goffer.exe

[altrok]

Zdravim a omlouvam se kolegovi za vstup


Pokud jeste v PC je, poprosim Vas o uploadnuti souboru
C:\Users\tom\Desktop\SIM_editor_Smart.zip
napr. na ulozto nebo leteckoupostu a link mi hodte do mailu (v podpisu).


Dejte prosim aktualni logy z FRST (normalni rezim, i Addition.txt).
a nasledne vytvorte nasledujici fixlist.txt, ktery umistete do stejne slozky jako mate FRST. Pote FRST spustte a kliknete na fix. Obsah vysledneho fixlog.txt prosim take vlozte.

Kód: Vybrat vše

Start
CloseProcesses:
File: C:\Windows\System32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
Folder: C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
Folder: C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
Folder: C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
Folder: C:\Users\tom\AppData\Local\CrashRpt
Folder: C:\Users\Public\Documents\ShopperPro
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
End

[konu]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by tom (administrator) on ASUS-PC on 22-04-2015 13:25:12
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Loaded Profiles: tom (Available profiles: tom)
Platform: Windows 8.1 Enterprise (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\MountPoints2: F - "F:\SETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3332171635-80688016-592393309-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3332171635-80688016-592393309-1001 -> DefaultScope {AAF95CB0-2208-4414-8A5B-63D268CF73AB} URL = http://search.seznam.cz/?q={searchTerms ... chmodule_1
SearchScopes: HKU\S-1-5-21-3332171635-80688016-592393309-1001 -> {AAF95CB0-2208-4414-8A5B-63D268CF73AB} URL = http://search.seznam.cz/?q={searchTerms ... chmodule_1
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: WinToFlash Suggestor -> {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} -> C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll [2012-05-25] (Novicorp LLC)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Hosts: 127.0.0.1 player.kmpmedia.net
Tcpip\..\Interfaces\{0CAC6FFC-C225-4715-8D53-E2A5B6B4B21B}: [NameServer] 46.33.112.42,46.33.96.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-22] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-22] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-10] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-30] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "G:\Programy\Bezpečnost\Hitman\HitmanPro_x64.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 DLPortIO; C:\Windows\SysWOW64\DRIVERS\DLPortIO.SYS [3584 2000-06-29] () [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2014-12-14] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 18:04 - 2015-04-20 18:04 - 00010334 _____ () C:\Users\tom\eaglerc.usr
2015-04-18 19:43 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-18 19:43 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-18 19:43 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-18 19:43 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-18 19:05 - 2015-04-18 19:10 - 651165696 _____ () C:\Users\tom\Downloads\overclockix-i386-.018.iso
2015-04-18 19:05 - 2015-04-18 19:05 - 00025244 _____ () C:\Users\tom\Downloads\overclockix-amd64-.018.iso.torrent
2015-04-18 19:05 - 2015-04-18 19:05 - 00000060 _____ () C:\Users\tom\Downloads\overclockix-i386-.018.iso.md5
2015-04-18 19:00 - 2015-04-18 19:03 - 621283886 _____ () C:\Users\tom\Downloads\Hirens.BootCD.15.2.zip
2015-04-18 17:38 - 2015-04-18 17:39 - 00000000 ____D () C:\MyBootCD
2015-04-18 16:48 - 2015-04-18 18:57 - 00000000 ____D () C:\Program Files (x86)\Top Password
2015-04-18 16:48 - 2015-04-18 16:48 - 00001043 _____ () C:\Users\tom\Desktop\ISO2Disc.lnk
2015-04-18 16:48 - 2015-04-18 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO2Disc
2015-04-18 16:18 - 2015-04-18 16:24 - 574615552 _____ () C:\Users\tom\Downloads\CD_Live_Malekal.iso
2015-04-18 16:06 - 2011-07-17 16:05 - 297922560 _____ () C:\Users\tom\Desktop\OTLPE_New_Std.iso
2015-04-18 16:05 - 2015-04-18 16:05 - 98077435 _____ (Igor Pavlov) C:\Users\tom\Downloads\OTLPEStd.exe
2015-04-18 15:36 - 2015-04-18 18:29 - 00000000 ____D () C:\Users\tom\AppData\Local\ShamurShamur
2015-04-18 15:20 - 2015-04-18 15:20 - 05516740 _____ () C:\Users\tom\Downloads\XBootv1.0beta14.zip
2015-04-18 15:16 - 2015-04-18 15:16 - 01310422 _____ (pendrivelinux.com) C:\Users\tom\Desktop\YUMI-2.0.1.6.exe
2015-04-17 22:59 - 2015-04-17 23:02 - 30786843 _____ () C:\Users\tom\Desktop\Novicorp WinToFlash 0.8.0122 beta Portable.zip
2015-04-17 22:37 - 2015-04-17 22:37 - 00094404 _____ () C:\OTL.Txt
2015-04-17 17:41 - 2015-04-17 17:44 - 448530432 _____ () C:\Users\tom\Downloads\Win8PE_x64_EFI.ISO
2015-04-17 17:32 - 2015-04-17 23:01 - 00000000 ____D () C:\Program Files (x86)\WinToFlash Suggestor
2015-04-16 21:21 - 2015-04-16 21:21 - 00325576 _____ () C:\Windows\Minidump\041615-5437-01.dmp
2015-04-16 21:13 - 2015-04-16 21:13 - 00021850 _____ () C:\Users\tom\Documents\cc_20150416_211336.reg
2015-04-16 21:11 - 2015-04-16 21:11 - 1372651520 _____ () C:\Users\tom\Desktop\NBRT.iso
2015-04-16 14:25 - 2015-04-16 21:21 - 535890945 _____ () C:\Windows\MEMORY.DMP
2015-04-16 14:25 - 2015-04-16 14:25 - 00325416 _____ () C:\Windows\Minidump\041615-5312-01.dmp
2015-04-15 17:08 - 2015-04-15 17:08 - 00000144 _____ () C:\Users\tom\Downloads\nmap.install
2015-04-15 16:45 - 2015-04-15 16:45 - 00001418 _____ () C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 16:41 - 2015-04-22 13:00 - 00024452 _____ () C:\Windows\setupact.log
2015-04-15 16:41 - 2015-04-15 16:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 15:54 - 2015-04-22 13:07 - 01547502 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 13:52 - 2015-04-20 19:40 - 00003816 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429098722
2015-04-15 13:52 - 2015-04-15 13:52 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-15 13:52 - 2015-04-15 13:52 - 00000000 ____D () C:\Users\tom\AppData\Local\Opera Software
2015-04-15 13:51 - 2015-04-20 19:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-15 13:51 - 2015-04-15 13:51 - 00691664 _____ (Opera Software) C:\Users\tom\Downloads\Opera_NI_stable.exe
2015-04-15 13:46 - 2015-04-15 13:46 - 00000000 ____D () C:\_OTL
2015-04-15 13:21 - 2015-04-15 15:47 - 00000000 ___DC () C:\Users\tom\AppData\Local\MigWiz
2015-04-15 13:10 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 13:10 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 13:10 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 13:10 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 13:10 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 13:10 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 13:10 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 13:10 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 13:10 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 13:10 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 13:10 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 13:10 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 13:09 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 13:09 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 13:09 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 13:09 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 13:09 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 13:09 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 13:09 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 13:09 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 13:09 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 13:09 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 13:09 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 13:09 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 13:09 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 13:09 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 13:09 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 13:09 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 13:09 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 13:09 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 13:09 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 13:09 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 13:09 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 13:09 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 13:09 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 13:09 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 13:09 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 13:09 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 13:09 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 13:09 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 13:09 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 13:09 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 20:45 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 20:45 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 20:45 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 20:45 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:45 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:45 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:45 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 20:45 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 20:45 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 20:45 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-14 20:45 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-14 20:45 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 20:45 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 20:45 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 20:45 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:45 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:45 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:45 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 18:12 - 2015-04-14 18:12 - 00000512 _____ () C:\PhysicalMBR.bin
