Antivir blokuje vyskakující stránky

[DekkerDave]

Dobrý den,
po nějaké době se opět musím obrátit s žádostí o pomoc místní čaroděje, neboť mě už několik dní trápí jistý problém, který se mi svépomocí nedaří vyřešit.

Před pár dny jsem někde nakoupil jakýsi malware, který se mi ale nedaří z počítače vyštípat. Samovolně se snaží otevřít stránky odkazující na weby jako "muzikfury" nebo "imagefarm", které ale ESS9 úspěšně blokuje - podává o tom naráz třeba i 20 zpráv. Scany z ESS9, MBAM ani ADWCleaner nic nenajdou.

Trošku jsem se koukal a ve složce AppData/Local jsem našel podezřelou složku "Ofi Labs". V té je další podsložka "PhantomJS" a v ní jsou tyto soubory, které nejspíš dost mluví za vše:
http_25000denne.biz_0.localstorage
http_2dszz.exclusiverewards.0296.ws_0.localstorage
http_search.fulltabsearch.com_0.localstorage
http_search.funsafetabsearch.com_0.localstorage
http_search.mystartabsearch.com_0.localstorage
http_search.tvplusnewtabsearch.com_0.localstorage
http_www.tomtop.com_0.localstorage
https_api.flocktory.com_0.localstorage
https_configch2.veinteractive.com_0.localstorage
https_is.alicdn.com_0.localstorage
https_offer.alibaba.com_0.localstorage
https_www.aliexpress.com_0.localstorage
https_www.youtube.com_0.localstorage

S tím mám nejspíš spojený další problém - zkoušel jsem i kompletní restart Firefoxu, tj. navrácení do původního stavu, ale vyskytl se problém, kdy mi FF náhle blokuje přístup na velkou část stránek začínající https. Chyby jsou tohoto rázu:

https://www.reddit.com/ Vydavatel certifikátu partnera nebyl rozpoznaný. HTTP Strict Transport Security: true HTTP Public Key Pinning: false Řetězec certifikátů: -----BEGIN CERTIFICATE----- MIIEZTCCA02gAwIBAgIQHwN98JGYM9JgLqeZ+mX9qDANBgkqhkiG9w0BAQsFADBI MRswGQYDVQQDExJFU0VUIFNTTCBGaWx0ZXIgQ0ExHDAaBgNVBAoTE0VTRVQsIHNw b2wuIHMgci4gby4xCzAJBgNVBAYTAlNLMB4XDTE1MDgxNzAwMDAwMFoXDTE4MDgy MTEyMDAwMFowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU BgNVBAcTDVNhbiBGcmFuY2lzY28xFDASBgNVBAoTC1JlZGRpdCBJbmMuMRUwEwYD VQQDDAwqLnJlZGRpdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQC9X0F0AHwaBUAuUNFeyIxVRX+PoKiCdqK6Fe5Wv1RbQBrqo/xJyEtPpfJRKUse WId6petcOE7RfNL3yA14YmlIkn8QYcGmM8unfKX8B3/JvOklBAaHJxXGk/wEfUyX yQw/849ugNg7VWWjkPtf3A4nI5058Lt4IOPw9vT/7iIMKUnUm+LB0QZR8u6Lt/O3 mquqRKhIFcdpWtTQov6SuBrwmJu7kImvn+rcYQxRtKpIu41P6NZxJWxMeKlOIsRI NCrSZs8v7PxGTgvgWLkbBfrnIwcv6f5hRy36V6ZpEPLUtQDokPkAcy0u9ZkqpyBV j9UuAOE9TUzD6crQRjPb0bobAgMBAAGjggEqMIIBJjAdBgNVHQ4EFgQU/MKzqZ+A UW9b4pDEmZDQ6NZvDSwwgdcGA1UdEQSBzzCBzIIMKi5yZWRkaXQuY29tggpyZWRk aXQuY29tghEqLnJlZGRpdG1lZGlhLmNvbYIYZW5naW5lLmEucmVkZGl0bWVkaWEu Y29tgg9yZWRkaXRtZWRpYS5jb22CCSoucmVkZC5pdIIHcmVkZC5pdIIUd3d3LnJl ZGRpdHN0YXRpYy5jb22CGWltZ2xlc3MucmVkZGl0dXBsb2Fkcy5jb22CE2kucmVk ZGl0dXBsb2Fkcy5jb22CGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbTAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B AQsFAAOCAQEAVYMwmuc4emx/uIW8Y/JAfMGnMN4oQXvXlPl6wxMXAcr86i5iV3Ox QRr+Td7xNi+VTTOY5hKf1SSpFF9sIkNfVkPmUmy4Q5sucadRAjyenMqmmLkIOV7a pTgMhoKqNOMmNYIau2swivdCa/ahMRmnk7q2WgQHmsS6YvWQL9jdRjbeolmPdQoa 64IhKMbXJDouYA4RfrVDJ/RbXCcE8cKQtf41pP/dD0DPsG4JBxDEYJsIjNIKrdFB o+18bPVTAnsOiWwhXGAsXzmB9395k9PM91qhW8K9hgRBXrAmg//88FjT8RRLqHuE Ya26oyuwMvSms2/70p2ppXaRV6/WP0r6bw== -----END CERTIFICATE-----

