Vytváření zástupců na flash disku

Zpráva

arya88 · #1 Příspěvek od **arya88** » 02 led 2016 23:09

Zdravím všechny, před Vánocema jsem nutně potřebovala upravit jeden obrázek, nenapadlo mě nic chytřejšího než si stáhnout cracklý Photoshop. Tipuji, že mi zaviroval PC. Když jsem obrázek přetáhla na Flash disk, tak se mi po několika vteřinách vytvořil i jeho zástupce. Při odebrání Flash disku hlavní soubor zmizel a zůstal tam jen ten zástupce. Zkoušela jsem druhý flash disk, ale problém nastal znovu a to i u jiných souborů. Prosím o jakoukoliv radu, co jde s tímto problémem dělat. Posílám log z RSIT. Podotýkám, že jsem Photoshop odinstalovala, protože crack stejně nefungoval (přesto se v PC nadále někde nachází).

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lucka at 2016-01-02 22:52:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 26 GB (27%) free of 96 GB
Total RAM: 2038 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:12, on 2.1.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\trend micro\Lucka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncrlvbirSrv] C:\Windows\inf\mncrlvbir.vbe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack] wscript.exe //B "C:\Users\Lucka\AppData\Local\Temp\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs"
O4 - Startup: Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Lucka\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Lucka\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: PicexaService - Taiwan Shui Mu Chih Ching Technology Limited - C:\Program Files (x86)\Picexa\PicexaSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8401 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Picexa\PicexaSvc.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {57328AB2-DE89-4327-B0F7-E82D252FEF91}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files\Serviio\bin\ServiioService.exe"
"C:\Program Files\Serviio\bin\ServiioService.exe" Serviio __i4j_restart
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\wscript.exe" //B "C:\Users\Lucka\AppData\Local\Temp\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs"
"C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
"C:\Windows\System32\WScript.exe" "C:\Windows\inf\mncrlvbir.vbe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
"C:\Users\Lucka\Desktop\RSITx64.exe"
taskeng.exe {23DC4163-243E-470E-8FE3-CA0B2DE92E3B}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.267 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.267 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-27 545264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-27 193520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack"=wscript.exe //B C:\Users\Lucka\AppData\Local\Temp\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"=C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe [2009-04-10 417792]
"MSStp"=C:\Windows\system32\msstp.vbe []
"mncrlvbirSrv"=C:\Windows\inf\mncrlvbir.vbe [2014-01-19 1342]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Nike+ Connect"=C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [2015-10-10 71680]

C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2016-01-02 22:42:48 ----D---- C:\rsit
2016-01-02 22:42:48 ----D---- C:\Program Files\trend micro
2016-01-02 22:25:03 ----SHD---- C:\$RECYCLE.BIN
2016-01-02 22:09:42 ----A---- C:\Windows\zip.exe
2016-01-02 22:09:42 ----A---- C:\Windows\SWSC.exe
2016-01-02 22:09:42 ----A---- C:\Windows\SWREG.exe
2016-01-02 22:09:42 ----A---- C:\Windows\sed.exe
2016-01-02 22:09:42 ----A---- C:\Windows\PEV.exe
2016-01-02 22:09:42 ----A---- C:\Windows\NIRCMD.exe
2016-01-02 22:09:42 ----A---- C:\Windows\MBR.exe
2016-01-02 22:09:42 ----A---- C:\Windows\grep.exe
2016-01-02 22:07:48 ----D---- C:\Qoobox
2016-01-02 22:07:09 ----D---- C:\Windows\erdnt
2015-12-16 21:03:34 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-16 21:03:34 ----A---- C:\Windows\system32\wshrm.dll
2015-12-16 21:03:34 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-16 21:03:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-12-16 21:03:29 ----A---- C:\Windows\system32\tzres.dll
2015-12-16 21:03:05 ----A---- C:\Windows\SYSWOW64\usp10.dll
2015-12-16 21:03:05 ----A---- C:\Windows\system32\usp10.dll
2015-12-16 21:03:01 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-16 21:03:01 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-16 21:03:01 ----A---- C:\Windows\system32\wuapi.dll
2015-12-16 21:03:00 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-16 21:03:00 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-16 21:03:00 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wups2.dll
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wups.dll
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wudriver.dll
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wucltux.dll
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-16 21:03:00 ----A---- C:\Windows\system32\wuapp.exe
2015-12-16 21:03:00 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-12-16 21:02:59 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-16 21:02:59 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-16 21:02:45 ----A---- C:\Windows\system32\DWrite.dll
2015-12-16 21:02:44 ----A---- C:\Windows\system32\win32k.sys
2015-12-16 21:02:43 ----A---- C:\Windows\system32\FntCache.dll
2015-12-16 21:02:42 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-16 21:02:41 ----A---- C:\Windows\system32\user32.dll
2015-12-16 21:02:38 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-16 21:02:30 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-16 21:02:30 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-16 21:02:29 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-16 21:02:29 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-16 21:00:59 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-12-16 21:00:59 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-12-16 21:00:59 ----A---- C:\Windows\system32\iertutil.dll
2015-12-16 21:00:59 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-12-16 21:00:59 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-12-16 21:00:58 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-12-16 21:00:58 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-16 21:00:57 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-12-16 21:00:57 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-16 21:00:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-16 21:00:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-16 21:00:56 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-12-16 21:00:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-16 21:00:56 ----A---- C:\Windows\system32\iernonce.dll
2015-12-16 21:00:56 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-16 21:00:55 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-16 21:00:55 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-16 21:00:55 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-16 21:00:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-16 21:00:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-12-16 21:00:51 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-16 21:00:51 ----A---- C:\Windows\system32\occache.dll
2015-12-16 21:00:51 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-16 21:00:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-12-16 21:00:50 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-12-16 21:00:50 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-16 21:00:50 ----A---- C:\Windows\system32\urlmon.dll
2015-12-16 21:00:50 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-12-16 21:00:49 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-12-16 21:00:49 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-16 21:00:49 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-16 21:00:48 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-16 21:00:48 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-16 21:00:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-16 21:00:45 ----A---- C:\Windows\system32\iesetup.dll
2015-12-16 21:00:45 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-16 21:00:43 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-16 21:00:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-12-16 21:00:43 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-12-16 21:00:43 ----A---- C:\Windows\system32\vbscript.dll
2015-12-16 21:00:42 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-16 21:00:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-16 21:00:41 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-12-16 21:00:41 ----A---- C:\Windows\system32\jsproxy.dll
2015-12-16 21:00:39 ----A---- C:\Windows\system32\ieui.dll
2015-12-16 21:00:39 ----A---- C:\Windows\system32\dxtmsft.dll
2015-12-16 21:00:38 ----A---- C:\Windows\system32\ieframe.dll
2015-12-16 21:00:37 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-16 21:00:36 ----A---- C:\Windows\system32\webcheck.dll
2015-12-16 21:00:36 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-12-16 21:00:36 ----A---- C:\Windows\system32\ieUnatt.exe
2015-12-16 21:00:35 ----A---- C:\Windows\system32\jscript9diag.dll
2015-12-16 21:00:35 ----A---- C:\Windows\system32\jscript.dll
2015-12-16 21:00:33 ----A---- C:\Windows\system32\wininet.dll
2015-12-16 21:00:33 ----A---- C:\Windows\system32\jscript9.dll
2015-12-16 21:00:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-12-16 21:00:29 ----A---- C:\Windows\system32\msrating.dll
2015-12-16 21:00:26 ----A---- C:\Windows\system32\mshtml.dll
2015-12-16 20:58:49 ----A---- C:\Windows\system32\els.dll
2015-12-16 20:58:48 ----A---- C:\Windows\SYSWOW64\els.dll
2015-12-06 17:06:31 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2015-12-06 16:57:18 ----D---- C:\Program Files\Common Files\Adobe
2015-12-06 16:55:52 ----D---- C:\Program Files (x86)\Adobe Media Player
2015-12-03 17:50:59 ----D---- C:\ProgramData\Malwarebytes
2015-12-03 08:39:14 ----N---- C:\bootsqm.dat

