adware

Zpráva

petal219 · #1 Příspěvek od **petal219** » 09 čer 2014 21:32

dobrý den zřejmě mám adware vyhazuje okna bet365 converse atd. v ghromu to řeším adblockem (přidán poté) ale jiné prohliče stále vyhazují ty reklamy zde je FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2014 03
Ran by Matouskovi (administrator) on MATOUSKOVI-PC on 09-06-2014 22:22:07
Running from C:\Users\Matouskovi\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\7958e7ae468a21c.exe
() C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe
() C:\Users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\b2cf53524eae253.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
() C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\FunctionMethodWindows.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(forum.viry.cz) C:\Users\Matouskovi\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151552 2013-06-29] (IvoSoft)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\CurrentVersion\Windows: [Load] C:\Users\MATOUS~1\LOCALS~1\Temp\msiimaye.com <===== ATTENTION
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\MountPoints2: {1b054e47-28f4-11e2-880e-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\MountPoints2: {1f9cd650-618a-11e3-b9c2-001ec94dec92} - F:\Autorun.exe
HKU\S-1-5-21-1528716315-3860698994-2152196103-1000\...\MountPoints2: {bdc6d619-5e2d-11e2-bd7b-001ec94dec92} - F:\autorun.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:31933
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
SearchScopes: HKCU - DefaultScope {4F833CAA-94E3-40C1-BE60-4F3FBA29F155} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {05EF0A21-C92E-4743-8E39-730E26024039} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {13FD8C9D-66CA-4D65-9291-F6B92FF6FBA1} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12454
SearchScopes: HKCU - {48FB8B09-5758-462C-971F-8241120BC74F} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
SearchScopes: HKCU - {4F833CAA-94E3-40C1-BE60-4F3FBA29F155} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {7FB123D2-EA11-4D13-B9B7-18D27F58A421} URL = http://www.novinky.cz/hledej?w={searchT ... arch_12454
SearchScopes: HKCU - {96382310-48A0-4DDF-AD92-613B8A5CB223} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12454
SearchScopes: HKCU - {B698D1D6-D6AF-4397-8E21-CAC7D387B574} URL = http://www.google.cz/search?q={searchTe ... {startPage}
SearchScopes: HKCU - {CDBF616F-FE64-4FDF-BE82-9D58616AA328} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
SearchScopes: HKCU - {CE67BA7D-24B5-4481-AFB4-48B896032C3A} URL = http://search.seznam.cz/?q={searchTerms ... arch_12454
SearchScopes: HKCU - {DC303589-C36F-4BB1-8484-B5FAC272634A} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
SearchScopes: HKCU - {E5C3AF93-9698-4585-A13D-2D96003B49F5} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.11.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\EsterkaPú\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Disk Google) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Vyhledávání Google) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (AdBlock) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-06]
CHR Extension: (Peněženka Google) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 7958e7ae468a21c.exe; C:\Users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\7958e7ae468a21c.exe [93696 2014-05-27] () [File not signed]
R2 AddonControlScript.exe; C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe [110592 2014-06-03] () [File not signed]
