . 2015-06-17 22:48 -------- d-----w- c:\users\P Balascak\AppData\Roaming\redsn0w
2015-06-17 02:30 . 2015-06-17 02:32 -------- d-----w- c:\program files\KMSpico
2015-06-17 01:28 . 2015-06-17 01:28 -------- d-----w- c:\program files (x86)\winrar 45.8.7
2015-06-17 01:27 . 2015-06-17 02:11 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2015-06-17 01:26 . 2015-06-17 01:29 -------- d-----w- c:\users\P Balascak\AppData\Local\Opera Software
2015-06-17 01:26 . 2015-06-17 01:29 -------- d-----w- c:\users\P Balascak\AppData\Roaming\Opera Software
2015-06-17 01:25 . 2015-06-17 01:30 -------- d-----w- c:\program files (x86)\Opera
2015-06-17 01:25 . 2015-06-17 02:09 -------- d-----w- c:\programdata\2fc7ad4981e44e5e9cd938c744ee5bc0
2015-06-17 01:25 . 2015-06-17 01:25 -------- d-----w- c:\programdata\7c0535b143fc4671b6ebd202fbffe066
2015-06-17 01:24 . 2015-06-17 02:09 -------- d-----w- c:\program files (x86)\19567023-cd0c-4944-8fd6-55d34bb8638f
2015-06-17 01:24 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\globalUpdate
2015-06-17 01:24 . 2015-06-17 01:24 -------- d-----w- c:\users\P Balascak\AppData\Local\globalUpdate
2015-06-17 01:23 . 2015-06-17 01:37 -------- d-----w- c:\users\P Balascak\AppData\Roaming\WTools
2015-06-17 01:23 . 2015-06-17 01:30 -------- d-----w- c:\users\P Balascak\AppData\Roaming\Store
2015-06-17 01:19 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\Microsoft Toolkit Final
2015-06-17 01:07 . 2015-06-17 01:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-06-17 01:05 . 2015-06-17 01:06 -------- d-----w- c:\program files\Microsoft SQL Server
2015-06-17 01:05 . 2015-06-17 01:05 -------- d-----w- c:\windows\PCHEALTH
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-06-16 19:32 . 2015-06-17 01:05 -------- d-----w- c:\program files\Microsoft Office
2015-06-16 19:32 . 2015-06-17 02:02 -------- d-----w- c:\users\P Balascak\AppData\Local\Microsoft Help
2015-06-16 19:32 . 2015-06-24 14:00 -------- d-----w- c:\programdata\Microsoft Help
2015-06-16 19:31 . 2015-06-16 19:31 -------- d-----r- C:\MSOCache
2015-06-10 19:05 . 2015-06-10 19:07 3145728 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe
2015-06-10 19:05 . 2015-06-10 19:07 152576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\spectate.exe
2015-06-10 19:04 . 2015-01-28 17:59 1723904 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\SetupAoC.exe
2015-06-10 16:35 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 16:34 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-04 20:59 . 2015-06-04 21:01 -------- d-----w- c:\program files (x86)\CheckPoint
2015-06-04 20:58 . 2015-06-04 20:58 -------- d-----w- c:\programdata\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 14:20 . 2015-06-01 17:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 16:53 . 2015-01-12 11:49 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 16:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-13 13:39 . 2015-05-13 13:39 82432 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-05-13 13:39 . 2015-05-13 13:39 1275392 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-05-01 13:17 . 2015-05-14 10:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 10:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 20:50 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 20:50 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 20:50 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 20:50 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 20:50 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 08:37 . 2015-06-01 17:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2015-06-01 17:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2015-06-01 17:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 20:50 328704 ----a-w- c:\windows\system32\services.exe
2015-04-09 13:06 . 2015-04-09 13:06 44544 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-08 03:29 . 2015-05-13 20:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 20:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 20:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-04-23 1403224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS;c:\windows\SYSNATIVE\drivers\RT-USB64.SYS [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 09:16]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 09:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
.
**************************************************************************
.
Completion time: 2015-07-03 17:56:46 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-03 16:56
.
Pre-Run: 2,937,802,752 bytes free
Post-Run: 2,810,699,776 bytes free
.
- - End Of File - - 084FF20C04A678CC854F62F8B658D92F
A36C5E4F47E84449FF07ED3517B43A31
S utilitami som sa trochu hral koli spomalenemu pc. niektore procesy si brali pamet medzi 2.5 - 3G.