Výše popsaný problém jsem vyřešil takto:
http://forum.viry.cz/viewtopic.php?f=14&t=148761

Nic podezřelého jsem v poslední době neinstaloval - snad až na oficiální ovladače pro tiskárnu od Samsungu.

Zde přikládám log z RSIT. Věřím, že tan bude řádný svinčík:
Logfile of random's system information tool 1.14 (written by random/random)
Run by Fofrklacek at 2016-11-22 13:37:51
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 242 GB (53%) free of 460 GB
Total RAM: 16297 MB (83% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:52, on 22.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe
D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Fofrklacek_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [system_jconsole.jar] C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar"
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwareu ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwareu ... /CTPID.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 4 Service (nlsvc) - Locktime Software - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Unknown owner - D:\Origin\OriginClientService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9430 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe"
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /s
"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe" /s
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"D:\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\SysWOW64\WTClient.exe
"C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe" -jar "C:\ProgramData\Comms\jconsole.jar"
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
D:\Steam\bin\cef\cef.winxp\steamwebhelper.exe "-cachedir=C:\Users\Fofrklacek\AppData\Local\Steam\htmlcache" "-steampid=2120" "-buildid=1476379980" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\Drivers\WTSRV.EXE"
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -c
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe "-1685596838-207795706214402517701392969248124848798116578299401067996535-485723756
"C:\Program Files (x86)\SpeedFan\speedfan.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\rundll32.exe
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe" /i
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Fofrklacek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s
C:\Windows\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\Windows\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\Windows\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\Windows\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\Windows\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\Windows\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\Windows\system32\tasks\RTSS - C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\rundetector - %windir%\system32\GWX\GWXDetector.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 23.0.0.207 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack

C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\addons.json
Firefox Hello Beta (discontinued) - extension - loop@mozilla.org

C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\extensions.json
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Firefox Hello - extension - loop@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi
Websense Helper - extension - websensehelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\websensehelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\pluginreg.dat
Plugin - NVIDIA 3D VISION - 7.17.13.6881 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.6881 - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Java(TM) Platform SE 8 U91 - 11.91.2.14 - C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.910.14 - 11.91.2.14 - C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
Plugin - Shockwave Flash - 23.0.0.207 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-12-11 8783616]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2016-02-18 15120504]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2014-09-08 464608]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-11-17 1854400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=D:\Steam\steam.exe [2016-10-13 2860832]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2015-03-23 296216]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"WTClient"=C:\Windows\system32\WTClient.exe [2012-12-22 40832]
"system_jconsole.jar"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaw.exe [2016-04-22 191552]