======List of files/folders modified in the last 1 month======

2016-01-02 22:50:52 ----D---- C:\Windows\Temp
2016-01-02 22:50:51 ----D---- C:\Program Files (x86)\Picexa
2016-01-02 22:50:16 ----D---- C:\Config.Msi
2016-01-02 22:49:35 ----D---- C:\Windows\system32\config
2016-01-02 22:42:48 ----RD---- C:\Program Files
2016-01-02 22:24:32 ----D---- C:\Windows\Microsoft.NET
2016-01-02 22:23:58 ----SHD---- C:\System Volume Information
2016-01-02 22:19:36 ----D---- C:\Windows
2016-01-02 22:19:36 ----A---- C:\Windows\system.ini
2016-01-02 22:16:12 ----D---- C:\Windows\SYSWOW64\drivers
2016-01-02 22:16:12 ----D---- C:\Windows\SysWOW64
2016-01-02 22:16:12 ----D---- C:\Windows\AppPatch
2016-01-02 22:16:11 ----D---- C:\Program Files (x86)\Common Files
2016-01-02 22:09:30 ----SHD---- C:\Windows\Installer
2016-01-02 22:09:23 ----RD---- C:\Program Files (x86)
2016-01-02 22:09:23 ----D---- C:\Windows\system32\drivers
2016-01-02 21:51:06 ----D---- C:\ProgramData\Adobe
2016-01-02 21:50:23 ----D---- C:\Program Files (x86)\Adobe
2016-01-02 18:24:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-02 18:19:49 ----D---- C:\Windows\System32
2016-01-02 18:19:49 ----D---- C:\Windows\inf
2016-01-02 18:19:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-22 16:05:48 ----RSD---- C:\Windows\assembly
2015-12-21 08:59:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-12-21 08:49:47 ----D---- C:\Windows\winsxs
2015-12-21 08:49:09 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-21 08:49:09 ----SD---- C:\Windows\system32\GWX
2015-12-18 15:54:25 ----D---- C:\Windows\system32\catroot2
2015-12-18 15:06:53 ----D---- C:\Windows\system32\MRT
2015-12-18 15:00:28 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-18 15:00:28 ----D---- C:\Windows\system32\cs-CZ
2015-12-18 15:00:25 ----D---- C:\Windows\ehome
2015-12-18 15:00:22 ----D---- C:\Program Files\Internet Explorer
2015-12-18 15:00:20 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-18 15:00:19 ----D---- C:\Windows\system32\en-US
2015-12-18 15:00:17 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-18 12:52:35 ----D---- C:\ProgramData\Microsoft Help
2015-12-18 12:49:36 ----SD---- C:\Users\Lucka\AppData\Roaming\Microsoft
2015-12-18 12:40:16 ----D---- C:\Program Files\Microsoft Silverlight
2015-12-18 12:40:16 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-12-17 23:03:33 ----D---- C:\Windows\debug
2015-12-17 23:03:00 ----A---- C:\Windows\system32\MRT.exe
2015-12-10 08:49:51 ----RSD---- C:\Windows\Fonts
2015-12-09 04:39:31 ----N---- C:\Windows\system32\MpSigStub.exe
2015-12-06 17:16:48 ----D---- C:\Users\Lucka\AppData\Roaming\Adobe
2015-12-06 17:11:38 ----D---- C:\Windows\system32\Tasks
2015-12-06 17:06:31 ----D---- C:\ProgramData
2015-12-06 16:57:18 ----D---- C:\Program Files\Common Files
2015-12-03 20:56:57 ----D---- C:\Windows\Tasks
2015-12-03 19:46:48 ----D---- C:\Windows\system32\wfp
2015-12-03 19:46:48 ----D---- C:\Windows\system32\DriverStore
2015-12-03 19:46:47 ----D---- C:\Windows\system32\wbem
2015-12-03 19:46:47 ----D---- C:\Windows\system32\log
2015-12-03 19:46:47 ----D---- C:\ProgramData\AutoKMS
2015-12-03 19:46:16 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2010-11-29 82224]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-01-25 283064]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 NETwLv64; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETwLv64.sys [2000-01-01 7533568]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2011-08-05 292024]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2010-11-11 50864]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2011-07-12 19904]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2010-08-30 94528]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2009-04-10 20520]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2000-01-01 63264]
S3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys [2000-01-01 49696]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2000-01-01 65536]
R2 PicexaService;PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [2015-09-14 722400]
R2 Serviio;Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [2014-03-21 359936]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02 269504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-01-06 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-08 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-09-03 149160]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-23 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 03 led 2016 00:26

Krasny den Vam preju

Ohledne ComboFixu si prosim prectete pravidla fora (bod c. 3) - http://forum.viry.cz/viewtopic.php?f=12&t=5601

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

arya88 · #3 Příspěvek od **arya88** » 03 led 2016 09:44

Diky, posílám log.

# AdwCleaner v5.027 - Logfile created 03/01/2016 at 09:41:15
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucka - LUCKA-PC
# Running from : C:\Users\Lucka\Desktop\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : PicexaService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Elex-tech
[-] Folder Deleted : C:\Program Files (x86)\Picexa
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\Users\Lucka\AppData\Roaming\eCyber
[-] Folder Deleted : C:\Users\Lucka\AppData\Roaming\Elex-tech
[-] Folder Deleted : C:\Users\Lucka\AppData\Roaming\Picexa Viewer

***** [ Files ] *****

[-] File Deleted : C:\Users\Lucka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update RightSurf
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2159D33-3CE2-401B-8967-1B270628A311}
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystarttb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Internet Speed Checker
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Internet Speed Checker
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

***** [ Web browsers ] *****

[-] [C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[-] [C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "istartsurf");
[-] [C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4074 bytes] ##########

#4 Příspěvek od **altrok** » 03 led 2016 12:10

Stahnete a spustte http://www.fosshub.com/UsbFix.html
kliknete na Clean, vlozte nakazenou flashku do PC a kliknete na OK
pri dotazu na asistenci kliknete na No
upozorneni na ukonceni procesu - OK
obsah prave vytvoreneho logu vlozte do pristiho prispevku

arya88 · #5 Příspěvek od **arya88** » 03 led 2016 13:30

Byly vloženy dva Flash disky.

############################## | UsbFix V 8.178 | [Clean]

User: Lucka (Administrator) # LUCKA-PC
Updated 03/01/2016 by SosVirus
Started at 13:23:48 | 03/01/2016

Website : http://www.en.usbfix.net/
Tutorial : http://www.pt.usbfix.net/2014/03/tutorial-do-usbfix-scan/
Support : http://www.sos-virus.net/
Live detection : http://how-to-remove.us/
Contact : http://www.en.usbfix.net/contact/

################## | System information |

MB: TOSHIBA (Satellite A300)
CPU: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
GC: Mobile Intel(R) 965 Express Chipset Family
RAM -> [Total : 2038 Mo | Free : 1223 Mo]
Bios: TOSHIBA
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Mozilla Firefox : 40.0.3

################## | Security Information |

AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 94 Gb (25 Gb free - 27%) [] # NTFS
D:\ -> Fixed disk # 91 Gb (78 Gb free - 86%) [] # NTFS
F:\ -> Removable disk # 124 Mb (26 Mb free - 21%) [USB] # FAT32
G:\ -> Removable disk # 2 Gb (2 Gb free - 100%) [] # FAT