Urobil som to este horsie? ram uz az tak nekolise ako predtym.
tu je log z Combofixu
ComboFix 15-06-30.01 - P Balascak 03/07/2015 17:40:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.1694 [GMT 1:00]
Running from: d:\download\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\P Balascak\AppData\Local\Temp\_iu14D2N.tmp
c:\users\PBALAS~1\AppData\Local\Temp\_iu14D2N.tmp
c:\windows\hosts
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((((( Files Created from 2015-06-03 to 2015-07-03 )))))))))))))))))))))))))))))))
.
.
2015-07-03 14:30 . 2015-07-03 14:37 -------- d-----w- C:\FRST
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- C:\rsit
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- c:\program files\trend micro
2015-07-03 13:48 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\mpengine.dll
2015-07-03 13:44 . 2015-07-03 13:44 -------- d-----w- c:\program files\Microsoft.NET
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files\iPod
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files\iTunes
2015-06-28 22:15 . 2015-06-28 22:15 -------- d-----w- c:\program files (x86)\iTunes
2015-06-28 21:35 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-06-28 21:34 . 2015-06-28 22:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-28 21:33 . 2015-06-28 21:33 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-06-28 21:32 . 2015-06-28 22:15 -------- d-----w- c:\program files\Common Files\Apple
2015-06-28 21:30 . 2015-06-28 21:30 -------- d-----w- c:\programdata\GridinSoft
2015-06-24 13:35 . 2015-06-24 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-06-17 22:48 . 2015-06-17 22:48 -------- d-----w- c:\users\P Balascak\AppData\Roaming\redsn0w
2015-06-17 02:30 . 2015-06-17 02:32 -------- d-----w- c:\program files\KMSpico
2015-06-17 01:28 . 2015-06-17 01:28 -------- d-----w- c:\program files (x86)\winrar 45.8.7
2015-06-17 01:27 . 2015-06-17 02:11 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2015-06-17 01:26 . 2015-06-17 01:29 -------- d-----w- c:\users\P Balascak\AppData\Local\Opera Software
2015-06-17 01:26 . 2015-06-17 01:29 -------- d-----w- c:\users\P Balascak\AppData\Roaming\Opera Software
2015-06-17 01:25 . 2015-06-17 01:30 -------- d-----w- c:\program files (x86)\Opera
2015-06-17 01:25 . 2015-06-17 02:09 -------- d-----w- c:\programdata\2fc7ad4981e44e5e9cd938c744ee5bc0
2015-06-17 01:25 . 2015-06-17 01:25 -------- d-----w- c:\programdata\7c0535b143fc4671b6ebd202fbffe066
2015-06-17 01:24 . 2015-06-17 02:09 -------- d-----w- c:\program files (x86)\19567023-cd0c-4944-8fd6-55d34bb8638f
2015-06-17 01:24 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\globalUpdate
2015-06-17 01:24 . 2015-06-17 01:24 -------- d-----w- c:\users\P Balascak\AppData\Local\globalUpdate
2015-06-17 01:23 . 2015-06-17 01:37 -------- d-----w- c:\users\P Balascak\AppData\Roaming\WTools
2015-06-17 01:23 . 2015-06-17 01:30 -------- d-----w- c:\users\P Balascak\AppData\Roaming\Store
2015-06-17 01:19 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\Microsoft Toolkit Final
2015-06-17 01:07 . 2015-06-17 01:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-06-17 01:05 . 2015-06-17 01:06 -------- d-----w- c:\program files\Microsoft SQL Server
2015-06-17 01:05 . 2015-06-17 01:05 -------- d-----w- c:\windows\PCHEALTH
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-06-16 19:32 . 2015-06-17 01:05 -------- d-----w- c:\program files\Microsoft Office
2015-06-16 19:32 . 2015-06-17 02:02 -------- d-----w- c:\users\P Balascak\AppData\Local\Microsoft Help
2015-06-16 19:32 . 2015-06-24 14:00 -------- d-----w- c:\programdata\Microsoft Help
2015-06-16 19:31 . 2015-06-16 19:31 -------- d-----r- C:\MSOCache
2015-06-10 19:05 . 2015-06-10 19:07 3145728 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe
2015-06-10 19:05 . 2015-06-10 19:07 152576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\spectate.exe
2015-06-10 19:04 . 2015-01-28 17:59 1723904 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\SetupAoC.exe
2015-06-10 16:35 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 16:34 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-04 20:59 . 2015-06-04 21:01 -------- d-----w- c:\program files (x86)\CheckPoint
2015-06-04 20:58 . 2015-06-04 20:58 -------- d-----w- c:\programdata\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 14:20 . 2015-06-01 17:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 16:53 . 2015-01-12 11:49 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 16:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-13 13:39 . 2015-05-13 13:39 82432 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-05-13 13:39 . 2015-05-13 13:39 1275392 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-05-01 13:17 . 2015-05-14 10:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 10:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 20:50 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 20:50 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 20:50 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 20:50 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 20:50 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 08:37 . 2015-06-01 17:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2015-06-01 17:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2015-06-01 17:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 20:50 328704 ----a-w- c:\windows\system32\services.exe
2015-04-09 13:06 . 2015-04-09 13:06 44544 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-08 03:29 . 2015-05-13 20:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 20:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 20:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-04-23 1403224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS;c:\windows\SYSNATIVE\drivers\RT-USB64.SYS [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 09:16]
.