C:\Users\Fofrklacek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.WVC1"=d3dgeardecoder64.dll
"VIDC.WMV3"=d3dgeardecoder64.dll
"VIDC.MJPG"=d3dgeardecoder64.dll
"VIDC.M4S2"=d3dgeardecoder64.dll
"VIDC.FVFW"=d3dgeardecoder64.dll
"VIDC.FFVH"=d3dgeardecoder64.dll
"VIDC.H264"=d3dgeardecoder64.dll
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux5"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux6"=wdmaud.drv
"aux7"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-11-22 13:37:51 ----D---- C:\rsit
2016-11-22 11:24:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-11-22 01:18:08 ----D---- C:\CrystalDiskInfo7_0_4
2016-11-22 00:55:20 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2016-11-22 00:55:20 ----A---- C:\Windows\SYSWOW64\nvspbridge.dll
2016-11-22 00:55:20 ----A---- C:\Windows\system32\nvspcap64.dll
2016-11-22 00:55:20 ----A---- C:\Windows\system32\nvspbridge64.dll
2016-11-22 00:55:20 ----A---- C:\Windows\system32\NvRtmpStreamer64.dll
2016-11-22 00:55:06 ----A---- C:\Windows\NvContainerRecovery.bat
2016-11-22 00:49:58 ----A---- C:\GeForce_Experience_v3.1.2.31.exe
2016-11-21 20:10:58 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-21 20:09:43 ----D---- C:\MBAR
2016-11-21 19:48:58 ----D---- C:\ProgramData\HitmanPro
2016-11-20 16:24:55 ----A---- C:\Windows\system32\drivers\ekbdflt.sys
2016-11-19 23:16:54 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-11-19 23:14:13 ----D---- C:\ProgramData\RogueKiller
2016-11-11 14:56:06 ----D---- C:\ProgramData\Codemasters
2016-11-11 13:54:43 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2016-11-11 13:54:43 ----A---- C:\Windows\system32\nvaudcap64v.dll
2016-11-11 13:54:43 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2016-11-11 06:44:57 ----D---- C:\AdwCleaner
2016-10-27 10:00:25 ----D---- C:\ProgramData\boost_interprocess
2016-10-27 09:57:56 ----D---- C:\Program Files\Common Files\Common Desktop Agent
2016-10-27 09:57:11 ----RA---- C:\Windows\Wiainst64.exe
2016-10-27 09:57:03 ----A---- C:\Windows\system32\SaMinDrv.dll
2016-10-27 09:57:03 ----A---- C:\Windows\system32\SaImgFlt.dll
2016-10-27 09:57:03 ----A---- C:\Windows\system32\SaErHdlr.dll
2016-10-27 09:56:58 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-10-27 09:56:57 ----D---- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-10-27 09:56:40 ----A---- C:\Windows\system32\ssm4mci.exe
2016-10-27 09:56:37 ----A---- C:\Windows\system32\ssm4mlm.dll
2016-10-27 09:56:36 ----A---- C:\Windows\system32\eed_sl.exe
2016-10-27 09:56:36 ----A---- C:\Windows\system32\eed_ec.dll
2016-10-27 09:56:34 ----A---- C:\Windows\system32\ssm4mci.dll
2016-10-27 09:56:30 ----A---- C:\Windows\SYSWOW64\Ssusbpn.dll
2016-10-27 09:56:30 ----A---- C:\Windows\system32\Ssusbp64.dll
2016-10-27 09:56:08 ----N---- C:\Windows\system32\ssdevm64.dll
2016-10-27 09:50:15 ----D---- C:\Users\Fofrklacek\AppData\Roaming\Samsung
2016-10-27 09:48:40 ----D---- C:\ProgramData\Samsung
2016-10-27 09:48:35 ----N---- C:\Windows\SYSWOW64\DlgSearchEngine.dll
2016-10-27 09:48:35 ----N---- C:\Windows\system32\DlgSearchEngine.dll
2016-10-27 09:48:35 ----D---- C:\Program Files (x86)\Samsung
2016-10-27 09:48:35 ----A---- C:\Windows\system32\us00alm.dll
2016-10-27 09:48:35 ----A---- C:\Windows\system32\us00aci.exe
2016-10-27 09:48:35 ----A---- C:\Windows\system32\us00aci.dll
2016-10-27 09:48:35 ----A---- C:\Windows\system32\SBuySupplies.exe