2015-04-14 17:11 - 2015-04-14 17:11 - 00005314 _____ () C:\Users\tom\Desktop\RKreport_SCN_04142015_171121.log
2015-04-14 16:24 - 2015-04-14 16:24 - 01222144 _____ () C:\Users\tom\Downloads\RSITx64.exe
2015-04-14 15:28 - 2012-07-26 07:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2015-04-14 15:28 - 2012-07-26 07:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2015-04-14 15:28 - 2012-07-26 07:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-04-14 15:27 - 2015-04-14 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2015-04-14 15:27 - 2015-04-14 15:27 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2015-04-14 15:27 - 2015-04-14 15:27 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-04-14 15:26 - 2015-04-16 21:09 - 00001358 _____ () C:\Users\tom\Desktop\Norton Installation Files.lnk
2015-04-13 18:29 - 2015-04-13 18:34 - 308004864 _____ () C:\Users\tom\Desktop\Kaspersky Rescue Disk 10.iso
2015-04-12 21:54 - 2015-04-12 22:21 - 00000000 ____D () C:\Program Files (x86)\Anti-Spy.Info
2015-04-12 21:54 - 2015-04-12 22:07 - 00000000 ____D () C:\ProgramData\AntiSpyInfo
2015-04-12 21:54 - 2015-04-12 21:54 - 02553160 _____ () C:\Users\tom\Downloads\antispy17.exe
2015-04-12 21:46 - 2015-04-14 16:25 - 00000000 ____D () C:\Program Files\trend micro
2015-04-12 21:46 - 2015-04-12 21:48 - 00000000 ____D () C:\rsit
2015-04-12 21:44 - 2015-04-17 18:25 - 00000000 ____D () C:\Users\tom\Desktop\Bezpečnost
2015-04-12 21:44 - 2015-04-17 16:04 - 00029696 _____ () C:\Users\tom\AppData\Local\MSGBOX.EXE
2015-04-12 21:36 - 2015-04-22 13:25 - 00000000 ____D () C:\FRST
2015-04-12 11:32 - 2015-04-12 11:32 - 00000000 ____D () C:\NPE
2015-04-09 07:41 - 2015-04-09 07:42 - 340670464 _____ () C:\Users\tom\Downloads\eset-sysrescue.1.0.9.0.enu.iso
2015-04-08 20:15 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 20:15 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 20:15 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-08 20:15 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-08 20:15 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-08 17:04 - 2015-04-08 17:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-08 13:18 - 2015-04-08 13:18 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-08 13:08 - 2015-04-08 13:08 - 166740264 _____ (Emsisoft Ltd. ) C:\Users\tom\Downloads\EmsisoftAntiMalwareSetup_4382129.exe
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\tom\Desktop\RS232
2015-04-07 20:56 - 2015-04-07 20:58 - 00640736 _____ () C:\Users\tom\Desktop\COM Port.rar
2015-04-06 20:53 - 2015-04-06 20:54 - 05046784 _____ () C:\Users\tom\Downloads\reverse-schema-web.vsd
2015-04-06 17:13 - 2015-04-06 17:29 - 184364089 _____ () C:\Users\tom\Downloads\Moderni-programovani.rar
2015-04-06 17:12 - 2015-04-09 08:20 - 00000000 ____D () C:\Users\tom\Desktop\Programování mikrokontrolérů PIC16Cxx -BEN- Jiří Hrbáček
2015-04-06 17:08 - 2015-04-06 17:11 - 12989461 _____ () C:\Users\tom\Downloads\Programování-mikrokontrolérů-PIC16Cxx.zip
2015-04-06 07:44 - 2015-04-06 07:44 - 02208768 _____ () C:\Users\tom\Downloads\adwcleaner_4.200.exe
2015-04-05 08:53 - 2015-04-05 08:53 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010
2015-04-05 08:53 - 2015-04-05 08:53 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010
2015-04-04 17:47 - 2015-04-04 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PonyProg
2015-04-04 17:47 - 2015-04-04 17:47 - 00000000 ____D () C:\Program Files (x86)\PonyProg2000
2015-04-04 17:44 - 2015-04-04 17:44 - 00003096 _____ () C:\Windows\System32\Tasks\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD}
2015-04-04 17:03 - 2015-04-05 10:37 - 00000000 ____D () C:\Users\tom\AppData\Roaming\VisualAssistAtmel
2015-04-04 17:03 - 2015-04-05 10:37 - 00000000 ____D () C:\Users\tom\AppData\Local\VisualAssistAtmel
2015-04-04 17:03 - 2015-04-04 17:03 - 00000000 ____D () C:\Users\tom\AppData\Local\IsolatedStorage
2015-04-04 17:02 - 2015-04-04 17:02 - 00002130 _____ () C:\Users\Public\Desktop\Atmel Studio 6.2.lnk
2015-04-04 16:59 - 2015-04-04 17:23 - 00000000 ____D () C:\Users\tom\Documents\Atmel Studio
2015-04-04 16:59 - 2015-04-04 16:59 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Atmel
2015-04-04 16:59 - 2015-04-04 16:59 - 00000000 ____D () C:\Users\tom\AppData\Local\Atmel
2015-04-04 16:58 - 2015-04-04 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel
2015-04-04 16:57 - 2015-04-04 17:01 - 00000000 ____D () C:\Program Files (x86)\Atmel
2015-04-04 16:57 - 2014-02-06 09:01 - 00067680 _____ (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2015-04-04 16:57 - 2014-02-06 09:01 - 00042592 _____ (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
2015-04-04 16:57 - 2014-01-28 07:59 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1150.dll
2015-04-04 16:57 - 2013-11-11 08:42 - 00147456 _____ (Jungo) C:\Windows\SysWOW64\wdapi1021.dll
2015-04-04 16:57 - 2013-11-11 08:41 - 00151552 _____ (Jungo Connectivity) C:\Windows\SysWOW64\wdapi1140.dll
2015-04-04 16:57 - 2013-11-11 08:41 - 00143360 _____ (Jungo) C:\Windows\SysWOW64\wdapi1010.dll
2015-04-04 16:57 - 2013-11-11 08:41 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1100.dll
2015-04-04 16:57 - 2013-11-11 08:41 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi102.dll
2015-04-04 16:57 - 2013-11-11 08:41 - 00110592 _____ (Jungo) C:\Windows\SysWOW64\wdapi1011.dll
2015-04-04 16:51 - 2015-04-04 16:51 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer
2015-04-04 16:51 - 2015-04-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-04 16:50 - 2015-04-09 07:44 - 00000000 ____D () C:\Users\tom\Documents\Visual Studio 2010
2015-04-04 16:50 - 2015-04-04 16:50 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-04-04 16:50 - 2015-04-04 16:50 - 00000000 ____D () C:\Windows\PCHEALTH
2015-04-04 16:50 - 2015-04-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-04-04 16:50 - 2015-04-04 16:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-04-04 16:44 - 2015-04-04 16:46 - 587327768 _____ (Atmel) C:\Users\tom\Downloads\AStudio6_2sp2_1563.exe
2015-04-04 16:19 - 2011-05-01 14:58 - 00022902 _____ () C:\Users\tom\Desktop\atmega_fusebit_doctor_2.11_m8.hex
2015-04-04 16:19 - 2011-05-01 14:58 - 00008136 _____ () C:\Users\tom\Desktop\atmega_fusebit_doctor_2.11_m8.bin
2015-04-04 16:09 - 2015-04-05 16:23 - 00002382 _____ () C:\Users\tom\gdbtk.ini
2015-04-04 16:07 - 2015-04-04 16:07 - 00000000 ____D () C:\WinAVR-20100110
2015-04-04 16:07 - 2015-04-04 16:07 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVR-20100110
2015-04-04 16:03 - 2015-04-04 16:03 - 28840282 _____ () C:\Users\tom\Desktop\WinAVR-20100110-install.exe
2015-04-03 21:52 - 2015-04-03 21:52 - 00003024 _____ () C:\Windows\System32\Tasks\brbrw_1280
2015-04-03 21:47 - 2015-04-03 21:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
2015-04-03 21:46 - 2015-04-03 21:46 - 00004224 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\tom\AppData\Local\CrashRpt
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-04-03 20:52 - 2015-04-03 20:52 - 04210464 _____ () C:\Users\tom\Desktop\SIM_editor_Smart.zip
2015-03-31 18:54 - 2015-03-31 18:55 - 11038926 _____ () C:\Users\tom\Desktop\The-XX---Intro.flac
2015-03-28 16:20 - 2015-03-28 16:20 - 00000210 _____ () C:\Windows\ODBCINST.INI
2015-03-28 13:38 - 2015-03-28 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Výpočet transformátoru
2015-03-28 13:37 - 2015-03-28 13:37 - 00477278 _____ () C:\Users\tom\Downloads\trafo.zip
2015-03-28 13:00 - 2015-03-28 13:00 - 07803328 _____ () C:\Users\tom\Desktop\transformátor.exe
2015-03-28 00:13 - 2015-04-21 21:45 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Nitro PDF
2015-03-27 17:15 - 2015-03-27 17:15 - 00002547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2015-03-27 17:15 - 2015-03-27 17:15 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Nitro
2015-03-27 17:15 - 2015-03-27 17:15 - 00000000 ____D () C:\ProgramData\Nitro
2015-03-27 17:15 - 2015-03-27 17:15 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-03-27 17:15 - 2015-03-27 17:15 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-03-27 17:15 - 2012-12-13 12:47 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-03-27 17:15 - 2012-12-13 12:47 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll
2015-03-27 17:14 - 2015-03-27 17:14 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Downloaded Installations
2015-03-26 19:26 - 2015-04-11 12:04 - 00394006 _____ () C:\Users\tom\Desktop\zdroj 60v 40a.sch
2015-03-26 10:46 - 2015-04-18 19:17 - 00000000 ____D () C:\Users\tom\Desktop\sardu_3