2015-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-12 09:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
.
**************************************************************************
.
Completion time: 2015-07-03 17:56:46 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-03 16:56
.
Pre-Run: 2,937,802,752 bytes free
Post-Run: 2,810,699,776 bytes free
.
- - End Of File - - 084FF20C04A678CC854F62F8B658D92F
A36C5E4F47E84449FF07ED3517B43A31
Re: Preventivna kontrola po vycisteni
Ano, CF maze, ale tez maze stopy po haveti Pouzivani utilit stylem pokus-omyl vetsinou ke zdarnemu konci nevede Tohle neni dobre, je tam kolize bezp. SW - odinstalujte ZoneAlarm a Spybot
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivna kontrola po vycisteni
Spybot sluzil len ako scan, nebol zapnuty aktivny stit ale oba spybot aj zone su prec
Log z Adw
# AdwCleaner v4.207 - Logfile created 04/07/2015 at 13:18:49
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : P Balascak - PBALASCAK-PC
# Running from : C:\Users\P Balascak\Desktop\adwcleaner_4.207.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\ControlThis Parental Control
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\20305d75-a2f8-445b-928a-dd3ba43ef8af
Key Deleted : HKLM\SOFTWARE\aaa54ccb-efdc-4cb3-8700-c3e79dc8fc7f
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{AA2C4D29-36C3-48AB-8A25-181CF7483597}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.130
*************************
AdwCleaner[R0].txt - [10490 bytes] - [01/06/2015 18:17:52]
AdwCleaner[R1].txt - [1259 bytes] - [01/06/2015 18:48:20]
AdwCleaner[R2].txt - [1071 bytes] - [01/06/2015 21:11:13]
AdwCleaner[R3].txt - [1131 bytes] - [03/06/2015 16:40:26]
AdwCleaner[R4].txt - [4695 bytes] - [17/06/2015 23:45:18]
AdwCleaner[R5].txt - [3041 bytes] - [03/07/2015 14:34:12]
AdwCleaner[R6].txt - [2230 bytes] - [04/07/2015 13:14:56]
AdwCleaner[S0].txt - [9890 bytes] - [01/06/2015 18:21:06]
AdwCleaner[S1].txt - [1200 bytes] - [03/06/2015 16:42:33]
AdwCleaner[S2].txt - [2135 bytes] - [04/07/2015 13:18:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2194 bytes] ##########
Log z Adw
# AdwCleaner v4.207 - Logfile created 04/07/2015 at 13:18:49
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : P Balascak - PBALASCAK-PC
# Running from : C:\Users\P Balascak\Desktop\adwcleaner_4.207.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\ControlThis Parental Control
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\20305d75-a2f8-445b-928a-dd3ba43ef8af
Key Deleted : HKLM\SOFTWARE\aaa54ccb-efdc-4cb3-8700-c3e79dc8fc7f
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{AA2C4D29-36C3-48AB-8A25-181CF7483597}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Google Chrome v43.0.2357.130
*************************
AdwCleaner[R0].txt - [10490 bytes] - [01/06/2015 18:17:52]
AdwCleaner[R1].txt - [1259 bytes] - [01/06/2015 18:48:20]
AdwCleaner[R2].txt - [1071 bytes] - [01/06/2015 21:11:13]
AdwCleaner[R3].txt - [1131 bytes] - [03/06/2015 16:40:26]
AdwCleaner[R4].txt - [4695 bytes] - [17/06/2015 23:45:18]
AdwCleaner[R5].txt - [3041 bytes] - [03/07/2015 14:34:12]
AdwCleaner[R6].txt - [2230 bytes] - [04/07/2015 13:14:56]
AdwCleaner[S0].txt - [9890 bytes] - [01/06/2015 18:21:06]
AdwCleaner[S1].txt - [1200 bytes] - [03/06/2015 16:42:33]
AdwCleaner[S2].txt - [2135 bytes] - [04/07/2015 13:18:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2194 bytes] ##########
Re: Preventivna kontrola po vycisteni
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files\KMSpico c:\programdata\2fc7ad4981e44e5e9cd938c744ee5bc0 c:\programdata\7c0535b143fc4671b6ebd202fbffe066 c:\program files (x86)\19567023-cd0c-4944-8fd6-55d34bb8638f c:\program files (x86)\globalUpdate c:\users\P Balascak\AppData\Local\globalUpdate Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"=- "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm"=- "iTunesHelper"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000000 File:: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivna kontrola po vycisteni
Tak log som urobil.