R2 b2cf53524eae253.exe; C:\Users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\b2cf53524eae253.exe [93696 2014-05-27] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-12] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-04-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375176 2011-12-07] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2011-12-07] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-22] ()
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] () [File not signed]
S2 d11a7098fe97eff.exe; C:\Users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe [X]
S2 Hamachi2Svc; "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-11] (Disc Soft Ltd)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-11] (Duplex Secure Ltd.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2011-07-15] (Creative Technology Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 eqnuhafc; \??\C:\Windows\system32\drivers\eqnuhafc.sys [X]
S1 vspxlbdp; \??\C:\Windows\system32\drivers\vspxlbdp.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-09 22:22 - 2014-06-09 22:22 - 00019452 _____ () C:\Users\Matouskovi\Desktop\FRST.txt
2014-06-09 22:12 - 2014-06-09 22:22 - 00000000 ____D () C:\FRST
2014-06-09 22:12 - 2014-06-09 22:12 - 00112640 _____ (forum.viry.cz) C:\Users\Matouskovi\Downloads\FRSTLauncher.exe
2014-06-09 22:12 - 2014-06-09 22:12 - 00112640 _____ (forum.viry.cz) C:\Users\Matouskovi\Desktop\FRSTLauncher.exe
2014-06-09 22:11 - 2014-06-09 22:11 - 02080768 _____ (Farbar) C:\Users\Matouskovi\Downloads\FRST64.exe
2014-06-09 22:11 - 2014-06-09 22:11 - 02080768 _____ (Farbar) C:\Users\Matouskovi\Desktop\FRST64.exe
2014-06-07 11:07 - 2014-06-07 11:07 - 00000219 _____ () C:\Users\Matouskovi\Desktop\Counter-Strike Global Offensive.url
2014-06-06 21:01 - 2014-06-06 21:01 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
2014-05-30 22:03 - 2014-05-30 22:30 - 246686629 _____ () C:\Users\Matouskovi\Downloads\Lady-Gaga---G.U.Y.---An-ARTPOP-Film.mp4
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-05-30 21:00 - 2014-05-30 21:00 - 02365840 _____ () C:\Users\Matouskovi\Downloads\SecurityTaskManager_Setup.exe
2014-05-29 17:38 - 2014-05-29 17:38 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
2014-05-29 16:50 - 2014-05-29 16:50 - 00000000 ____D () C:\Users\EsterkaPú\Downloads\Savci
2014-05-29 16:50 - 2014-05-19 18:10 - 05901781 _____ () C:\Users\EsterkaPú\Desktop\PRIMÁTI.pptx
2014-05-29 16:50 - 2014-05-14 21:41 - 02963456 _____ () C:\Users\EsterkaPú\Desktop\PLOUTVONOZCI.ppt
2014-05-29 16:50 - 2014-05-14 21:03 - 08694089 _____ () C:\Users\EsterkaPú\Desktop\Sudokopytníci.pptm
2014-05-29 16:50 - 2014-05-13 11:48 - 10682349 _____ () C:\Users\EsterkaPú\Desktop\Chobotnatci.pptx
2014-05-29 16:50 - 2014-05-12 17:12 - 03641624 _____ () C:\Users\EsterkaPú\Desktop\Lichokopytníci.pptx
2014-05-29 16:50 - 2014-04-23 22:25 - 00712130 _____ () C:\Users\EsterkaPú\Desktop\Kytovci.pptx
2014-05-29 16:50 - 2014-04-23 20:34 - 00146856 _____ () C:\Users\EsterkaPú\Desktop\Hlodavci.pptx
2014-05-29 16:50 - 2014-04-10 09:27 - 00122003 _____ () C:\Users\EsterkaPú\Desktop\Panda Červená.pptx
2014-05-29 16:50 - 2014-04-10 00:06 - 89638310 _____ () C:\Users\EsterkaPú\Desktop\kockoviti_marie sawa.pptx
2014-05-29 16:50 - 2014-04-05 18:57 - 02259262 _____ () C:\Users\EsterkaPú\Desktop\Pes domácí.pptx
2014-05-29 16:50 - 2014-04-05 18:08 - 00303304 _____ () C:\Users\EsterkaPú\Desktop\Liška obecná.pptx