======List of files/folders modified in the last 1 month======

2016-11-22 13:37:53 ----D---- C:\Windows\Prefetch
2016-11-22 13:37:52 ----D---- C:\Program Files\trend micro
2016-11-22 13:37:51 ----D---- C:\Windows\Temp
2016-11-22 11:27:07 ----RD---- C:\Program Files (x86)
2016-11-22 11:27:07 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-22 11:21:10 ----D---- C:\Users\Fofrklacek\AppData\Roaming\vlc
2016-11-22 11:02:32 ----D---- C:\Shadowplay
2016-11-22 11:02:31 ----D---- C:\Program Files (x86)\SpeedFan
2016-11-22 11:01:59 ----D---- C:\Windows\System32
2016-11-22 11:01:45 ----D---- C:\ProgramData\NVIDIA
2016-11-22 02:18:21 ----D---- C:\Windows\system32\Tasks
2016-11-22 02:18:13 ----D---- C:\Users\Fofrklacek\AppData\Roaming\foobar2000
2016-11-22 01:39:32 ----D---- C:\Program Files (x86)\MSI Afterburner
2016-11-22 00:57:43 ----D---- C:\Windows\inf
2016-11-22 00:55:27 ----D---- C:\ProgramData\NVIDIA Corporation
2016-11-22 00:55:20 ----D---- C:\Windows\SysWOW64
2016-11-22 00:55:20 ----D---- C:\Program Files\NVIDIA Corporation
2016-11-22 00:55:17 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2016-11-22 00:55:15 ----D---- C:\Windows\system32\DriverStore
2016-11-22 00:55:06 ----D---- C:\Windows
2016-11-22 00:55:00 ----D---- C:\Windows\system32\drivers
2016-11-21 20:10:58 ----HD---- C:\ProgramData
2016-11-21 11:51:15 ----D---- C:\uTorrent
2016-11-20 16:25:00 ----D---- C:\Windows\system32\catroot2
2016-11-19 22:57:25 ----SD---- C:\Users\Fofrklacek\AppData\Roaming\Microsoft
2016-11-18 11:00:41 ----D---- C:\Windows\system32\config
2016-11-18 10:58:52 ----SHD---- C:\System Volume Information
2016-11-15 18:30:40 ----D---- C:\Windows\winsxs
2016-11-15 18:20:46 ----SHD---- C:\Windows\Installer
2016-11-14 21:27:54 ----D---- C:\ProgramData\Bohemia Interactive
2016-11-14 16:07:15 ----D---- C:\Program Files (x86)\RivaTuner Statistics Server
2016-11-14 11:26:55 ----A---- C:\Windows\ntbtlog.txt
2016-11-14 11:07:10 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-11-14 11:06:51 ----D---- C:\Windows\twain_32
2016-11-13 23:49:34 ----D---- C:\Users\Fofrklacek\AppData\Roaming\Skype
2016-11-11 06:41:12 ----AC---- C:\Windows\system32\MRT.exe
2016-11-11 06:32:44 ----D---- C:\Program Files (x86)\Common Files
2016-11-08 22:34:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-11-08 22:34:30 ----D---- C:\Windows\system32\Macromed
2016-11-08 22:34:26 ----D---- C:\Windows\SYSWOW64\Macromed
2016-11-08 10:35:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-27 09:57:56 ----D---- C:\Program Files\Common Files
2016-10-27 09:55:02 ----D---- C:\Windows\system32\catroot