################## | Generic Research |

Deleted! C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
Deleted! C:\Windows\inf\mncrlvbir.vbe
Deleted! F:\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
Deleted! G:\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
Deleted! F:\.lnk
Deleted! F:\Recycled.lnk
Deleted! F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008).lnk
Deleted! F:\nominacni-kriteria-cas-2016.lnk
Deleted! G:\.lnk
Deleted! G:\CupounKey9223490064.lnk
Deleted! G:\CupounKey7929199829.lnk
Deleted! G:\CupounKey5733222812.lnk
Deleted! G:\Lukáš.lnk
Deleted! C:\Users\Lucka\AppData\Local\Temp\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
Deleted! C:\Users\Lucka\Desktop\Různé\Adobe-Photoshop-CC-2015-(20150529-r-88)-(32+64Bit)-+-Crack\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
Deleted! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack
Restored! [N] F:\.picasa.ini
Restored! [D] F:\Recycled
Restored! [D] F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)
Restored! [N] F:\nominacni-kriteria-cas-2016.doc
Restored! [N] G:\.picasa.ini
Restored! [N] G:\CupounKey9223490064.pdf
Restored! [N] G:\CupounKey7929199829.pdf
Restored! [N] G:\CupounKey5733222812.pdf
Restored! [N] G:\Lukáš.pdf

(!) Temporary files deleted. (19.6522760391235 MB)

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKLM\..\Run : [Camera Assistant Software] "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
04 - HKLM\..\Run : [MSStp] C:\Windows\system32\msstp.vbe
04 - HKLM\..\Run : [mncrlvbirSrv] C:\Windows\inf\mncrlvbir.vbe
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKU\S-1-5-21-1216875980-2627076857-155479890-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

################## | UsbFix - Information |

Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?
Live detection : http://how-to-remove.us/

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[02/01/2016 - 22:24:56 | A | 24 Ko] - C:\ComboFix.txt
[03/01/2016 - 09:42:27 | ASH | 1565512 Ko] - C:\hiberfil.sys
[03/01/2016 - 09:42:49 | ASH | 2087352 Ko] - C:\pagefile.sys
[02/01/2016 - 22:50:16 | D] - C:\Config.Msi
[20/01/2014 - 17:43:09 | N | 0 Ko] - C:\win7.ld
[06/07/2015 - 08:59:04 | A | 0 Ko] - C:\ftconfig.ini
[03/01/2016 - 09:43:35 | A | 0 Ko] - C:\.dir
[03/12/2015 - 08:39:14 | N | 3 Ko] - C:\bootsqm.dat
[02/01/2016 - 22:25:03 | SHD] - C:\$RECYCLE.BIN
[30/07/2015 - 16:29:33 | A | 0 Ko] - C:\autoexec.bat
[20/01/2014 - 17:33:32 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[03/09/2015 - 21:08:15 | D] - C:\$Windows.~BT
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - C:\bootmgr
[20/01/2014 - 17:43:04 | D] - C:\Recovery
[20/01/2014 - 17:43:08 | N | 199 Ko] - C:\grldr
[20/01/2014 - 17:43:48 | RD] - C:\Users
[25/01/2014 - 14:29:59 | RD] - C:\MSOCache
[25/01/2014 - 20:24:25 | D] - C:\MATS
[04/09/2014 - 11:09:19 | D] - C:\15d65b3dae626c189960231dbd00
[18/10/2014 - 09:09:29 | D] - C:\0f8957f8e5b1e60fad66677478f7d697
[07/01/2015 - 14:59:05 | D] - C:\Intel
[12/02/2015 - 10:51:20 | D] - C:\c02f2cf8d70ead5b75
[15/03/2015 - 17:49:19 | D] - C:\Boot
[20/05/2015 - 21:50:21 | D] - C:\1bae4e64ace7f5bb7d48386f
[20/05/2015 - 22:50:48 | D] - C:\c86db9240a731e3876
[22/09/2015 - 12:12:57 | D] - C:\a39d1f0b3ef61f0a596f38ec
[06/12/2015 - 17:06:31 | D] - C:\ProgramData
[02/01/2016 - 22:19:36 | D] - C:\Windows
[02/01/2016 - 22:24:59 | D] - C:\Qoobox
[02/01/2016 - 22:42:48 | RD] - C:\Program Files
[02/01/2016 - 22:42:54 | D] - C:\rsit
[03/01/2016 - 09:41:17 | D] - C:\AdwCleaner
[03/01/2016 - 09:41:25 | RD] - C:\Program Files (x86)
[03/01/2016 - 13:23:14 | D] - C:\UsbFix

################## | D:\ - Fixed drive (NTFS) |

[21/11/2015 - 11:30:19 | A | 6604 Ko] - D:\ccsetup511.exe
[14/03/2015 - 19:50:23 | D] - D:\$RECYCLE.BIN
[15/03/2015 - 19:05:56 | RA | 1 Ko] - D:\MediaID.bin
[12/11/2014 - 23:18:33 | D] - D:\7fdd42b8e8667090ac5a22e5c741ff94
[14/03/2015 - 20:11:57 | D] - D:\Fotky
[19/12/2015 - 12:41:18 | D] - D:\d85a04c55e151777ae

################## | F:\ - Removable drive (FAT32) |

[24/11/2010 - 21:39:06 | N | 0 Ko] - F:\.picasa.ini
[21/11/2007 - 08:49:48 | D] - F:\Recycled
[22/11/2015 - 09:02:48 | D] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)
[16/12/2015 - 20:06:48 | N | 451 Ko] - F:\nominacni-kriteria-cas-2016.doc
[19/02/2015 - 15:31:36 | ASH | 0 Ko] - F:\Recycled\INFO2
[19/02/2015 - 15:31:36 | SH | 0 Ko] - F:\Recycled\desktop.ini
[18/08/2010 - 22:22:10 | A | 3153 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\01 V.SODOMA - Zavolejte na ni Sady.mp3
[04/09/2012 - 15:58:02 | A | 3460 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\02 J.SCHELINGER - Delam hu.mp3
[04/09/2012 - 15:55:00 | A | 4089 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\03 V.SODOMA - Jezek se ma.mp3
[18/08/2010 - 22:23:04 | A | 4347 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\04 V.SODOMA - Vodotesna ponorka.mp3
[18/08/2010 - 22:23:18 | A | 3045 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\05 J.SCHELINGER - Coz takle dat si spenat.mp3
[18/08/2010 - 22:23:46 | A | 4312 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\06 V.SODOMA - Tygr z Indie.mp3
[18/08/2010 - 22:24:02 | A | 4910 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\07 J.SCHELINGER - Leto s tebou.mp3
[18/08/2010 - 22:24:16 | A | 3298 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\08 V.SODOMA - Zarlivy kakadu.mp3
[18/08/2010 - 22:24:32 | A | 4543 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\09 J.SCHELINGER - Pravi muzi zkuseni.mp3
[18/08/2010 - 22:24:46 | A | 4187 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\10 F.R.CECH - Ja uz jdu.mp3
[18/08/2010 - 22:25:04 | A | 4883 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\11 J.SCHELINGER - Svihak lazensky.mp3
[18/08/2010 - 22:25:20 | A | 2614 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\12 V.SODOMA - Trpaslici travou jdou.mp3
[18/08/2010 - 22:25:36 | A | 4037 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\13 J.SCHELINGER - Lupic Willy.mp3
[18/08/2010 - 22:25:54 | A | 3971 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\14 V.SPINAROVA - Raketou na Mars.mp3
[18/08/2010 - 22:26:08 | A | 5508 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\15 J.SCHELINGER - Jsem pry blezen jen.mp3
[18/08/2010 - 23:22:58 | A | 6402 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\16 F.R.CECH - Prazakum tem je tu hej.mp3
[18/08/2010 - 22:26:40 | A | 4103 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\17 CECH,SALAVA,VAGNER - Ole, ole, ole ole.mp3
[18/08/2010 - 22:26:56 | A | 4517 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\18 J.SCHELINGER - Jahody mrazeny.mp3
[18/08/2010 - 22:27:16 | A | 5261 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\19 J.SCHELINGER - Sim-sala-bim.mp3
[18/08/2010 - 22:27:30 | A | 4323 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\20 V.SODOMA - Parni stroj.mp3
[18/08/2010 - 22:34:36 | A | 3144 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\21 F.R.CECH - Pisen o Americe.mp3
[18/08/2010 - 22:54:16 | A | 3911 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\22 Pernikova chaloupka.MP3
[18/08/2010 - 22:55:36 | A | 1983 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\23 Zazpivam si Ratata.MP3
[18/08/2010 - 22:56:16 | A | 2537 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\24 Parni stroj.MP3
[18/08/2010 - 22:56:42 | A | 2260 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\25 Kocour Ciro.MP3
[10/06/2010 - 11:27:52 | A | 155 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera_back.jpg
[10/06/2010 - 11:23:24 | A | 472 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera_front.jpg
[21/12/2014 - 19:28:02 | ASH | 6 Ko] - F:\CECH FRANTISEK RINGO - Ja jsem basnik, mistr pera (CZ 2008)\Thumbs.db