Ale bol neuveritelne dlhy, bolo tam obrovske mnozstvo tohto typu v Locked Registry Keys
len na konci za \Domains\..... boli odlisne web adresy, tie som vymazal a nechal len par prvych. vsetko ostatne je nedotknute.
urobil som to koli zbytocnemu zaberaniu priestoru tu na fore.
ComboFix 15-06-30.01 - P Balascak 05/07/2015 0:10.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2558 [GMT 1:00]
Running from: c:\users\P Balascak\Desktop\ComboFix.exe
Command switches used :: c:\users\P Balascak\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Files Created from 2015-06-04 to 2015-07-04 )))))))))))))))))))))))))))))))
.
.
2015-07-04 23:18 . 2015-07-04 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-04 00:06 . 2015-07-04 00:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\offreg.2368.dll
2015-07-03 22:22 . 2015-07-04 12:11 -------- d-----w- c:\users\P Balascak\AppData\Local\CrashDumps
2015-07-03 18:47 . 2015-07-03 18:47 -------- d-----w- c:\program files\iPod
2015-07-03 18:47 . 2015-07-03 18:48 -------- d-----w- c:\program files\iTunes
2015-07-03 18:47 . 2015-07-03 18:48 -------- d-----w- c:\program files (x86)\iTunes
2015-07-03 17:38 . 2015-07-03 17:38 -------- d-----w- C:\zoek
2015-07-03 16:59 . 2015-07-03 16:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\offreg.2160.dll
2015-07-03 14:30 . 2015-07-03 14:37 -------- d-----w- C:\FRST
2015-07-03 14:23 . 2015-07-03 21:10 -------- d-----w- c:\program files\trend micro
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- C:\rsit
2015-07-03 13:48 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\mpengine.dll
2015-07-03 13:44 . 2015-07-03 13:44 -------- d-----w- c:\program files\Microsoft.NET
2015-06-28 22:15 . 2015-07-03 18:47 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 21:35 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-06-28 21:34 . 2015-06-28 22:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-28 21:33 . 2015-06-28 21:33 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-06-28 21:32 . 2015-07-03 18:47 -------- d-----w- c:\program files\Common Files\Apple
2015-06-28 21:30 . 2015-06-28 21:30 -------- d-----w- c:\programdata\GridinSoft
2015-06-24 13:35 . 2015-06-24 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-06-17 22:48 . 2015-06-17 22:48 -------- d-----w- c:\users\P Balascak\AppData\Roaming\redsn0w
2015-06-17 01:25 . 2015-06-17 01:30 -------- d-----w- c:\program files (x86)\Opera
2015-06-17 01:19 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\Microsoft Toolkit Final
2015-06-17 01:07 . 2015-06-17 01:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-06-17 01:05 . 2015-06-17 01:06 -------- d-----w- c:\program files\Microsoft SQL Server
2015-06-17 01:05 . 2015-06-17 01:05 -------- d-----w- c:\windows\PCHEALTH
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-06-16 19:32 . 2015-06-17 01:05 -------- d-----w- c:\program files\Microsoft Office
2015-06-16 19:32 . 2015-06-17 02:02 -------- d-----w- c:\users\P Balascak\AppData\Local\Microsoft Help
2015-06-16 19:32 . 2015-06-24 14:00 -------- d-----w- c:\programdata\Microsoft Help
2015-06-16 19:31 . 2015-06-16 19:31 -------- d-----r- C:\MSOCache
2015-06-10 19:05 . 2015-06-10 19:07 3145728 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe
2015-06-10 19:05 . 2015-06-10 19:07 152576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\spectate.exe
2015-06-10 19:04 . 2015-01-28 17:59 1723904 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\SetupAoC.exe
2015-06-10 16:35 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 16:34 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 14:20 . 2015-06-01 17:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 16:53 . 2015-01-12 11:49 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 16:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-13 13:39 . 2015-05-13 13:39 82432 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-05-13 13:39 . 2015-05-13 13:39 1275392 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-05-01 13:17 . 2015-05-14 10:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 10:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 20:50 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 20:50 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 20:50 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 20:50 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 20:50 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 08:37 . 2015-06-01 17:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2015-06-01 17:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2015-06-01 17:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 20:50 328704 ----a-w- c:\windows\system32\services.exe