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 13:07 - 2014-12-13 18:15 - 00739924 _____ () C:\Windows\system32\perfh005.dat
2015-04-22 13:07 - 2014-12-13 18:15 - 00151610 _____ () C:\Windows\system32\perfc005.dat
2015-04-22 13:07 - 2014-12-13 11:48 - 01745984 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 13:00 - 2014-12-15 15:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 13:00 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-21 17:53 - 2015-01-19 20:06 - 00000000 ____D () C:\KMPlayer
2015-04-21 15:57 - 2014-12-13 11:50 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C40A664-6612-43B9-B571-28453941D32F}
2015-04-20 18:04 - 2014-12-13 11:50 - 00000000 ____D () C:\Users\tom
2015-04-19 12:00 - 2014-12-13 12:58 - 00000000 ____D () C:\Users\tom\AppData\Roaming\uTorrent
2015-04-18 19:43 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 19:14 - 2015-01-16 14:01 - 00000000 ____D () C:\Users\tom\AppData\Local\CrashDumps
2015-04-18 17:56 - 2015-01-15 16:51 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3332171635-80688016-592393309-1001
2015-04-17 17:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-17 17:27 - 2015-01-14 21:27 - 00000000 ____D () C:\Users\tom\AppData\Local\VirtualStore
2015-04-17 16:29 - 2015-01-15 16:40 - 00000000 ____D () C:\Users\tom\AppData\Local\NPE
2015-04-17 14:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-16 21:22 - 2014-12-17 13:51 - 00007605 _____ () C:\Users\tom\AppData\Local\Resmon.ResmonCfg
2015-04-16 21:21 - 2014-12-13 21:25 - 00000000 ____D () C:\Windows\Minidump
2015-04-16 21:09 - 2015-01-15 16:40 - 00000000 ____D () C:\ProgramData\Norton
2015-04-16 14:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-15 17:41 - 2015-01-01 13:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-15 17:41 - 2015-01-01 13:33 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-15 17:40 - 2015-01-01 13:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-15 13:53 - 2014-12-14 10:07 - 00000000 ____D () C:\Users\tom\AppData\Local\Google
2015-04-15 13:53 - 2014-12-14 10:07 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-15 13:52 - 2015-01-16 13:58 - 00000000 ____D () C:\Users\tom\AppData\Roaming\Opera Software
2015-04-15 13:36 - 2014-12-14 09:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 13:36 - 2014-12-14 09:12 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 17:08 - 2015-01-27 20:34 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-14 15:26 - 2015-01-15 17:30 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-04-14 01:24 - 2014-12-14 09:36 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-12-14 09:36 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 18:19 - 2015-02-22 16:42 - 00000000 ____D () C:\AdwCleaner
2015-04-12 19:58 - 2015-03-14 20:49 - 00000000 ____D () C:\Users\tom\Desktop\RFID Emulator
2015-04-10 08:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-09 07:49 - 2014-12-13 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-04-08 20:15 - 2014-12-14 11:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 20:15 - 2014-12-14 11:58 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 17:04 - 2015-01-16 17:09 - 00003850 _____ () C:\Windows\system32\.crusader
2015-04-08 17:04 - 2015-01-16 16:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 09:48 - 2012-03-22 10:51 - 00000000 ____D () C:\Users\tom\Desktop\RFID Reader
2015-04-06 07:33 - 2015-02-22 18:41 - 00000000 ____D () C:\Users\tom\Desktop\Proramátor
2015-04-04 17:46 - 2015-02-15 12:57 - 00000000 ____D () C:\Users\tom\Desktop\SIM clone -Klonování sim
2015-04-04 16:58 - 2014-12-14 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 16:57 - 2015-02-03 16:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-04 10:43 - 2015-02-22 15:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-04 10:43 - 2015-01-20 19:10 - 00000000 ____D () C:\Program Files (x86)\AC3Filter
2015-04-03 21:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-01 15:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-28 00:12 - 2013-08-22 16:44 - 00473040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 17:05 - 2015-02-22 15:00 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-24 16:11 - 2015-02-23 14:28 - 00000000 ____D () C:\Users\tom\Desktop\Kyocera