################## | G:\ - Removable drive (FAT) |

[06/11/2012 - 11:41:26 | N | 0 Ko] - G:\.picasa.ini
[16/12/2014 - 15:22:44 | N | 354 Ko] - G:\CupounKey9223490064.pdf
[16/12/2014 - 15:22:54 | N | 355 Ko] - G:\CupounKey7929199829.pdf
[16/12/2014 - 15:22:56 | N | 355 Ko] - G:\CupounKey5733222812.pdf
[16/12/2014 - 15:30:52 | N | 108 Ko] - G:\Lukáš.pdf

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

Analysed in 333.4 seconds

################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

#6 Příspěvek od **altrok** » 03 led 2016 13:44

Vlozte obsah logu, ktery je ulozen v C:\ComboFix.txt

arya88 · #7 Příspěvek od **arya88** » 03 led 2016 13:46

ComboFix 16-01-01.01 - Lucka 02.01.2016 22:11:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.767 [GMT 1:00]
Spuštěný z: c:\users\Lucka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 21:19 . 2016-01-02 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-02 20:47 . 2015-12-03 14:27 51880 --sha-w- c:\users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
2015-12-16 20:02 . 2015-11-20 18:54 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-12-16 20:02 . 2015-11-20 18:34 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-12-16 20:02 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-12-16 20:02 . 2015-11-10 17:47 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-12-16 20:02 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-12-16 20:02 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-16 20:02 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
2015-12-16 20:02 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-12-16 20:02 . 2015-11-11 18:53 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-16 20:02 . 2015-11-11 18:53 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-16 20:02 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-12-16 20:02 . 2015-11-11 18:39 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-12-16 19:58 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2015-12-16 19:58 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-12-06 16:06 . 2015-12-06 16:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-12-06 15:57 . 2016-01-02 20:49 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-06 15:55 . 2015-12-06 15:55 -------- d-----w- c:\program files (x86)\Adobe Media Player
2015-12-06 15:51 . 2015-12-06 15:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 17:24 . 2014-01-20 18:34 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-02 17:24 . 2014-01-20 18:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-17 22:03 . 2014-01-22 23:56 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-12-09 03:39 . 2014-01-20 18:02 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-10-29 17:50 . 2015-11-15 16:32 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-15 16:32 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-15 16:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-15 16:32 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-15 16:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-15 16:32 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-15 16:32 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-15 16:32 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-15 16:32 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-15 16:32 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-15 16:32 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-15 16:32 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-15 16:32 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-15 16:32 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-15 16:32 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-15 16:32 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-20 01:12 . 2015-11-15 16:33 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-15 16:33 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-15 16:33 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-15 16:33 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-15 16:33 243712 ----a-w- c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-15 16:33 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-15 16:33 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-15 16:33 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-15 16:33 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-15 16:33 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-15 16:33 503808 ----a-w- c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-15 16:33 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-15 16:33 50176 ----a-w- c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-15 16:33 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 28160 ----a-w- c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-15 16:33 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-15 16:33 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-15 16:33 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-15 16:33 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-15 16:33 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-15 16:33 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-15 16:33 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-15 16:33 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-15 16:33 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-15 16:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 22016 ----a-w- c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-15 16:33 112640 ----a-w- c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-15 16:33 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-15 16:33 31232 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-15 16:33 338432 ----a-w- c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-15 16:33 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-15 16:33 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-15 16:33 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-15 16:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-20 00:52 . 2015-11-15 16:33 3991488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-15 16:33 3935680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-15 16:33 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-15 16:33 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-15 16:33 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-15 16:33 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-15 16:33 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-15 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-15 16:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-15 16:33 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-15 16:33 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-15 16:33 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-15 16:33 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-15 16:33 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-15 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-15 16:33 25600 ----a-w- c:\windows\SysWow64\setup16.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack"="wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"MSStp"="c:\windows\system32\msstp.vbe" [2014-01-19 1419]
"mncrlvbirSrv"="c:\windows\inf\mncrlvbir.vbe" [2014-01-19 1342]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Nike+ Connect"="c:\program files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2015-10-09 71680]
.
c:\users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs [2015-12-3 51880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 PicexaService;PicexaService;c:\program files (x86)\Picexa\PicexaSvc.exe;c:\program files (x86)\Picexa\PicexaSvc.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 NETwLv64; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwLv64.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NSAK_C97AD0E0
*Deregistered* - NisDrv
*Deregistered* - nsak_C97AD0E0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-11-18 16:22 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-20 17:24]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 14:35]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 14:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1431086483&z=6ad4834e4c13130f76c48e5g5zcc5gceabfq2zcbfc&from=wpm05083&uid=TOSHIBAXMK2046GSX_48Q7P1GMTXX48Q7P1GMT&q={searchTerms}
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1420658749&from=cvs&uid=TOSHIBAXMK2046GSX_48Q7P1GMTXX48Q7P1GMT&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1420658749&from=cvs&uid=TOSHIBAXMK2046GSX_48Q7P1GMTXX48Q7P1GMT&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - hxxps://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{1F91A9A1-01BA-4c81-863D-3BA0751E1419} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-01-02 22:24:55
ComboFix-quarantined-files.txt 2016-01-02 21:24
.
Před spuštěním: Volných bajtů: 26 626 478 080
Po spuštění: Volných bajtů: 26 941 485 056
.
- - End Of File - - F85CBE95D55021C177432CE28BAEACB7
A36C5E4F47E84449FF07ED3517B43A31

#8 Příspěvek od **altrok** » 03 led 2016 20:03

Pokud jeste nemate, presunte ComboFix na plochu.