2014-05-29 16:50 - 2014-04-05 17:21 - 00742117 _____ () C:\Users\EsterkaPú\Desktop\Vlk obecný.pptx
2014-05-29 16:50 - 2014-03-31 22:15 - 00270020 _____ () C:\Users\EsterkaPú\Desktop\Medvědovití.pptx
2014-05-29 16:50 - 2014-03-31 22:14 - 00877730 _____ () C:\Users\EsterkaPú\Desktop\Lasicovití.pptx
2014-05-29 16:50 - 2014-03-31 20:56 - 02965712 _____ () C:\Users\EsterkaPú\Desktop\PSOVITÍ.pptx
2014-05-29 16:50 - 2014-03-25 13:15 - 00596307 _____ () C:\Users\EsterkaPú\Desktop\Chudozubí.pptx
2014-05-29 16:50 - 2014-03-22 19:26 - 02062017 _____ () C:\Users\EsterkaPú\Desktop\LETOVCI No.2.pptx
2014-05-29 16:50 - 2014-03-13 09:45 - 02572161 _____ () C:\Users\EsterkaPú\Desktop\Vejcorodí savci.pptx
2014-05-29 16:50 - 2014-02-03 23:28 - 01402408 _____ () C:\Users\EsterkaPú\Desktop\VAČNATCI.pptx
2014-05-29 16:50 - 2014-02-03 16:49 - 00146432 _____ () C:\Users\EsterkaPú\Desktop\Hlodavci.ppt
2014-05-29 16:49 - 2014-06-09 13:10 - 00000000 ____D () C:\Users\EsterkaPú\Desktop\Savci
2014-05-29 16:33 - 2014-05-29 16:41 - 135847825 _____ () C:\Users\EsterkaPú\Downloads\Savci.zip
2014-05-27 19:06 - 2014-05-27 19:06 - 00000000 _____ () C:\Users\Matouskovi\Desktop\Nový textový dokument.txt
2014-05-27 16:56 - 2014-05-27 16:56 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334
2014-05-26 17:14 - 2014-05-26 17:15 - 02396322 _____ () C:\Users\Matouskovi\Downloads\fire_digital_camo_by_darkiller45-d30ig49.tga
2014-05-26 15:23 - 2014-05-26 15:23 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (6).tga
2014-05-26 15:19 - 2014-05-26 15:19 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (5).tga
2014-05-26 15:17 - 2014-05-26 17:15 - 02396322 _____ () C:\Users\Matouskovi\Desktop\ger_camo_grey.tga
2014-05-26 15:16 - 2014-05-26 15:16 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (4).tga
2014-05-26 15:09 - 2014-05-26 15:09 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (3).tga
2014-05-26 15:06 - 2014-05-26 15:06 - 00000000 _____ () C:\Users\Matouskovi\Desktop\Nový rastrový obrázek.bmp
2014-05-26 15:00 - 2014-05-26 15:00 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (2).tga
2014-05-26 14:57 - 2014-05-26 14:57 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey.tga
2014-05-26 14:57 - 2014-05-26 14:57 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (1).tga
2014-05-24 12:22 - 2014-05-24 11:19 - 00675988 _____ () C:\Users\Matouskovi\Desktop\Minecraft.exe
2014-05-24 12:17 - 2014-05-24 12:17 - 00924453 _____ () C:\Users\Matouskovi\Downloads\XRay-1.7.5-v4.jar
2014-05-24 11:19 - 2014-05-24 11:19 - 00675988 _____ () C:\Users\Matouskovi\Downloads\Minecraft.exe
2014-05-23 14:25 - 2014-05-23 14:25 - 01417557 _____ () C:\Users\Matouskovi\Downloads\20140521_1816_usa-Sherman_Jumbo_33_fjord.wotreplay
2014-05-22 20:35 - 2014-05-22 20:35 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Roaming\vlc
2014-05-21 08:57 - 2014-05-21 08:57 - 00000000 ____D () C:\Users\Jindřiška\AppData\Local\LogMeIn
2014-05-20 20:50 - 2014-05-20 20:50 - 01058712 _____ () C:\Users\Matouskovi\Desktop\20140520_2041_germany-G_Tiger_35_steppes.wotreplay
2014-05-19 21:27 - 2014-05-19 21:27 - 00000000 __SHD () C:\Users\EsterkaPú\AppData\Local\EmieUserList
2014-05-19 21:27 - 2014-05-19 21:27 - 00000000 __SHD () C:\Users\EsterkaPú\AppData\Local\EmieSiteList
2014-05-19 21:19 - 2014-05-15 16:36 - 00011539 _____ () C:\Users\EsterkaPú\Desktop\Matoušková_Patnáckta.xlsx
2014-05-19 20:27 - 2014-05-19 20:29 - 01653506 _____ () C:\Users\Matouskovi\Desktop\20140519_2002_france-AMX_13_90_37_caucasus.wotreplay