==================== Files in the root of some directories =======

2015-01-14 14:49 - 2015-01-14 14:49 - 0000001 _____ () C:\Users\tom\AppData\Local\llftool.4.25.agreement
2015-04-12 21:44 - 2015-04-17 16:04 - 0029696 _____ () C:\Users\tom\AppData\Local\MSGBOX.EXE
2014-12-17 13:51 - 2015-04-16 21:22 - 0007605 _____ () C:\Users\tom\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\tom\AppData\Local\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 07:31

==================== End Of Log

[konu]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by tom at 2015-04-22 13:25:35
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{26D488C3-89E9-455C-B96A-1ADF65A26C54}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Aktualizace NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Anti-Spy.Info 1.8d (HKLM-x32\...\Anti-Spy.Info) (Version: 1.8d - Neuber Software)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Atmel ARM GNU Toolchain (HKLM-x32\...\{736745FA-6A66-4654-9397-1321B2B4D196}) (Version: 4.8.1443 - Atmel)
Atmel AVR (32 bit) GNU Toolchain (HKLM-x32\...\{C342B5D0-D95A-4B39-9262-2CC3CE3F39B2}) (Version: 3.4.1067 - Atmel)
Atmel AVR (8 bit) GNU Toolchain (HKLM-x32\...\{6E3D61B8-F3EC-462D-91F9-49D03A97053E}) (Version: 3.4.1061 - Atmel)
Atmel Driver Files (x32 Version: 7.0.928 - Atmel Corporation) Hidden
Atmel Jungo USB Driver (x32 Version: 7.0.120 - Atmel) Hidden
Atmel Kits (HKLM-x32\...\{3C85CFF3-91DE-4520-B836-5F4C2F247FF5}) (Version: 6.2.338 - Atmel)
Atmel LibUSB0 Driver (x32 Version: 7.0.73 - Atmel) Hidden
Atmel Segger USB Drivers (497f) (x32 Version: 7.0.140 - Atmel) Hidden
Atmel Studio 6.2 (HKLM-x32\...\{C179E170-07D6-4D8D-A34D-FDB3FCC79FEC}) (Version: 6.2.1563 - Atmel)
Atmel Studio Backend (HKLM-x32\...\{1B2C7C63-4659-49A1-8BC9-F845FE0F0D35}) (Version: 1.12.4144 - Atmel Corporation)
Atmel Studio Memory Logger (HKLM-x32\...\{053538A7-0B52-4CA9-9728-D506BFAA42BD}) (Version: 6.2.171 - Atmel)
Atmel USB Driver Package (HKLM-x32\...\{88a482c9-18e3-43d5-b426-3d1cdf85b391}) (Version: 7.0.666 - Atmel)
Atmel WinUSB (x32 Version: 6.2.30 - Atmel) Hidden
AtmelSoftwareFramework (HKLM-x32\...\{35BD89A1-47F3-4E42-B393-B8DB123F5215}) (Version: 3.21.0.1310 - Atmel)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AVR macro Assembler (HKLM-x32\...\{251D9F73-6297-4941-9016-EA787F708FDF}) (Version: 2.1.1175 - Atmel)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Betaverze hry Battlefield™ Hardline (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
EAGLE 7.2.0 (HKLM-x32\...\EAGLE 7.2.0) (Version: 7.2.0 - CadSoft Computer GmbH)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Smart Security (HKLM\...\{443D1D0A-17E5-4F61-8074-8801BDB430CC}) (Version: 8.0.304.1 - ESET, spol s r. o.)
ISO2Disc 1.08 (HKLM-x32\...\ISO2Disc_is1) (Version: - Top Password Software, Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KiCad 2013.07.07 (HKLM-x32\...\KiCad) (Version: 2013.07.07 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.135 - PandoraTV)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.30319 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{522D6D76-B109-4C83-BA3C-D26D08391EBC}) (Version: 8.0.10.7 - Nitro)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 347.25 (Version: 347.25 - NVIDIA Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PonyProg2000 v2.06f (HKLM-x32\...\PonyProg2000_is1) (Version: 2.06f - LancOS)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Sada Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.1.0.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinToFlash Suggestor (HKLM-x32\...\WinToFlash Suggestor) (Version: 1.2.5.0 - Think Tank Labs, LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