2015-04-09 13:06 . 2015-04-09 13:06 44544 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-08 03:29 . 2015-05-13 20:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 20:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 20:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS;c:\windows\SYSNATIVE\drivers\RT-USB64.SYS [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{3ee9d193-ab0b-47f1-a31c-cce4678679ce} - c:\programdata\Package Cache\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}\GarminExpressInstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com]
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2015-07-05 00:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-04 23:30
ComboFix2.txt 2015-07-04 22:54
ComboFix3.txt 2015-07-03 16:56
.
Pre-Run: 4,547,108,864 bytes free
Post-Run: 4,471,009,280 bytes free
.
- - End Of File - - 48BEBE4073053202CAE7757F21FC15B9
A36C5E4F47E84449FF07ED3517B43A31
Edit: V tych domenach boli vselijake kasina porno stranky a ine podobne stranky tochto typu.
uplny subor sa pokusim dat sem ak sa mi to podari, ozaj odkial sa to vsetko tam nabralo?
Ale bol neuveritelne dlhy, bolo tam obrovske mnozstvo tohto typu v Locked Registry Keys
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
@DACL=(02 0000)
"*"=dword:00000004
len na konci za \Domains\..... boli odlisne web adresy, tie som vymazal a nechal len par prvych. vsetko ostatne je nedotknute.
urobil som to koli zbytocnemu zaberaniu priestoru tu na fore.
ComboFix 15-06-30.01 - P Balascak 05/07/2015 0:10.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.2558 [GMT 1:00]
Running from: c:\users\P Balascak\Desktop\ComboFix.exe
Command switches used :: c:\users\P Balascak\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Files Created from 2015-06-04 to 2015-07-04 )))))))))))))))))))))))))))))))
.
.
2015-07-04 23:18 . 2015-07-04 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-04 00:06 . 2015-07-04 00:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\offreg.2368.dll
2015-07-03 22:22 . 2015-07-04 12:11 -------- d-----w- c:\users\P Balascak\AppData\Local\CrashDumps
2015-07-03 18:47 . 2015-07-03 18:47 -------- d-----w- c:\program files\iPod
2015-07-03 18:47 . 2015-07-03 18:48 -------- d-----w- c:\program files\iTunes
2015-07-03 18:47 . 2015-07-03 18:48 -------- d-----w- c:\program files (x86)\iTunes
2015-07-03 17:38 . 2015-07-03 17:38 -------- d-----w- C:\zoek
2015-07-03 16:59 . 2015-07-03 16:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\offreg.2160.dll
2015-07-03 14:30 . 2015-07-03 14:37 -------- d-----w- C:\FRST
2015-07-03 14:23 . 2015-07-03 21:10 -------- d-----w- c:\program files\trend micro
2015-07-03 14:23 . 2015-07-03 14:23 -------- d-----w- C:\rsit
2015-07-03 13:48 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18E02D33-5A27-4742-BC82-01D05FEDD8AB}\mpengine.dll
2015-07-03 13:44 . 2015-07-03 13:44 -------- d-----w- c:\program files\Microsoft.NET
2015-06-28 22:15 . 2015-07-03 18:47 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-28 21:35 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-06-28 21:34 . 2015-06-28 22:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-28 21:33 . 2015-06-28 21:33 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-06-28 21:32 . 2015-07-03 18:47 -------- d-----w- c:\program files\Common Files\Apple
2015-06-28 21:30 . 2015-06-28 21:30 -------- d-----w- c:\programdata\GridinSoft
2015-06-24 13:35 . 2015-06-24 13:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2015-06-21 12:26 . 2015-06-21 12:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-06-17 22:48 . 2015-06-17 22:48 -------- d-----w- c:\users\P Balascak\AppData\Roaming\redsn0w
2015-06-17 01:25 . 2015-06-17 01:30 -------- d-----w- c:\program files (x86)\Opera
2015-06-17 01:19 . 2015-06-17 23:38 -------- d-----w- c:\program files (x86)\Microsoft Toolkit Final
2015-06-17 01:07 . 2015-06-17 01:07 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-06-17 01:06 . 2015-06-17 01:06 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-06-17 01:05 . 2015-06-17 01:06 -------- d-----w- c:\program files\Microsoft SQL Server
2015-06-17 01:05 . 2015-06-17 01:05 -------- d-----w- c:\windows\PCHEALTH