2014-05-19 20:27 - 2014-05-19 20:27 - 01483460 _____ () C:\Users\Matouskovi\Downloads\20140519_2002_china-Ch11_110_37_caucasus.wotreplay
2014-05-19 20:16 - 2014-05-19 20:15 - 01751321 _____ () C:\Users\Matouskovi\Desktop\20140519_2002_usa-T34_hvy_37_caucasus.wotreplay
2014-05-18 15:32 - 2014-05-18 15:32 - 00011649 _____ () C:\Users\Matouskovi\Downloads\Nová položka Microsoft Excel Worksheet (2) (1).xlsx
2014-05-18 15:28 - 2014-05-18 15:28 - 00011649 _____ () C:\Users\Matouskovi\Downloads\Nová položka Microsoft Excel Worksheet (2).xlsx
2014-05-17 16:26 - 2014-05-17 16:26 - 00276675 _____ () C:\Users\Matouskovi\Downloads\20140517_1621_ussr-T62A_37_caucasus.wotreplay
2014-05-17 16:26 - 2014-05-17 16:26 - 00189730 _____ () C:\Users\Matouskovi\Downloads\20140517_1621_usa-M40M43_37_caucasus.wotreplay
2014-05-17 15:56 - 2014-05-17 15:56 - 01271151 _____ () C:\Users\Matouskovi\Desktop\20140417_1843_ussr-IS8_29_el_hallouf.wotreplay
2014-05-16 22:15 - 2014-05-16 22:15 - 00000000 ____D () C:\Users\Matouskovi\Desktop\Nová složka
2014-05-16 22:03 - 2014-05-16 22:04 - 06213392 _____ (TeamViewer GmbH) C:\Users\Matouskovi\Downloads\TeamViewer_Setup_cs-ckq.exe
2014-05-11 19:41 - 2014-05-11 20:00 - 200211902 _____ () C:\Users\EsterkaPú\Downloads\Lady-Gaga---Born-This-Way-(Special-Edition)-[2011] (1).rar
2014-05-11 16:09 - 2014-05-11 16:09 - 00527668 _____ () C:\Users\Matouskovi\Downloads\13932502210364_germany_PzIV_hills.wotreplay
2014-05-11 15:49 - 2014-05-11 15:49 - 00167500 _____ () C:\Users\Matouskovi\Desktop\20140511_1544_usa-T110E3_23_westfeld.wotreplay
2014-05-11 15:48 - 2014-05-11 15:48 - 01147651 _____ () C:\Users\Matouskovi\Downloads\20140420_2131_usa-T110_29_el_hallouf.wotreplay
2014-05-11 15:48 - 2014-05-11 15:47 - 00221890 _____ () C:\Users\Matouskovi\Desktop\20140511_1544_france-ELC_AMX_23_westfeld.wotreplay
2014-05-11 15:06 - 2014-05-11 15:01 - 10675578 _____ () C:\Users\UpdatusUser\Chobotnatci.pptx
2014-05-11 13:51 - 2014-05-11 13:52 - 10674774 _____ () C:\Users\EsterkaPú\Downloads\Chobotnatci (1).pptx
2014-05-11 13:51 - 2014-05-11 13:52 - 00000655 _____ () C:\Users\EsterkaPú\Desktop\Chobotnatci.lnk
2014-05-11 13:50 - 2014-05-11 15:01 - 10675578 _____ () C:\Users\EsterkaPú\Downloads\Chobotnatci.pptx
2014-05-11 13:37 - 2014-05-11 13:37 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\AVG
2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\LogMeIn
2014-05-11 12:40 - 2014-05-11 12:40 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-05-11 12:39 - 2014-05-11 12:40 - 07344448 _____ (Bandisoft) C:\Users\Matouskovi\Downloads\bdcamsetup.exe
2014-05-11 12:36 - 2014-05-11 12:36 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\AVG
2014-05-11 12:34 - 2014-05-11 12:35 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\Free Sound Recorder
2014-05-11 12:34 - 2014-05-11 12:34 - 00000000 ____D () C:\Users\Matouskovi\Documents\Free Sound Recorder
2014-05-11 12:34 - 2014-05-11 12:34 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\OpenCandy
2014-05-11 12:34 - 2002-01-05 16:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-05-11 12:32 - 2014-05-11 12:33 - 11228616 _____ (Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc. ) C:\Users\Matouskovi\Downloads\FreeSoundRecorder.exe
2014-05-10 19:09 - 2014-05-10 19:09 - 00007052 _____ () C:\Users\Matouskovi\Downloads\SafeShot.rar

==================== One Month Modified Files and Folders =======