Otevrete Poznamkovy blok (Start -> Spustit -> notepad)

zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MSStp"=-
"mncrlvbirSrv"=-
"GrooveMonitor"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs
c:\windows\system32\msstp.vbe
c:\windows\system32\msstp.inf
c:\windows\inf\mncrlvbir.vbe
c:\windows\inf\mncrlvbir.inf

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

arya88 · #9 Příspěvek od **arya88** » 04 led 2016 13:13

Posílám log z Combofixu:

ComboFix 16-01-01.01 - Lucka 04.01.2016 12:04:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2038.903 [GMT 1:00]
Spuštěný z: c:\users\Lucka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lucka\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Photoshop CC 2015 (20150529 r 88) (32+64Bit) + Crack.vbs"
"c:\windows\inf\mncrlvbir.inf"
"c:\windows\inf\mncrlvbir.vbe"
"c:\windows\system32\msstp.inf"
"c:\windows\system32\msstp.vbe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-04 do 2016-01-04 )))))))))))))))))))))))))))))))
.
.
2016-01-04 11:41 . 2016-01-04 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-03 12:29 . 2016-01-03 12:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADECF7DD-5C93-46C3-9894-4415A638050A}\offreg.1880.dll
2016-01-03 12:23 . 2016-01-03 12:30 -------- d-----w- C:\UsbFix
2016-01-03 08:37 . 2016-01-03 08:41 -------- d-----w- C:\AdwCleaner
2016-01-02 22:27 . 2016-01-02 22:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADECF7DD-5C93-46C3-9894-4415A638050A}\offreg.1892.dll
2016-01-02 22:06 . 2015-12-16 09:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADECF7DD-5C93-46C3-9894-4415A638050A}\mpengine.dll
2016-01-02 21:42 . 2016-01-02 21:52 -------- d-----w- c:\program files\trend micro
2016-01-02 21:42 . 2016-01-02 21:42 -------- d-----w- C:\rsit
2015-12-16 20:02 . 2015-11-20 18:54 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-12-16 20:02 . 2015-11-20 18:34 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-12-16 20:02 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-12-16 20:02 . 2015-11-10 17:47 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-12-16 20:02 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-12-16 20:02 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-16 20:02 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
2015-12-16 20:02 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-12-16 20:02 . 2015-11-11 18:53 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-16 20:02 . 2015-11-11 18:53 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-16 20:02 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-12-16 20:02 . 2015-11-11 18:39 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-12-16 19:58 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
2015-12-16 19:58 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-12-06 16:06 . 2015-12-06 16:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-12-06 15:57 . 2016-01-02 20:49 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-06 15:55 . 2015-12-06 15:55 -------- d-----w- c:\program files (x86)\Adobe Media Player
2015-12-06 15:51 . 2015-12-06 15:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 17:24 . 2014-01-20 18:34 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-02 17:24 . 2014-01-20 18:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-17 22:03 . 2014-01-22 23:56 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-12-02 12:18 . 2014-01-20 18:02 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-10-29 17:50 . 2015-11-15 16:32 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-15 16:32 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-15 16:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-15 16:32 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-15 16:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-15 16:32 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-15 16:32 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-15 16:32 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-15 16:32 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-15 16:32 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-15 16:32 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-15 16:32 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-15 16:32 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-15 16:32 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-15 16:32 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-15 16:32 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-20 01:12 . 2015-11-15 16:33 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 01:12 . 2015-11-15 16:33 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 01:12 . 2015-11-15 16:33 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 01:09 . 2015-11-15 16:33 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 01:06 . 2015-11-15 16:33 243712 ----a-w- c:\windows\system32\wow64.dll
2015-10-20 01:06 . 2015-11-15 16:33 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-10-20 01:06 . 2015-11-15 16:33 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-10-20 01:06 . 2015-11-15 16:33 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-10-20 01:05 . 2015-11-15 16:33 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-10-20 01:05 . 2015-11-15 16:33 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-10-20 01:05 . 2015-11-15 16:33 503808 ----a-w- c:\windows\system32\srcore.dll
2015-10-20 01:05 . 2015-11-15 16:33 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-10-20 01:05 . 2015-11-15 16:33 50176 ----a-w- c:\windows\system32\srclient.dll
2015-10-20 01:05 . 2015-11-15 16:33 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 28160 ----a-w- c:\windows\system32\secur32.dll
2015-10-20 01:05 . 2015-11-15 16:33 344064 ----a-w- c:\windows\system32\schannel.dll
2015-10-20 01:05 . 2015-11-15 16:33 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-10-20 01:05 . 2015-11-15 16:33 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-10-20 01:05 . 2015-11-15 16:33 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-10-20 01:05 . 2015-11-15 16:33 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-10-20 01:05 . 2015-11-15 16:33 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-10-20 01:05 . 2015-11-15 16:33 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-10-20 01:05 . 2015-11-15 16:33 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-10-20 01:05 . 2015-11-15 16:33 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-10-20 01:05 . 2015-11-15 16:33 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-10-20 01:05 . 2015-11-15 16:33 22016 ----a-w- c:\windows\system32\credssp.dll
2015-10-20 01:05 . 2015-11-15 16:33 112640 ----a-w- c:\windows\system32\smss.exe
2015-10-20 01:05 . 2015-11-15 16:33 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-10-20 01:04 . 2015-11-15 16:33 31232 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 01:04 . 2015-11-15 16:33 338432 ----a-w- c:\windows\system32\conhost.exe
2015-10-20 01:04 . 2015-11-15 16:33 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 01:00 . 2015-11-15 16:33 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:59 . 2015-11-15 16:33 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:53 . 2015-11-15 16:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-20 00:53 . 2015-11-15 16:33 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-20 00:52 . 2015-11-15 16:33 3991488 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-10-20 00:52 . 2015-11-15 16:33 3935680 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-10-20 00:48 . 2015-11-15 16:33 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-10-20 00:45 . 2015-11-15 16:33 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-10-20 00:45 . 2015-11-15 16:33 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-10-20 00:45 . 2015-11-15 16:33 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-10-20 00:45 . 2015-11-15 16:33 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-10-20 00:45 . 2015-11-15 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-10-20 00:45 . 2015-11-15 16:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-10-20 00:45 . 2015-11-15 16:33 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-10-20 00:45 . 2015-11-15 16:33 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-10-20 00:45 . 2015-11-15 16:33 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-20 00:45 . 2015-11-15 16:33 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-10-20 00:45 . 2015-11-15 16:33 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-10-20 00:45 . 2015-11-15 16:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-20 00:45 . 2015-11-15 16:33 25600 ----a-w- c:\windows\SysWow64\setup16.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"Nike+ Connect"="c:\program files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2015-10-09 71680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe;c:\program files\Serviio\bin\ServiioService.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 NETwLv64; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwLv64.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-11-18 16:22 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-20 17:24]
.
2016-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 14:35]
.
2016-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 14:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8
FF - ProfilePath - c:\users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default\
FF - prefs.js: browser.startup.homepage - hxxps://seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
.
**************************************************************************
.
Celkový čas: 2016-01-04 13:12:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-04 12:12
ComboFix2.txt 2016-01-02 21:24
.
Před spuštěním: Volných bajtů: 26 753 073 152
Po spuštění: Volných bajtů: 26 438 852 608
.
- - End Of File - - F58FBB4E6504D9C88EF6398071750877
A36C5E4F47E84449FF07ED3517B43A31