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-20 84616]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2015-03-23 22800]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-20 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-20 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-20 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-20 61568]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-20 153216]
R2 LGCoreTemp;Logitech CPU Core Tempurature; \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [2015-06-21 14184]
R2 nldrv;nldrv; \??\C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [2015-10-10 120720]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2014-05-07 11576]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-12-11 4705536]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2015-03-23 390416]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-03-23 800016]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2015-06-11 37408]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS); C:\Windows\system32\drivers\LGJoyXlCore.sys [2015-06-11 68384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2015-06-11 26912]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2015-12-11 41096]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-07-15 214592]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-11-17 46016]
R3 PTSimBus;PenTablet Bus Enumerator; C:\Windows\system32\DRIVERS\PTSimBus.sys [2012-12-22 32128]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2015-12-09 13512]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-01-15 977624]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 glavcam;Lenovo EasyCamera; C:\Windows\system32\DRIVERS\glavcam.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-08-09 4928256]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-11-22 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-17 27584]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 PTSimHid;PenTablet Simulated HID MiniDriver; C:\Windows\system32\DRIVERS\PTSimHid.sys [2012-12-22 22912]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 Tablet2k;Serial Tablet Port Driver; C:\Windows\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\Windows\system32\DRIVERS\TClass2k.sys [2012-12-22 32128]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 UCTblHid;HID Tablet Port Driver; C:\Windows\system32\DRIVERS\UCTblHid.sys [2012-12-22 27520]
S3 UHSfiltv;UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys []
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM10664.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-20 2771848]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-08-09 355232]
R2 LogiRegistryService;Logitech Gaming Registry Service; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [2016-02-18 193656]
R2 nlsvc;NetLimiter 4 Service; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [2015-10-10 322480]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-11-17 462784]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2016-11-17 1163712]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-07-11 1364536]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2016-05-10 76152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-07-10 424384]
R2 WinTabService;WinTab Service; C:\Windows\System32\Drivers\WTSRV.EXE [2013-04-19 78064]
R3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-01-29 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08 270016]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2016-10-22 1445384]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-08-09 288688]
S3 EasyAntiCheat;EasyAntiCheat; C:\Windows\syswow64\EasyAntiCheat.exe [2016-07-10 229152]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-03-31 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-11-22 146888]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-11-17 462784]
S3 Origin Client Service;Origin Client Service; D:\Origin\OriginClientService.exe []
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-06-15 1518672]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-11-04 1255736]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

[JaRon]

ahoj,
1. pouzi oba kroky http://forum.viry.cz/viewtopic.php?f=13 ... #p14659772.
2. NIKDY nevkladaj logy do code

[DekkerDave]

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Fofrklacek on Łt 22.11.2016 at 14:10:52,44.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fofrklacek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.11.2016 14:11:34 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Fofrklacek\AppData\Roaming\HDDHealth deleted successfully
C:\Users\Fofrklacek\AppData\Local\Skype deleted successfully
C:\Users\Fofrklacek\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1304720554-789506846-3919696667-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Origin Client Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Origin Client Service deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\FOFRKL~1\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");

Added to C:\Users\FOFRKL~1\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\foobar2000_v1.3.9.exe deleted
C:\GeForce_Experience_v3.1.2.31.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\hddhealth_s.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\ProgramData\mntemp" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\FOFRKL~1\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\FOFRKL~1\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723
- Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Windows Media Player Extension for Firefox - %AppDir%\extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack
- Exif Viewer em:version2.00.1-signed.1-signed em:type2 em:descriptionExtracts and displays the Exif Exchangeable Image File IPTC-NAAIIM International Press Telecommunications Council Newspaper Association of America Information Interchange Model and IPTC Core Adobe XMP Extensible Metadata Platform metadata as stored by digital still cameras in both local and remote JPEG images. em:creatorAlan Raskin asraskin@gmail.com em:homepageURLhttp:araskin.webs.comexifexif.html - %AppDir%\extensions\exif_viewer@mozilla.doslash.org.xpi
- Undetermined - %AppDir%\extensions\uBlock0@raymondhill.net.xpi
- Adblock Plus - %AppDir%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Disable Anti-Adblock - %AppDir%\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723
83FCFA3C1E0D7523C21CCFBF336D2687 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll - Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================