2014-06-09 22:22 - 2014-06-09 22:22 - 00019452 _____ () C:\Users\Matouskovi\Desktop\FRST.txt
2014-06-09 22:22 - 2014-06-09 22:12 - 00000000 ____D () C:\FRST
2014-06-09 22:22 - 2012-11-07 18:09 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\Temp
2014-06-09 22:12 - 2014-06-09 22:12 - 00112640 _____ (forum.viry.cz) C:\Users\Matouskovi\Downloads\FRSTLauncher.exe
2014-06-09 22:12 - 2014-06-09 22:12 - 00112640 _____ (forum.viry.cz) C:\Users\Matouskovi\Desktop\FRSTLauncher.exe
2014-06-09 22:11 - 2014-06-09 22:11 - 02080768 _____ (Farbar) C:\Users\Matouskovi\Downloads\FRST64.exe
2014-06-09 22:11 - 2014-06-09 22:11 - 02080768 _____ (Farbar) C:\Users\Matouskovi\Desktop\FRST64.exe
2014-06-09 22:05 - 2012-11-07 18:15 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-09 21:38 - 2012-11-14 19:06 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 20:44 - 2009-07-14 06:51 - 00272795 _____ () C:\Windows\setupact.log
2014-06-09 20:24 - 2012-11-07 18:08 - 01717646 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 20:07 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 20:07 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 20:05 - 2011-04-12 10:34 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2014-06-09 20:05 - 2011-04-12 10:34 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2014-06-09 20:05 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 20:02 - 2012-12-08 18:22 - 00004010 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{961A0EA5-CBA7-4758-9183-B4472D8FEEE8}
2014-06-09 20:00 - 2012-11-14 19:05 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 19:59 - 2012-11-07 18:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-09 19:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 16:16 - 2012-11-14 19:44 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\Temp
2014-06-09 13:10 - 2014-05-29 16:49 - 00000000 ____D () C:\Users\EsterkaPú\Desktop\Savci
2014-06-09 12:52 - 2013-10-24 14:33 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Roaming\Seznam.cz
2014-06-08 18:24 - 2012-11-20 19:21 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\Skype
2014-06-08 14:10 - 2014-03-26 14:14 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\Battle.net
2014-06-07 14:53 - 2014-03-26 14:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-07 13:16 - 2012-11-14 19:21 - 00225607 _____ () C:\Windows\DirectX.log
2014-06-07 11:07 - 2014-06-07 11:07 - 00000219 _____ () C:\Users\Matouskovi\Desktop\Counter-Strike Global Offensive.url
2014-06-07 11:07 - 2014-01-11 13:56 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-06 21:01 - 2014-06-06 21:01 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
2014-06-06 17:59 - 2012-12-21 13:55 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\TS3Client
2014-06-05 09:13 - 2012-11-16 15:41 - 00000000 ____D () C:\Users\Jindřiška\AppData\Local\Temp
2014-06-05 08:36 - 2013-11-06 09:04 - 00000000 ____D () C:\Users\Jindřiška\AppData\Roaming\Seznam.cz
2014-06-03 10:09 - 2013-01-05 21:18 - 00000000 ____D () C:\Users\Jindřiška\AppData\Roaming\Skype
2014-06-01 14:48 - 2013-03-24 19:44 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\.minecraft
2014-06-01 12:43 - 2012-11-23 12:33 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-01 12:43 - 2012-11-22 20:43 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-31 15:19 - 2012-11-22 20:43 - 00281392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-30 22:30 - 2014-05-30 22:03 - 246686629 _____ () C:\Users\Matouskovi\Downloads\Lady-Gaga---G.U.Y.---An-ARTPOP-Film.mp4