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-06-17 01:01 . 2015-06-17 01:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-06-16 19:32 . 2015-06-17 01:05 -------- d-----w- c:\program files\Microsoft Office
2015-06-16 19:32 . 2015-06-17 02:02 -------- d-----w- c:\users\P Balascak\AppData\Local\Microsoft Help
2015-06-16 19:32 . 2015-06-24 14:00 -------- d-----w- c:\programdata\Microsoft Help
2015-06-16 19:31 . 2015-06-16 19:31 -------- d-----r- C:\MSOCache
2015-06-10 19:05 . 2015-06-10 19:07 3145728 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe
2015-06-10 19:05 . 2015-06-10 19:07 152576 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\age2_x1\spectate.exe
2015-06-10 19:04 . 2015-01-28 17:59 1723904 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires II\SetupAoC.exe
2015-06-10 16:35 . 2015-05-22 19:12 10949120 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-06-10 16:34 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 14:20 . 2015-06-01 17:37 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 16:53 . 2015-01-12 11:49 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 16:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-13 13:39 . 2015-05-13 13:39 82432 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-05-13 13:39 . 2015-05-13 13:39 1275392 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-05-01 13:17 . 2015-05-14 10:12 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 10:12 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 20:50 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 20:50 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 20:50 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 20:50 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 20:50 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-14 08:37 . 2015-06-01 17:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2015-06-01 17:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2015-06-01 17:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-13 03:28 . 2015-05-13 20:50 328704 ----a-w- c:\windows\system32\services.exe
2015-04-09 13:06 . 2015-04-09 13:06 44544 ----a-w- c:\users\P Balascak\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-08 03:29 . 2015-05-13 20:49 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 20:49 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 20:49 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB64.SYS;c:\windows\SYSNATIVE\drivers\RT-USB64.SYS [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{3ee9d193-ab0b-47f1-a31c-cce4678679ce} - c:\programdata\Package Cache\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}\GarminExpressInstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com]
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2015-07-05 00:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-04 23:30
ComboFix2.txt 2015-07-04 22:54
ComboFix3.txt 2015-07-03 16:56
.
Pre-Run: 4,547,108,864 bytes free
Post-Run: 4,471,009,280 bytes free
.
- - End Of File - - 48BEBE4073053202CAE7757F21FC15B9
A36C5E4F47E84449FF07ED3517B43A31
Edit: V tych domenach boli vselijake kasina porno stranky a ine podobne stranky tochto typu.
uplny subor sa pokusim dat sem ak sa mi to podari, ozaj odkial sa to vsetko tam nabralo?
Re: Preventivna kontrola po vycisteni
Urobil som este scan z Malvarebytes, ale nic nenaslo
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05/07/2015
Scan Time: 01:14
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.04.04
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: P Balascak
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366403
Time Elapsed: 21 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 05/07/2015
Scan Time: 01:14
Logfile:
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.04.04
Rootkit Database: v2015.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: P Balascak
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366403
Time Elapsed: 21 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Preventivna kontrola po vycisteni
Mam sto chuti se na leceni vykaslat...Kdo rikal ze mate delat MBAM?? Proc ty radky odmazavate? staci to dat do prilohy jak jste udelal a ja se na to podivam...Takhle se muzu jen vestit co jeste na pozadi si delate...
Predtim sjte si taky sam lecil a ja ted jen dohledavam jak vubec a co jste delal...Takhle se tady spolupracovat neda...
Predtim sjte si taky sam lecil a ja ted jen dohledavam jak vubec a co jste delal...Takhle se tady spolupracovat neda...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?