#10 Příspěvek od **altrok** » 04 led 2016 23:41

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

arya88 · #11 Příspěvek od **arya88** » 05 led 2016 00:12

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Lucka (administrator) on LUCKA-PC (05-01-2016 00:00:44)
Running from C:\Users\Lucka\Desktop
Loaded Profiles: Lucka (Available Profiles: Lucka)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Chicony) C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe [417792 2009-04-10] (Chicony)
HKLM-x32\...\Run: [Nike+ Connect] => C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2015-10-10] (Nike)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{9CAC4864-AC25-4B22-AC79-F4884E2FD03A}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ttizn7vj.default
FF Homepage: hxxps://seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-02] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1216875980-2627076857-155479890-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iphahelpmejkbidhiecfeicblienleon] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2000-01-01] (O2Micro International) [File not signed]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-21] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [412672 2007-08-07] (Conexant Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 CAXHWAZL; C:\Windows\System32\DRIVERS\CAXHWAZL.sys [293376 2007-08-03] (Conexant Systems, Inc.) [File not signed]
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\CAX_DPV.sys [1481216 2007-08-03] (Conexant Systems, Inc.) [File not signed]
S2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [17024 2006-06-19] (Conexant) [File not signed]
S3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2000-01-01] (O2Micro )
S3 winachsf; C:\Windows\System32\DRIVERS\CAX_CNXT.sys [740352 2007-08-03] (Conexant Systems, Inc.) [File not signed]
S2 XAudio; C:\Windows\System32\DRIVERS\xaudio64.sys [10240 2007-08-07] (Conexant Systems, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-05 00:00 - 2016-01-05 00:01 - 00009447 _____ C:\Users\Lucka\Desktop\FRST.txt
2016-01-05 00:00 - 2016-01-05 00:00 - 02370560 _____ (Farbar) C:\Users\Lucka\Desktop\FRST64.exe
2016-01-05 00:00 - 2016-01-05 00:00 - 00000000 ____D C:\FRST
2016-01-04 13:12 - 2016-01-04 13:12 - 00019763 _____ C:\ComboFix.txt
2016-01-04 11:59 - 2016-01-04 11:59 - 05643309 ____R (Swearware) C:\Users\Lucka\Desktop\ComboFix.exe
2016-01-03 13:29 - 2016-01-03 13:29 - 00012217 _____ C:\Users\Lucka\Desktop\UsbFix_Report.txt
2016-01-03 13:23 - 2016-01-03 13:30 - 00000000 ____D C:\UsbFix
2016-01-03 13:23 - 2016-01-03 13:23 - 00001448 _____ C:\Users\Lucka\Desktop\UsbFix.lnk
2016-01-03 13:22 - 2016-01-03 13:22 - 03069552 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Lucka\Desktop\UsbFix_2016_8.178.exe
2016-01-03 09:37 - 2016-01-03 09:41 - 00000000 ____D C:\AdwCleaner
2016-01-03 09:36 - 2016-01-03 09:36 - 01745920 _____ C:\Users\Lucka\Desktop\adwcleaner_5.027.exe
2016-01-02 22:42 - 2016-01-02 22:52 - 00000000 ____D C:\Program Files\trend micro
2016-01-02 22:42 - 2016-01-02 22:42 - 01222144 _____ C:\Users\Lucka\Desktop\RSITx64.exe
2016-01-02 22:42 - 2016-01-02 22:42 - 00000000 ____D C:\rsit
2016-01-02 22:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-02 22:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-02 22:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-02 22:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-02 22:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-02 22:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-02 22:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-02 22:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-02 22:07 - 2016-01-04 13:12 - 00000000 ____D C:\Qoobox
2016-01-02 22:07 - 2016-01-04 12:41 - 00000000 ____D C:\Windows\erdnt
2016-01-02 18:33 - 2016-01-02 18:33 - 22908888 _____ (Malwarebytes ) C:\Users\Lucka\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-02 18:20 - 2016-01-02 18:20 - 00000000 ____H C:\Users\Lucka\Documents\Default.rdp
2015-12-16 21:03 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-16 21:03 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-16 21:03 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-16 21:03 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-16 21:03 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-16 21:03 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-16 21:03 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-16 21:03 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-16 21:03 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-16 21:03 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-16 21:03 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-16 21:03 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-16 21:03 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-16 21:03 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-16 21:03 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-16 21:02 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-16 21:02 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-16 21:02 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-16 21:02 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-16 21:02 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-16 21:02 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-16 21:02 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-16 21:02 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-16 21:02 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-16 21:02 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-16 21:02 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-16 21:02 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-16 21:00 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-16 21:00 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-16 21:00 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-16 21:00 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-16 21:00 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-16 21:00 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-16 21:00 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-16 21:00 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-16 21:00 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-16 21:00 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-16 21:00 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-16 21:00 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-16 21:00 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-16 21:00 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-16 21:00 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-16 21:00 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-16 21:00 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-16 21:00 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-16 21:00 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-16 21:00 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-16 21:00 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-16 21:00 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-16 21:00 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-16 21:00 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-16 21:00 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-16 21:00 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-16 21:00 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-16 21:00 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-16 21:00 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-16 21:00 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-16 21:00 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-16 21:00 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-16 21:00 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-16 21:00 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-16 21:00 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-16 21:00 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-16 21:00 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-16 21:00 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-16 21:00 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-16 21:00 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-16 21:00 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-16 21:00 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-16 21:00 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-16 21:00 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-16 21:00 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-16 21:00 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-16 21:00 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-16 21:00 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-16 21:00 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-16 21:00 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-16 21:00 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-16 21:00 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-16 21:00 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-16 21:00 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-16 21:00 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-16 21:00 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-16 21:00 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-16 21:00 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-16 21:00 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-16 21:00 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-16 21:00 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-16 21:00 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-16 21:00 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-16 21:00 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-16 20:58 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-16 20:58 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-16 19:54 - 2015-12-16 19:57 - 21373414 _____ C:\Users\Lucka\Desktop\MOV_0186.mp4
2015-12-06 20:28 - 2015-12-06 20:28 - 00000132 _____ C:\Users\Lucka\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-12-06 17:11 - 2015-12-06 17:11 - 00003502 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Lucka-PC-Lucka
2015-12-06 17:06 - 2015-12-06 17:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-06 16:57 - 2016-01-02 21:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-06 16:55 - 2015-12-06 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-12-06 16:55 - 2015-12-06 16:55 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
2015-12-06 16:52 - 2015-12-06 16:52 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-12-06 16:51 - 2015-12-06 16:51 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-06 16:51 - 2015-12-06 16:51 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-05 00:01 - 2014-01-20 19:06 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 00:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-04 23:57 - 2015-08-27 20:14 - 00000110 _____ C:\.dir
2016-01-04 23:56 - 2014-01-20 19:06 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 23:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 23:31 - 2014-01-20 19:01 - 00000000 ____D C:\Users\Lucka\Desktop\Různé
2016-01-04 23:24 - 2014-01-20 19:34 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-04 13:12 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-04 13:12 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-04 13:07 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-03 13:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-03 13:25 - 2009-07-14 16:18 - 00669018 _____ C:\Windows\system32\perfh005.dat
2016-01-03 13:25 - 2009-07-14 16:18 - 00141646 _____ C:\Windows\system32\perfc005.dat
2016-01-03 13:25 - 2009-07-14 06:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 09:41 - 2015-07-30 17:51 - 00000000 ____D C:\Windows\system32\log
2016-01-02 22:09 - 2014-01-20 18:59 - 00001912 _____ C:\Windows\epplauncher.mif
2016-01-02 21:51 - 2014-01-20 22:08 - 00000000 ____D C:\ProgramData\Adobe
2016-01-02 21:50 - 2015-11-21 12:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-02 18:24 - 2014-01-20 19:34 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 18:24 - 2014-01-20 19:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 18:24 - 2014-01-20 19:34 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-25 18:25 - 2014-01-20 21:47 - 00000000 ____D C:\Users\Lucka\Desktop\Dokumenty
2015-12-25 18:10 - 2014-04-23 20:30 - 02892800 ___SH C:\Users\Lucka\Desktop\Thumbs.db
2015-12-21 08:59 - 2014-01-25 17:02 - 01559788 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-21 08:49 - 2015-04-10 13:44 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-21 08:49 - 2015-04-10 13:44 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 15:06 - 2014-01-21 21:33 - 00000000 ____D C:\Windows\system32\MRT
2015-12-18 15:02 - 2009-07-14 05:45 - 04970136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-18 12:52 - 2014-01-25 14:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-18 12:43 - 2014-01-25 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-18 12:40 - 2014-01-25 16:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-18 12:40 - 2014-01-25 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-17 23:03 - 2014-01-23 00:56 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-14 09:42 - 2014-01-20 21:47 - 00000000 ____D C:\Users\Lucka\Desktop\Obrázky
2015-12-06 20:58 - 2014-01-20 19:34 - 00000000 ____D C:\Users\Lucka\AppData\Local\Adobe
2015-12-06 19:34 - 2015-11-21 12:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-06 17:16 - 2014-01-20 19:47 - 00000000 ____D C:\Users\Lucka\AppData\Roaming\Adobe
2015-12-06 17:06 - 2014-01-20 18:59 - 00109296 _____ C:\Users\Lucka\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2015-07-20 13:42 - 2015-07-20 13:42 - 6420480 _____ () C:\Program Files (x86)\GUT35A1.tmp
2015-05-20 21:31 - 2015-05-20 21:31 - 6420480 _____ () C:\Program Files (x86)\GUT5C63.tmp
2015-07-21 19:45 - 2015-07-21 19:45 - 0000000 _____ () C:\Program Files (x86)\GUTAF25.tmp
2015-12-06 20:28 - 2015-12-06 20:28 - 0000132 _____ () C:\Users\Lucka\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-16 20:52 - 2014-08-17 13:36 - 0000600 _____ () C:\Users\Lucka\AppData\Roaming\winscp.rnd
2015-10-10 21:13 - 2015-10-10 21:17 - 0005632 _____ () C:\Users\Lucka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-21 16:50 - 2015-08-21 16:50 - 0000000 _____ () C:\Users\Lucka\AppData\Local\{AA1F101F-D9E6-4059-B9BB-FA9252C16E51}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-30 16:03