2014-05-30 21:19 - 2012-11-23 12:26 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\CrashDumps
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-05-30 21:04 - 2014-05-30 21:04 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-05-30 21:04 - 2012-11-07 18:54 - 00007642 _____ () C:\Users\Matouskovi\AppData\Local\Resmon.ResmonCfg
2014-05-30 21:00 - 2014-05-30 21:00 - 02365840 _____ () C:\Users\Matouskovi\Downloads\SecurityTaskManager_Setup.exe
2014-05-30 15:33 - 2013-06-22 13:44 - 00000000 ____D () C:\Users\Matouskovi\Documents\Soubory aplikace Outlook
2014-05-30 14:50 - 2013-11-30 13:36 - 00869888 ___SH () C:\Users\Matouskovi\Desktop\Thumbs.db
2014-05-30 10:00 - 2013-10-30 21:28 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-05-29 18:01 - 2012-11-20 18:35 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Roaming\Skype
2014-05-29 17:38 - 2014-05-29 17:38 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
2014-05-29 16:50 - 2014-05-29 16:50 - 00000000 ____D () C:\Users\EsterkaPú\Downloads\Savci
2014-05-29 16:41 - 2014-05-29 16:33 - 135847825 _____ () C:\Users\EsterkaPú\Downloads\Savci.zip
2014-05-29 15:32 - 2014-05-07 11:05 - 00223336 _____ () C:\Users\Matouskovi\Desktop\wot.camproj
2014-05-29 13:04 - 2012-11-20 14:48 - 00007168 _____ () C:\Users\Matouskovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-27 19:06 - 2014-05-27 19:06 - 00000000 _____ () C:\Users\Matouskovi\Desktop\Nový textový dokument.txt
2014-05-27 18:43 - 2013-12-20 18:55 - 00257536 ___SH () C:\Users\Matouskovi\Downloads\Thumbs.db
2014-05-27 16:56 - 2014-05-27 16:56 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334
2014-05-26 17:15 - 2014-05-26 17:14 - 02396322 _____ () C:\Users\Matouskovi\Downloads\fire_digital_camo_by_darkiller45-d30ig49.tga
2014-05-26 17:15 - 2014-05-26 15:17 - 02396322 _____ () C:\Users\Matouskovi\Desktop\ger_camo_grey.tga
2014-05-26 15:23 - 2014-05-26 15:23 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (6).tga
2014-05-26 15:19 - 2014-05-26 15:19 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (5).tga
2014-05-26 15:16 - 2014-05-26 15:16 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (4).tga
2014-05-26 15:09 - 2014-05-26 15:09 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (3).tga
2014-05-26 15:06 - 2014-05-26 15:06 - 00000000 _____ () C:\Users\Matouskovi\Desktop\Nový rastrový obrázek.bmp
2014-05-26 15:00 - 2014-05-26 15:00 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (2).tga
2014-05-26 14:57 - 2014-05-26 14:57 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey.tga
2014-05-26 14:57 - 2014-05-26 14:57 - 01048594 _____ () C:\Users\Matouskovi\Downloads\ger_camo_grey (1).tga
2014-05-26 14:57 - 2014-04-05 12:49 - 00000000 ____D () C:\Users\Matouskovi\Desktop\škola
2014-05-24 12:17 - 2014-05-24 12:17 - 00924453 _____ () C:\Users\Matouskovi\Downloads\XRay-1.7.5-v4.jar
2014-05-24 11:19 - 2014-05-24 12:22 - 00675988 _____ () C:\Users\Matouskovi\Desktop\Minecraft.exe
2014-05-24 11:19 - 2014-05-24 11:19 - 00675988 _____ () C:\Users\Matouskovi\Downloads\Minecraft.exe
2014-05-23 14:25 - 2014-05-23 14:25 - 01417557 _____ () C:\Users\Matouskovi\Downloads\20140521_1816_usa-Sherman_Jumbo_33_fjord.wotreplay
2014-05-22 20:35 - 2014-05-22 20:35 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Roaming\vlc
2014-05-21 17:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-21 16:00 - 2012-11-20 18:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-21 16:00 - 2012-11-20 18:35 - 00000000 ____D () C:\ProgramData\Skype