==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fofrklacek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Fofrklacek\AppData\Local\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\cache2 emptied successfully
C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\hb41sdyx.default-1470138538564\storage\default\https+++www.freeonplate.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=58 folders=73 170183588 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Fofrklacek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\FOFRKL~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 22.11.2016 at 14:21:24,97 ======================

[DekkerDave]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by Fofrklacek (Administrator) on Łt 22.11.2016 at 14:24:52,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\Fofrklacek\AppData\Roaming\Mozilla\Firefox\Profiles\46at8asm.default-1479809188723\prefs.js
user_pref(extensions.xpiState, {\app-system-defaults\:{\e10srollout@mozilla.org\:{\d\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srol



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 22.11.2016 at 14:25:56,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Tak uvidíme, jestli se to ještě bude snažit něco otevřít.

[JaRon]

OK, daj vediet
+
citat:
DelFix https://toolslib.net/downloads/finish/2/
•Stahnete a spustte
•Ponechte zatrzitkou pouze u volby Remove disinfection tools
•Kliknete na Run

[DekkerDave]

Zdravím, vir se stále vrací. Něco ho stále tahá zpět, řešení postnuté výše pomáhá pouze dočasně.

MBAM blokuje exe s tímto umístěním:
C:\Users\Fofrklacek\AppData\Local\Temp\phantomows\bin\csrss.exe

Zároveň se po čase opět vytvoří složky v AppData/Local/Ofi Labs/PhantomJS, jak jsem popisoval v původním příspěvku. Zkoušel jsem i restart FF do původního stavu i jeho kompletní reinstalaci s updatem na nejnovější verzi. Internet projíždím vždy s aktivním ESS9 a MBAM.

Prosím tedy o pomoc.

[JaRon]

ahoj,
prescanuj s RK - log sem http://forum.viry.cz/viewtopic.php?f=24&t=120452

[DekkerDave]

RK log zde:

RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Fofrklacek [Práva správce]
Started from : C:\Users\Fofrklacek\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 12/05/2016 11:36:33 (Duration : 00:16:39)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] 46at8asm.default-1479809188723 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD2003FZEX-00Z4SA0 ATA Device +++++
--- User ---
[MBR] c60d6fbce4a72eded515450a114ea56f
[BSP] 35bb1148d51b48b45115fc4199d987f5 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 5582e3d46527718e85e48c47b827989a
[BSP] 6dde15960872ffa5d0eab7d1424b743f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 460000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 942286848 | Size: 493767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[JaRon]

subor C:\Users\Fofrklacek\AppData\Local\Temp\phantomows\bin\csrss.exe otestuj na www.virustotal.com
výsledok vloz

[DekkerDave]

Mě vomejou, teď tam zase po něm není ani stopa. No, za pár dní nejspíš zase bude zpět, tak ho proženu tou kontrolou.

[JaRon]

nevadi, vycisti PC s CCleanerom vcetne registrov

[DekkerDave]

Takže ho mám zpátky. Zde je virustotal scan souboru csrss.exe:
https://www.virustotal.com/cs/file/7049 ... /analysis/

Zároveň v \AppData\Local\Temp se objevila zip složka phantomows.zip, obsahující totožné soubory (i včetně csrss.exe). Opět zase mám v \AppData\Local\Ofi Labs\PhantomJS řadu souborů, co evidentně odkazujou na redirect popupů.

[JaRon]

kedze ho pozna Kaspersky, vycisti PC s AVPTool

[DekkerDave]

Tak projeto, smazáno. Zároveň to našlo i souvislý složky ve Windows/Prefetch, který to taky smazalo. Uvidím, co bude dál.

[JaRon]

+
zopakuj zoek - vid vyssie