20-04-2015 15:21:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-02-02 19:15 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 player.kmpmedia.net

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3052CD23-49C6-4342-9689-B03E9B81FD37} - System32\Tasks\{BFF7EEEF-31C2-45A5-9821-0A06C9D43121} => pcalua.exe -a E:\InstAll.exe -d E:\
Task: {4D820859-D391-4DAF-88D7-32E1D5B46968} - System32\Tasks\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {531E8525-8CC0-4FA4-9FB0-E400D80E85D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {7235EADF-592B-4D47-B60A-97BEA001C1CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {93967D86-C3BD-4CD6-82AD-121241161BD9} - System32\Tasks\Opera scheduled Autoupdate 1429098722 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {99CE4F40-1949-4477-A052-729E22B4B7E8} - System32\Tasks\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD} => pcalua.exe -a C:\Users\tom\Desktop\setup.exe -d C:\Users\tom\Desktop
Task: {A6B3815C-540D-477A-BDC1-F3E87E066B86} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {AF003A68-C578-4D84-AA34-A199F4BEC493} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {B9FF942B-D14F-4E8D-822E-462311DD05FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {BA383F09-BA64-47C9-95E2-E2CE72C09853} - System32\Tasks\GoogleUpdateTaskMachineCore1d036549eefc1d8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EB687EFB-5FF0-4C3F-998D-7FC4237CA5C9} - System32\Tasks\brbrw_1280 => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe
Task: {F7373C5A-4029-4105-90CD-8FF29EC42128} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-12-15 15:52 - 2015-01-10 01:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-03 16:24 - 2015-02-03 16:26 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-29 11:14 - 2012-03-30 20:01 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-12-29 11:14 - 2012-03-30 20:01 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\tom\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3332171635-80688016-592393309-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tom\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 46.33.112.42 - 46.33.96.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-3332171635-80688016-592393309-500 - Administrator - Disabled)
Guest (S-1-5-21-3332171635-80688016-592393309-501 - Limited - Disabled)
tom (S-1-5-21-3332171635-80688016-592393309-1001 - Administrator - Enabled) => C:\Users\tom

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 01:02:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 01:02:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 01:01:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/22/2015 06:51:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 06:49:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 06:49:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/21/2015 09:00:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/21/2015 08:59:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/21/2015 08:58:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/21/2015 07:32:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (04/22/2015 01:00:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/22/2015 06:48:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/21/2015 08:57:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/21/2015 07:29:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (04/21/2015 05:22:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070643): Microsoft Visual Studio 2010 Service Pack 1.

Error: (04/21/2015 05:22:25 PM) (Source: DCOM) (EventID: 10010) (User: asus-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/21/2015 05:21:55 PM) (Source: DCOM) (EventID: 10010) (User: asus-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/21/2015 04:38:14 PM) (Source: DCOM) (EventID: 10010) (User: asus-pc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/21/2015 04:37:44 PM) (Source: DCOM) (EventID: 10010) (User: asus-pc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/21/2015 03:51:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HitmanPro 3.7 Crusader (Boot) neuspěla při spuštění v důsledku následující chyby:
%%2


Microsoft Office Sessions:
=========================
Error: (04/22/2015 01:02:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 01:02:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 01:01:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/22/2015 06:51:13 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 06:49:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/22/2015 06:49:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/21/2015 09:00:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/21/2015 08:59:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/21/2015 08:58:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/21/2015 07:32:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 12%
Total physical RAM: 12240.98 MB
Available physical RAM: 10696.45 MB
Total Pagefile: 24528.98 MB
Available Pagefile: 22961.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:64.9 GB) NTFS
Drive d: (Seagate Momentus) (Fixed) (Total:931.51 GB) (Free:71.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8D59147E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3A6584D5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[konu]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by tom at 2015-04-22 13:30:23 Run:1
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Loaded Profiles: tom (Available profiles: tom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
File: C:\Windows\System32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
Folder: C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
Folder: C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
Folder: C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
Folder: C:\Users\tom\AppData\Local\CrashRpt
Folder: C:\Users\Public\Documents\ShopperPro
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
End

*****************

Processes closed successfully.

========================= File: C:\Windows\System32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf ========================

MD5:
Creation and modification date: 2015-04-03 21:47 - 2015-04-03 21:47
Size: 0000000
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======


========================= Folder: C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb ========================

2015-04-03 21:46 - 2015-04-03 21:46 - 0211456 _____ () C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb\74cc5c0b-e570-4327-802b-725a2955f3cd.dll

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0 ========================

2015-04-03 21:46 - 2015-04-03 21:46 - 0211456 _____ () C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0\003f8103-a65f-407b-8b92-482debc8d4d6.dll

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845 ========================

2015-04-03 21:46 - 2015-04-03 21:46 - 0211456 _____ () C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845\59669c6c-c8c8-41f8-b431-c5fae2c5d098.dll

====== End of Folder: ======


========================= Folder: C:\Users\tom\AppData\Local\CrashRpt ========================

2015-04-03 21:46 - 2015-04-03 21:46 - 0000000 ____D () C:\Users\tom\AppData\Local\CrashRpt\UnsentCrashReports
2015-04-03 21:46 - 2015-04-03 21:46 - 0000000 ____D () C:\Users\tom\AppData\Local\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1

====== End of Folder: ======


========================= Folder: C:\Users\Public\Documents\ShopperPro ========================