2014-05-21 08:57 - 2014-05-21 08:57 - 00000000 ____D () C:\Users\Jindřiška\AppData\Local\LogMeIn
2014-05-20 20:50 - 2014-05-20 20:50 - 01058712 _____ () C:\Users\Matouskovi\Desktop\20140520_2041_germany-G_Tiger_35_steppes.wotreplay
2014-05-19 21:27 - 2014-05-19 21:27 - 00000000 __SHD () C:\Users\EsterkaPú\AppData\Local\EmieUserList
2014-05-19 21:27 - 2014-05-19 21:27 - 00000000 __SHD () C:\Users\EsterkaPú\AppData\Local\EmieSiteList
2014-05-19 20:29 - 2014-05-19 20:27 - 01653506 _____ () C:\Users\Matouskovi\Desktop\20140519_2002_france-AMX_13_90_37_caucasus.wotreplay
2014-05-19 20:27 - 2014-05-19 20:27 - 01483460 _____ () C:\Users\Matouskovi\Downloads\20140519_2002_china-Ch11_110_37_caucasus.wotreplay
2014-05-19 20:15 - 2014-05-19 20:16 - 01751321 _____ () C:\Users\Matouskovi\Desktop\20140519_2002_usa-T34_hvy_37_caucasus.wotreplay
2014-05-19 18:10 - 2014-05-29 16:50 - 05901781 _____ () C:\Users\EsterkaPú\Desktop\PRIMÁTI.pptx
2014-05-18 15:32 - 2014-05-18 15:32 - 00011649 _____ () C:\Users\Matouskovi\Downloads\Nová položka Microsoft Excel Worksheet (2) (1).xlsx
2014-05-18 15:28 - 2014-05-18 15:28 - 00011649 _____ () C:\Users\Matouskovi\Downloads\Nová položka Microsoft Excel Worksheet (2).xlsx
2014-05-18 11:58 - 2009-07-14 07:08 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 16:26 - 2014-05-17 16:26 - 00276675 _____ () C:\Users\Matouskovi\Downloads\20140517_1621_ussr-T62A_37_caucasus.wotreplay
2014-05-17 16:26 - 2014-05-17 16:26 - 00189730 _____ () C:\Users\Matouskovi\Downloads\20140517_1621_usa-M40M43_37_caucasus.wotreplay
2014-05-17 15:56 - 2014-05-17 15:56 - 01271151 _____ () C:\Users\Matouskovi\Desktop\20140417_1843_ussr-IS8_29_el_hallouf.wotreplay
2014-05-16 22:15 - 2014-05-16 22:15 - 00000000 ____D () C:\Users\Matouskovi\Desktop\Nová složka
2014-05-16 22:04 - 2014-05-16 22:03 - 06213392 _____ (TeamViewer GmbH) C:\Users\Matouskovi\Downloads\TeamViewer_Setup_cs-ckq.exe
2014-05-16 11:27 - 2012-11-07 19:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 16:36 - 2014-05-19 21:19 - 00011539 _____ () C:\Users\EsterkaPú\Desktop\Matoušková_Patnáckta.xlsx
2014-05-14 21:41 - 2014-05-29 16:50 - 02963456 _____ () C:\Users\EsterkaPú\Desktop\PLOUTVONOZCI.ppt
2014-05-14 21:03 - 2014-05-29 16:50 - 08694089 _____ () C:\Users\EsterkaPú\Desktop\Sudokopytníci.pptm
2014-05-14 18:06 - 2012-11-07 18:15 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:06 - 2012-11-07 18:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:06 - 2012-11-07 18:15 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 11:48 - 2014-05-29 16:50 - 10682349 _____ () C:\Users\EsterkaPú\Desktop\Chobotnatci.pptx
2014-05-12 17:12 - 2014-05-29 16:50 - 03641624 _____ () C:\Users\EsterkaPú\Desktop\Lichokopytníci.pptx
2014-05-11 20:00 - 2014-05-11 19:41 - 200211902 _____ () C:\Users\EsterkaPú\Downloads\Lady-Gaga---Born-This-Way-(Special-Edition)-[2011] (1).rar
2014-05-11 18:30 - 2010-11-21 05:47 - 00282010 _____ () C:\Windows\PFRO.log
2014-05-11 16:09 - 2014-05-11 16:09 - 00527668 _____ () C:\Users\Matouskovi\Downloads\13932502210364_germany_PzIV_hills.wotreplay
2014-05-11 15:49 - 2014-05-11 15:49 - 00167500 _____ () C:\Users\Matouskovi\Desktop\20140511_1544_usa-T110E3_23_westfeld.wotreplay
2014-05-11 15:48 - 2014-05-11 15:48 - 01147651 _____ () C:\Users\Matouskovi\Downloads\20140420_2131_usa-T110_29_el_hallouf.wotreplay
2014-05-11 15:47 - 2014-05-11 15:48 - 00221890 _____ () C:\Users\Matouskovi\Desktop\20140511_1544_france-ELC_AMX_23_westfeld.wotreplay