==================== End of FRST.txt ============================

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Lucka (2016-01-05 00:02:00)
Running from C:\Users\Lucka\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-20 16:43:40)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1216875980-2627076857-155479890-500 - Administrator - Disabled)
Guest (S-1-5-21-1216875980-2627076857-155479890-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1216875980-2627076857-155479890-1003 - Limited - Enabled)
Lucka (S-1-5-21-1216875980-2627076857-155479890-1001 - Administrator - Enabled) => C:\Users\Lucka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Balíček ovladače systému Windows - Chicony (usbvideo) Image (05/12/2009 6.3.251.0512) (HKLM\...\4D0A78D60CE7E81C31D46CB92DBA41CCF993C9BD) (Version: 05/12/2009 6.3.251.0512 - Chicony)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.260.0526L - Chicony Electronics Co.,Ltd.)
CwdStudio 1.0.25 (HKLM-x32\...\CwdStudio_is1) (Version: - ITPro CZ)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: - )
ICQ 8.2 (verze 6901) (HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\ICQ) (Version: 8.2.6901.0 - ICQ)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 cs)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.6.34 - Nike)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prohlížeč Seznam.cz (HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\Seznam Browser) (Version: - Seznam.cz a.s.)
Rajče průvodce verze 1.59.52.267 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Serviio (HKLM\...\Serviio) (Version: - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.118 - PandoraTV)
Unity Web Player (HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UsbFix (HKLM-x32\...\Usbfix) (Version: 8.178 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.4 (HKLM-x32\...\winscp3_is1) (Version: 5.5.4 - Martin Prikryl)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1086D6C0-D3D0-4EF2-AAAF-E0A8F20924EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {574A09BE-9BC1-47F0-B1F1-BCAE50D1CC9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5C53EFD2-055F-4110-83A8-6614D1FB27CD} - System32\Tasks\AdobeAAMUpdater-1.0-Lucka-PC-Lucka => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5F6EF51B-F214-4E13-930D-DE1213386F1A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {74E68788-6321-4141-A5FB-055E44859983} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2010-07-11] ()
Task: {7AF5037D-162A-41D1-868B-524778959D64} - System32\Tasks\{60FADC3B-19A0-4EB2-9686-D0BE7840714B} => pcalua.exe -a C:\Users\Lucka\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
Task: {8AD300FA-3CD0-4718-B561-A9A9735A29E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {9892B989-D6B7-489D-A20D-6B5E18B08E05} - System32\Tasks\{288303E9-AA06-4257-B791-95D779F288F3} => pcalua.exe -a C:\Users\Lucka\Desktop\ytd-1.46.exe -d C:\Users\Lucka\Desktop
Task: {9FEB90CA-73A3-4659-8C61-B7B5D87C111D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AA64ACBB-BD13-4C77-8F1B-3724372E1710} - System32\Tasks\{CFF660B4-6F7C-4109-9E0B-E7AA0D47903D} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {AA8E45F9-7CD8-488D-B234-E4060B936416} - System32\Tasks\{93B82D50-2594-44A7-8456-2E1723071134} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {C3A66767-3C29-4D6C-98B0-2DCAFDD2A65D} - System32\Tasks\{A80274A7-694A-4680-BCED-B3C2AC83F0A2} => C:\Program Files (x86)\WinSCP\WinSCP.exe [2014-06-10] (Martin Prikryl)
Task: {DB5EE2F6-9DA7-44DC-BE0F-263CA657DF3B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E86501EF-570A-4923-8184-72E939D63306} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {F0754302-8627-49FB-A582-456DB23F7098} - System32\Tasks\{451B1EC3-A00C-4388-B04E-61323D0A8097} => Chrome.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-21 02:57 - 2014-03-21 02:57 - 00359936 _____ () C:\Program Files\Serviio\bin\ServiioService.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-01-04 13:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1216875980-2627076857-155479890-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{49B029F4-0727-4516-B3EA-2FA2867A7696}C:\program files (x86)\winscp\winscp.exe] => (Allow) C:\program files (x86)\winscp\winscp.exe
FirewallRules: [UDP Query User{2F1A1826-9DEE-4F6D-B645-9D5713EF0FF6}C:\program files (x86)\winscp\winscp.exe] => (Allow) C:\program files (x86)\winscp\winscp.exe
FirewallRules: [{F2555209-FF6C-447F-AFB9-842559A45BC3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA265DA7-247F-4708-BC9A-53F40E9DDF9E}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{38B3836E-B899-40BB-8C9C-6EF860082019}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{DB5001DF-3E58-4B7C-BB52-53EFE075AFB9}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{CD19977F-B7B6-4FA9-9593-EC21BCA2F543}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC2533D1-1E9D-48EF-B5D0-304FC6C6917D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

18-12-2015 15:40:45 Windows Update
19-12-2015 12:39:35 Windows Update
21-12-2015 08:54:20 Windows Update
25-12-2015 16:51:46 Windows Update
02-01-2016 17:25:17 Windows Update
04-01-2016 12:02:19 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2016 11:56:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (01/02/2016 05:52:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/16/2015 08:26:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/15/2015 06:30:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/10/2015 09:42:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/07/2015 10:06:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/06/2015 07:33:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lucka-PC)
Description: Aktualizaci {AC76BA86-7AD7-0000-2550-AC0F094E6F00} produktu Adobe Acrobat Reader DC - Czech nebylo možné nainstalovat. Kód chyby: 1625. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/02/2015 07:09:46 PM) (Source: MsiInstaller) (EventID: 1024) (User: Lucka-PC)
Description: Aktualizaci {AC76BA86-7AD7-0000-2550-AC0F094E6F00} produktu Adobe Acrobat Reader DC - Czech nebylo možné nainstalovat. Kód chyby: 1625. Instalační služba systému Windows může vytvořit soubor protokolu s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/01/2015 07:26:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/01/2015 05:30:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 40.0.3.5716, časové razítko: 0x55ddb213
Název chybujícího modulu: mozglue.dll, verze: 40.0.3.5716, časové razítko: 0x55dda062
Kód výjimky: 0x80000003
Posun chyby: 0x0000e250
ID chybujícího procesu: 0xb98
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

System errors:
=============
Error: (01/04/2016 11:55:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:36:07, ‎4.‎1.‎2016) bylo neočekávané.