2015-04-03 21:46 - 2015-04-03 21:46 - 0000000 ____D () C:\Users\Public\Documents\ShopperPro\JsDriver
2015-03-30 20:47 - 2015-04-03 21:46 - 0002300 _____ () C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml

====== End of Folder: ======


========= dir "C:\PROGRA~1" =========

Volume in drive C has no label.
Volume Serial Number is 44EF-1CA3

Directory of C:\PROGRA~1

13. 04. 2015 18:21 <DIR> .
13. 04. 2015 18:21 <DIR> ..
26. 02. 2015 15:14 <DIR> Adblock Plus for IE
23. 02. 2015 16:31 <DIR> CCleaner
06. 04. 2015 07:43 <DIR> Common Files
14. 12. 2014 14:24 <DIR> ESET
15. 04. 2015 16:40 <DIR> Internet Explorer
27. 02. 2015 22:39 <DIR> Kyocera
04. 04. 2015 16:51 <DIR> Microsoft Help Viewer
14. 01. 2015 21:36 <DIR> Microsoft Silverlight
18. 12. 2014 18:49 <DIR> MSBuild
15. 12. 2014 15:52 <DIR> NVIDIA Corporation
19. 02. 2015 18:29 <DIR> PowerISO
18. 12. 2014 18:49 <DIR> Reference Assemblies
14. 04. 2015 16:25 <DIR> trend micro
15. 12. 2014 16:54 <DIR> VIA
14. 12. 2014 09:02 <DIR> VS Revo Group
14. 01. 2015 17:34 <DIR> Windows AIK
10. 03. 2015 22:42 <DIR> Windows Defender
14. 01. 2015 21:36 <DIR> Windows Imaging
18. 12. 2014 19:58 <DIR> Windows Journal
18. 12. 2014 19:58 <DIR> Windows Mail
18. 12. 2014 19:58 <DIR> Windows Media Player
18. 12. 2014 19:58 <DIR> Windows Multimedia Platform
22. 08. 2013 17:36 <DIR> Windows NT
18. 12. 2014 19:58 <DIR> Windows Photo Viewer
18. 12. 2014 19:58 <DIR> Windows Portable Devices
18. 12. 2014 19:57 <DIR> WindowsPowerShell
07. 02. 2015 11:14 <DIR> WinRAR
0 File(s) 0 bytes
29 Dir(s) 69 688 127 488 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Volume in drive C has no label.
Volume Serial Number is 44EF-1CA3

Directory of C:\PROGRA~2

18. 04. 2015 16:48 <DIR> .
18. 04. 2015 16:48 <DIR> ..
04. 04. 2015 10:43 <DIR> 5a1f3589-0adb-4951-8a7b-a30922551845
04. 04. 2015 10:43 <DIR> AC3Filter
04. 04. 2015 10:43 <DIR> Adobe
12. 04. 2015 22:21 <DIR> Anti-Spy.Info
16. 01. 2015 20:32 <DIR> ASUS
04. 04. 2015 17:01 <DIR> Atmel
03. 02. 2015 16:38 <DIR> Battlelog Web Plugins
04. 04. 2015 10:43 <DIR> c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
04. 04. 2015 10:43 <DIR> c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
17. 04. 2015 22:57 <DIR> Common Files
18. 12. 2014 15:02 <DIR> DsNET Corp
27. 01. 2015 21:08 <DIR> FreeHDL
15. 04. 2015 13:53 <DIR> Google
14. 12. 2014 10:15 <DIR> Intel
15. 04. 2015 16:40 <DIR> Internet Explorer
15. 04. 2015 17:41 <DIR> Java
15. 03. 2015 10:27 <DIR> KiCad
28. 01. 2015 16:10 <DIR> LTC
22. 01. 2015 21:40 <DIR> Microsoft ASP.NET
04. 04. 2015 16:50 <DIR> Microsoft SDKs
14. 01. 2015 21:36 <DIR> Microsoft Silverlight
04. 04. 2015 16:51 <DIR> Microsoft SQL Server
04. 04. 2015 16:50 <DIR> Microsoft Visual Studio 10.0
04. 04. 2015 16:50 <DIR> Microsoft.NET
18. 12. 2014 18:49 <DIR> MSBuild
27. 03. 2015 17:15 <DIR> Nitro
14. 04. 2015 15:27 <DIR> Norton Bootable Recovery Tool Wizard
14. 04. 2015 15:27 <DIR> NortonInstaller
15. 12. 2014 15:52 <DIR> NVIDIA Corporation
20. 04. 2015 19:40 <DIR> Opera
05. 02. 2015 17:41 <DIR> Origin
30. 01. 2015 18:22 <DIR> Origin Games
04. 04. 2015 17:47 <DIR> PonyProg2000
18. 12. 2014 18:49 <DIR> Reference Assemblies
18. 04. 2015 18:57 <DIR> Top Password
29. 12. 2014 11:14 <DIR> VIA
10. 03. 2015 22:42 <DIR> Windows Defender
18. 12. 2014 19:57 <DIR> Windows Mail
18. 12. 2014 19:57 <DIR> Windows Media Player
18. 12. 2014 19:57 <DIR> Windows Multimedia Platform
22. 08. 2013 17:36 <DIR> Windows NT
18. 12. 2014 19:57 <DIR> Windows Photo Viewer
18. 12. 2014 19:57 <DIR> Windows Portable Devices
22. 08. 2013 17:36 <DIR> WindowsPowerShell
17. 04. 2015 23:01 <DIR> WinToFlash Suggestor
0 File(s) 0 bytes
47 Dir(s) 69 688 127 488 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Volume in drive C has no label.
Volume Serial Number is 44EF-1CA3

Directory of C:\PROGRA~3

27. 03. 2015 17:05 <DIR> Adobe
12. 04. 2015 22:07 <DIR> AntiSpyInfo
03. 02. 2015 16:38 <DIR> Electronic Arts
08. 04. 2015 13:18 <DIR> Emsisoft
14. 12. 2014 14:24 <DIR> ESET
08. 04. 2015 17:04 <DIR> HitmanPro
31. 01. 2015 19:41 <DIR> Microsoft Help
13. 12. 2014 13:32 <DIR> Microsoft Toolkit
27. 03. 2015 17:15 <DIR> Nitro
16. 04. 2015 21:09 <DIR> Norton
14. 04. 2015 15:27 <DIR> NortonInstaller
22. 04. 2015 13:00 <DIR> NVIDIA
15. 12. 2014 15:51 <DIR> NVIDIA Corporation
15. 04. 2015 17:41 <DIR> Oracle
05. 02. 2015 17:41 <DIR> Origin
04. 04. 2015 16:57 <DIR> Package Cache
22. 02. 2015 15:33 <DIR> regid.1986-12.com.adobe
31. 01. 2015 19:41 <DIR> regid.1991-06.com.microsoft
27. 01. 2015 21:08 <DIR> RogueKiller
01. 01. 2015 13:35 <DIR> Sun
22. 02. 2015 16:25 <DIR> SUPERSetup
30. 01. 2015 19:04 <DIR> VMware
14. 12. 2014 09:02 <DIR> VS Revo Group
16. 01. 2015 17:09 <DIR> {246d4938-dee5-f0a7-246d-d4938dee24e3}
0 File(s) 0 bytes
24 Dir(s) 69 687 996 416 bytes free

========= End of CMD: =========


========= dir "%localappdata%" =========

Volume in drive C has no label.
Volume Serial Number is 44EF-1CA3

Directory of C:\Users\tom\AppData\Local

18. 04. 2015 15:36 <DIR> .
18. 04. 2015 15:36 <DIR> ..
22. 02. 2015 15:59 <DIR> Adobe
22. 01. 2015 17:03 <DIR> Apps
04. 04. 2015 16:59 <DIR> Atmel
18. 04. 2015 19:14 <DIR> CrashDumps
03. 04. 2015 21:46 <DIR> CrashRpt
22. 01. 2015 17:03 <DIR> Deployment
03. 04. 2015 22:27 <DIR> Diagnostics
04. 04. 2015 17:44 <DIR> ElevatedDiagnostics
14. 12. 2014 14:26 <DIR> ESET
15. 04. 2015 13:53 <DIR> Google
04. 04. 2015 17:03 <DIR> IsolatedStorage
14. 01. 2015 14:49 1 llftool.4.25.agreement
04. 04. 2015 16:59 <DIR> Microsoft
06. 01. 2015 16:30 <DIR> Microsoft Help
06. 01. 2015 17:56 <DIR> Microsoft Toolkit
15. 04. 2015 15:47 <DIR> MigWiz
17. 04. 2015 16:04 29 696 MSGBOX.EXE
17. 04. 2015 16:29 <DIR> NPE
15. 12. 2014 15:39 <DIR> NVIDIA
15. 12. 2014 15:59 <DIR> NVIDIA Corporation
15. 04. 2015 13:52 <DIR> Opera Software
30. 01. 2015 18:22 <DIR> Origin
24. 01. 2015 19:31 <DIR> Packages
15. 01. 2015 18:06 <DIR> Programs
03. 02. 2015 16:42 <DIR> PunkBuster
16. 04. 2015 21:22 7 605 Resmon.ResmonCfg
18. 04. 2015 18:29 <DIR> ShamurShamur
22. 04. 2015 13:30 <DIR> Temp
17. 04. 2015 17:27 <DIR> VirtualStore
05. 04. 2015 10:37 <DIR> VisualAssistAtmel
14. 12. 2014 09:02 <DIR> VS Revo Group
3 File(s) 37 302 bytes
30 Dir(s) 69 687 996 416 bytes free

========= End of CMD: =========


========= dir "%appdata%" =========

Volume in drive C has no label.
Volume Serial Number is 44EF-1CA3

Directory of C:\Users\tom\AppData\Roaming

05. 04. 2015 10:38 <DIR> .
05. 04. 2015 10:38 <DIR> ..
12. 02. 2015 19:00 <DIR> AC3Filter
26. 02. 2015 09:00 <DIR> Adobe
04. 04. 2015 16:59 <DIR> Atmel
27. 03. 2015 17:14 <DIR> Downloaded Installations
14. 12. 2014 14:26 <DIR> ESET
19. 12. 2014 12:27 <DIR> Identities
20. 01. 2015 16:06 <DIR> LockAP
13. 12. 2014 12:44 <DIR> Macromedia
27. 03. 2015 17:15 <DIR> Nitro
22. 04. 2015 13:28 <DIR> Nitro PDF
15. 04. 2015 13:52 <DIR> Opera Software
03. 02. 2015 15:46 <DIR> Origin
15. 01. 2015 16:45 <DIR> PhrozenSoft
06. 01. 2015 16:47 <DIR> Prodiance
25. 01. 2015 12:12 <DIR> ProfiCAD
19. 04. 2015 12:00 <DIR> uTorrent
05. 04. 2015 10:37 <DIR> VisualAssistAtmel
30. 01. 2015 19:03 <DIR> VMware
22. 12. 2014 17:27 <DIR> VS Revo Group
13. 12. 2014 14:30 <DIR> WinRAR
0 File(s) 0 bytes
22 Dir(s) 69 687 992 320 bytes free

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 13:30:23 ====

[konu]

Poslal jsem to na

předmět je Sim editor - Goffer.exe

[altrok]

Poprosim Vas, abyste editnul posledni prispevek s moji emailovou adresou a odstranil ji (spamboti), dekuji.

Za archiv dekuji... mel jsem podezreni, ze se jedna o dropper haveti, ale po prvotnim testu to nevypada... dropperem bude pravdepodobne neco jineho.

Otestujte na virustotal.com

• C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb\74cc5c0b-e570-4327-802b-725a2955f3cd.dll
• C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0\003f8103-a65f-407b-8b92-482debc8d4d6.dll
• C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845\59669c6c-c8c8-41f8-b431-c5fae2c5d098.dll
• C:\PROGRA~1\COMMON~1\System\SysMenu.dll

- pokud uz byly soubory otestovane, zvolte Reanalyse. Do pristiho prispevku dejte linky (odkazy) s vysledky analyz.