Error: (01/04/2016 11:23:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/04/2016 12:41:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/04/2016 12:31:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/04/2016 12:04:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (01/03/2016 01:24:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (01/03/2016 01:23:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft .NET Framework NGEN v4.0.30319_X86 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/03/2016 01:23:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/03/2016 01:23:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft .NET Framework NGEN v4.0.30319_X64 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (01/03/2016 01:23:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2016-01-04 23:55:49.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XAudio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 23:55:48.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XAudio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 23:55:48.315
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mdmxsdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 23:55:48.185
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mdmxsdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 23:55:38.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CAXHWAZL.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 23:55:38.367
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\CAXHWAZL.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 12:42:43.373
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XAudio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 12:42:43.243
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\XAudio64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 12:42:42.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mdmxsdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-04 12:42:42.341
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mdmxsdk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 57%
Total physical RAM: 2038.43 MB
Available physical RAM: 876.27 MB
Total Virtual: 4076.86 MB
Available Virtual: 2723.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.88 GB) (Free:29.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:90.96 GB) (Free:78.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 9E4D2E08)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=93.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=91 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#12 Příspěvek od **altrok** » 05 led 2016 00:54

Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualni je 8U66. Verze Javy, ktere v PC mate nainstalovane:

Java(TM) 7 Update 5 (64-bit)

Nainstalujte nejaky antivir, protoze Defender na Win7 plni pouze funkci antispywarovou.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Serviio\bin\ServiioService.exe
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2016-01-02 18:33 - 2016-01-02 18:33 - 22908888 _____ (Malwarebytes ) C:\Users\Lucka\Desktop\mbam-setup-2.2.0.1024.exe
2015-07-20 13:42 - 2015-07-20 13:42 - 6420480 _____ () C:\Program Files (x86)\GUT35A1.tmp
2015-05-20 21:31 - 2015-05-20 21:31 - 6420480 _____ () C:\Program Files (x86)\GUT5C63.tmp
2015-07-21 19:45 - 2015-07-21 19:45 - 0000000 _____ () C:\Program Files (x86)\GUTAF25.tmp
Task: {74E68788-6321-4141-A5FB-055E44859983} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2010-07-11] ()
Task: {7AF5037D-162A-41D1-868B-524778959D64} - System32\Tasks\{60FADC3B-19A0-4EB2-9686-D0BE7840714B} => pcalua.exe -a C:\Users\Lucka\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
C:\Users\Lucka\AppData\Roaming\webssearches
Task: {9892B989-D6B7-489D-A20D-6B5E18B08E05} - System32\Tasks\{288303E9-AA06-4257-B791-95D779F288F3} => pcalua.exe -a C:\Users\Lucka\Desktop\ytd-1.46.exe -d C:\Users\Lucka\Desktop
Task: {AA64ACBB-BD13-4C77-8F1B-3724372E1710} - System32\Tasks\{CFF660B4-6F7C-4109-9E0B-E7AA0D47903D} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {AA8E45F9-7CD8-488D-B234-E4060B936416} - System32\Tasks\{93B82D50-2594-44A7-8456-2E1723071134} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
End

arya88 · #13 Příspěvek od **arya88** » 05 led 2016 09:14

Antivir nainstalován, Java přeinstalovaná. Zasílám Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Lucka (2016-01-05 09:05:56) Run:1
Running from C:\Users\Lucka\Desktop
Loaded Profiles: Lucka (Available Profiles: Lucka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files\Serviio\bin\ServiioService.exe
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1216875980-2627076857-155479890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2016-01-02 18:33 - 2016-01-02 18:33 - 22908888 _____ (Malwarebytes ) C:\Users\Lucka\Desktop\mbam-setup-2.2.0.1024.exe
2015-07-20 13:42 - 2015-07-20 13:42 - 6420480 _____ () C:\Program Files (x86)\GUT35A1.tmp
2015-05-20 21:31 - 2015-05-20 21:31 - 6420480 _____ () C:\Program Files (x86)\GUT5C63.tmp
2015-07-21 19:45 - 2015-07-21 19:45 - 0000000 _____ () C:\Program Files (x86)\GUTAF25.tmp
Task: {74E68788-6321-4141-A5FB-055E44859983} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2010-07-11] ()
Task: {7AF5037D-162A-41D1-868B-524778959D64} - System32\Tasks\{60FADC3B-19A0-4EB2-9686-D0BE7840714B} => pcalua.exe -a C:\Users\Lucka\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
C:\Users\Lucka\AppData\Roaming\webssearches
Task: {9892B989-D6B7-489D-A20D-6B5E18B08E05} - System32\Tasks\{288303E9-AA06-4257-B791-95D779F288F3} => pcalua.exe -a C:\Users\Lucka\Desktop\ytd-1.46.exe -d C:\Users\Lucka\Desktop
Task: {AA64ACBB-BD13-4C77-8F1B-3724372E1710} - System32\Tasks\{CFF660B4-6F7C-4109-9E0B-E7AA0D47903D} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {AA8E45F9-7CD8-488D-B234-E4060B936416} - System32\Tasks\{93B82D50-2594-44A7-8456-2E1723071134} => pcalua.exe -a F:\SETUP.EXE -d F:\
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Program Files\Serviio\bin\ServiioService.exe ========================

File not signed
MD5: 6766E06DDD621A7B4077E6F523D562E4
Creation and modification date: 2014-03-21 02:57 - 2014-03-21 02:57
Size: 0359936
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKU\S-1-5-21-1216875980-2627076857-155479890-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1216875980-2627076857-155479890-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Lucka\Desktop\mbam-setup-2.2.0.1024.exe => moved successfully
C:\Program Files (x86)\GUT35A1.tmp => moved successfully
C:\Program Files (x86)\GUT5C63.tmp => moved successfully
C:\Program Files (x86)\GUTAF25.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{74E68788-6321-4141-A5FB-055E44859983}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74E68788-6321-4141-A5FB-055E44859983}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AF5037D-162A-41D1-868B-524778959D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF5037D-162A-41D1-868B-524778959D64}" => key removed successfully
C:\Windows\System32\Tasks\{60FADC3B-19A0-4EB2-9686-D0BE7840714B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60FADC3B-19A0-4EB2-9686-D0BE7840714B}" => key removed successfully
"C:\Users\Lucka\AppData\Roaming\webssearches" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9892B989-D6B7-489D-A20D-6B5E18B08E05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9892B989-D6B7-489D-A20D-6B5E18B08E05}" => key removed successfully
C:\Windows\System32\Tasks\{288303E9-AA06-4257-B791-95D779F288F3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{288303E9-AA06-4257-B791-95D779F288F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA64ACBB-BD13-4C77-8F1B-3724372E1710}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA64ACBB-BD13-4C77-8F1B-3724372E1710}" => key removed successfully
C:\Windows\System32\Tasks\{CFF660B4-6F7C-4109-9E0B-E7AA0D47903D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFF660B4-6F7C-4109-9E0B-E7AA0D47903D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA8E45F9-7CD8-488D-B234-E4060B936416}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA8E45F9-7CD8-488D-B234-E4060B936416}" => key removed successfully
C:\Windows\System32\Tasks\{93B82D50-2594-44A7-8456-2E1723071134} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{93B82D50-2594-44A7-8456-2E1723071134}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

The system needed a reboot.

==== End of Fixlog 09:07:30 ====

#14 Příspěvek od **altrok** » 06 led 2016 02:41

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

arya88 · #15 Příspěvek od **arya88** » 06 led 2016 08:38

Děkuji moc za pomoc. Vše opět pracuje jak má

VIRY.CZ

Vytváření zástupců na flash disku

Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku

Re: Vytváření zástupců na flash disku