A nez to odmazem rucne, ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[konu]

https://www.virustotal.com/cs/file/3d81 ... 429712093/
https://www.virustotal.com/cs/file/3d81 ... 429712093/
https://www.virustotal.com/cs/file/3d81 ... 429712093/


To poslední sysmenu.dll má jinou cestu C:\Program Files\Common Files\System
https://www.virustotal.com/cs/file/1659 ... 429712106/
Ve složce je i pár dalších zkusil jsem zkontrolovat sysmenu64.dll
https://www.virustotal.com/cs/file/e6d8 ... 429712219/

Ty 2 sysmenu jsou podle certifikátu k YTDownloader .Ten se nainstaloval spolu asi s 6 programy jako nevyžádané .
Nějaký program jsem stáhl ze slunečnice a u něj bylo tady těch 6 , i když jsem je odmítl tak se bleskově nainstalovaly.
S Revo uninst. jsem je odinstaloval s hloubkovou kontrolou.

Zajímavé je u SysMenu : ESET-NOD32 a variant of Win32/SpeedBit.F potentially unwanted ale když to zkontroluju v pc tak nic nehlásí.

[konu]

# AdwCleaner v4.201 - Log vytvořen 22/04/2015 v 16:35:02
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-21.3 [Server]
# Operační system : Windows 8.1 Enterprise (x64)
# Uživatelské jméno : tom - ASUS-PC
# Spuštěno z : C:\Users\tom\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Program Files (x86)\WinToFlash Suggestor
Soubor Smazáno : C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN_01009.Wdf

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Klíč Smazáno : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Klíč Smazáno : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klíč Smazáno : HKCU\Software\AppDataLow\Software\WinToFlash Suggestor
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Opera v28.0.1750.51


*************************

AdwCleaner[R7].txt - [741 bytů] - [13/04/2015 18:18:45]
AdwCleaner[R8].txt - [2360 bytů] - [22/04/2015 16:32:34]
AdwCleaner[R9].txt - [2416 bytů] - [22/04/2015 16:34:25]
AdwCleaner[S7].txt - [2315 bytů] - [22/04/2015 16:35:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2373 bytů] ##########

[altrok]

Zajimave... malware, ktery jsem cekal, ze smaze, nechal byt... udelejte jeste log z PCHuntera (viz nize), at mam podklady pro vyvojare antimalwarovych utilit a antiviru.

Prvni 3 Vami testovane knihovny jsou dle meho nazoru zcela jiste dilo/soucast malwaru... jeste je tam nechame... pozdeji je od Vas jeste budu chtit.


Postup kolegy Naughtyho:
Po stazeni http://www.xuetr.com/download/PCHunter_free.zip
(rezervni odkaz http://www.epoolsoft.com/pchunter/PCHunter_free.zip ),
rozbaleni, spusteni spravne verze dle operacniho systemu 32b vs 64b, prejdi do zalozky Examination, v ni zaskrkej vsechny volby, dej generovat, po skonceni generovani klik na exportovat - textak do raru a vloz do prispevku (neb bude dlouhy a nevesel by se).

[konu]

Pchunter

[altrok]

Spustte FRST64.exe, do bileho pole Search vlozte

• 59669c6c-c8c8-41f8-b431-c5fae2c5d098.dll;SysMenu.dll;SysMenu64.dll;Command701;spbiu.exe;SMupdate3;SMupdate2

a kliknete na Search Registry.
Obsah Search.txt poslete v dalsi odpovedi.

Spustte FRST64.exe, do bileho pole Search vlozte

• spbiu.exe

a kliknete na Search.
POZOR: Search.txt se prepise! Obsah Search.txt poslete v dalsi odpovedi.

Zabalte prosim nasledujici slozky a upnete je na ulozto/leteckoupostu a odkaz opet do mailu.

• C:\ProgramData\ShopperPro
• C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
• C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
• C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
• C:\Program Files\Common Files\System\sysmenu64.dll
• C:\Program Files\Common Files\System\sysmenu.dll

[konu]

Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by tom at 2015-04-23 14:42:19
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Boot Mode: Normal

================== Search Registry: "•59669c6c-c8c8-41f8-b431-c5fae2c5d098.dll;SysMenu.dll;SysMenu64.dll;Command701;spbiu.exe;SMupdate3;SMupdate2" ===========


===================== Search result for "SMupdate3" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF003A68-C578-4D84-AA34-A199F4BEC493}]
"Path"="\Microsoft\Windows\Multimedia\SMupdate3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3]

===================== Search result for "SMupdate2" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7373C5A-4029-4105-90CD-8FF29EC42128}]
"Path"="\Microsoft\Windows\Maintenance\SMupdate2"

====== End Of Search ======

[konu]

Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by tom at 2015-04-23 14:44:01
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Boot Mode: Normal

================== Search Files: "spbiu.exe" =============

====== End Of Search ======

[konu]

Zakomprimováno Desktop.rar. ShopperPro nesedí cesta .Více v mailu.

[altrok]

Dekuji za dalsi vzorek, jeste Vas poprosim o uploadnuti obsahu slozky C:\Windows\System32\Tasks
Snad uz se jedna o posledni upload... a az to odeslete, zkusime to sestrelit, at se hneme z mista.


fixlist.txt s nasledujicim obsahem, spustit FRST a kliknout na fix
po restartu zaslat fixlog a sledovat, zda jeste prijde upozorneni od providera
odchazim ted od PC, budu tu pravdepodobne az nekdy v noci

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\MountPoints2: F - "F:\SETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope value is missing.
2015-04-12 21:46 - 2015-04-14 16:25 - 00000000 ____D () C:\Program Files\trend micro
2015-04-12 21:46 - 2015-04-12 21:48 - 00000000 ____D () C:\rsit
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\tom\AppData\Local\CrashRpt
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro

Task: {3052CD23-49C6-4342-9689-B03E9B81FD37} - System32\Tasks\{BFF7EEEF-31C2-45A5-9821-0A06C9D43121} => pcalua.exe -a E:\InstAll.exe -d E:\
Task: {4D820859-D391-4DAF-88D7-32E1D5B46968} - System32\Tasks\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {99CE4F40-1949-4477-A052-729E22B4B7E8} - System32\Tasks\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD} => pcalua.exe -a C:\Users\tom\Desktop\setup.exe -d C:\Users\tom\Desktop
Task: {AF003A68-C578-4D84-AA34-A199F4BEC493} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {EB687EFB-5FF0-4C3F-998D-7FC4237CA5C9} - System32\Tasks\brbrw_1280 => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe
Task: {F7373C5A-4029-4105-90CD-8FF29EC42128} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
C:\Users\Public\Documents\ShopperPro
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu64.dll
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\ShopperPro
EmptyTemp:
End