2014-05-11 15:04 - 2012-11-14 19:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-11 15:01 - 2014-05-11 15:06 - 10675578 _____ () C:\Users\UpdatusUser\Chobotnatci.pptx
2014-05-11 15:01 - 2014-05-11 13:50 - 10675578 _____ () C:\Users\EsterkaPú\Downloads\Chobotnatci.pptx
2014-05-11 13:52 - 2014-05-11 13:51 - 10674774 _____ () C:\Users\EsterkaPú\Downloads\Chobotnatci (1).pptx
2014-05-11 13:52 - 2014-05-11 13:51 - 00000655 _____ () C:\Users\EsterkaPú\Desktop\Chobotnatci.lnk
2014-05-11 13:37 - 2014-05-11 13:37 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\AVG
2014-05-11 13:33 - 2014-05-11 13:33 - 00000000 ____D () C:\Users\EsterkaPú\AppData\Local\LogMeIn
2014-05-11 12:40 - 2014-05-11 12:40 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-05-11 12:40 - 2014-05-11 12:39 - 07344448 _____ (Bandisoft) C:\Users\Matouskovi\Downloads\bdcamsetup.exe
2014-05-11 12:36 - 2014-05-11 12:36 - 00000000 ____D () C:\Users\Matouskovi\AppData\Local\AVG
2014-05-11 12:35 - 2014-05-11 12:34 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\Free Sound Recorder
2014-05-11 12:35 - 2013-12-10 19:30 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-11 12:34 - 2014-05-11 12:34 - 00000000 ____D () C:\Users\Matouskovi\Documents\Free Sound Recorder
2014-05-11 12:34 - 2014-05-11 12:34 - 00000000 ____D () C:\Users\Matouskovi\AppData\Roaming\OpenCandy
2014-05-11 12:33 - 2014-05-11 12:32 - 11228616 _____ (Copyright© 2005-2014 FreeSoundRecorder Technologies, Inc. ) C:\Users\Matouskovi\Downloads\FreeSoundRecorder.exe
2014-05-10 19:09 - 2014-05-10 19:09 - 00007052 _____ () C:\Users\Matouskovi\Downloads\SafeShot.rar

Some content of TEMP:
====================
C:\Users\EsterkaPú\AppData\Local\Temp\AutoRun.exe
C:\Users\EsterkaPú\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\EsterkaPú\AppData\Local\Temp\drm_dialogs.dll
C:\Users\EsterkaPú\AppData\Local\Temp\drm_dyndata_7320013.dll
C:\Users\EsterkaPú\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\EsterkaPú\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\EsterkaPú\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\EsterkaPú\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\EsterkaPú\AppData\Local\Temp\EAD2DD4.exe
C:\Users\EsterkaPú\AppData\Local\Temp\EAD5458.exe
C:\Users\EsterkaPú\AppData\Local\Temp\EADE032.exe
C:\Users\EsterkaPú\AppData\Local\Temp\EADE9B5.exe
C:\Users\EsterkaPú\AppData\Local\Temp\eauninstall.exe
C:\Users\EsterkaPú\AppData\Local\Temp\i4jdel0.exe
C:\Users\EsterkaPú\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\EsterkaPú\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\EsterkaPú\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\EsterkaPú\AppData\Local\Temp\SkypeSetup.exe
C:\Users\EsterkaPú\AppData\Local\Temp\UninstallEADM.dll
C:\Users\EsterkaPú\AppData\Local\Temp\VP6Install.exe
C:\Users\EsterkaPú\AppData\Local\Temp\VP6VFW.dll
C:\Users\Jindřiška\AppData\Local\Temp\AskSLib.dll
C:\Users\Jindřiška\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jindřiška\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matouskovi\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Matouskovi\AppData\Local\Temp\bdfilters.dll
C:\Users\Matouskovi\AppData\Local\Temp\EslWireSetup-1.17.2.7687-x64.exe
C:\Users\Matouskovi\AppData\Local\Temp\EslWireSetup-1.17.3.7769-x64.exe
C:\Users\Matouskovi\AppData\Local\Temp\EslWireSetup-1.17.3.7977-x64.exe
C:\Users\Matouskovi\AppData\Local\Temp\EslWireSetup-1.17.3.8001-x64.exe
C:\Users\Matouskovi\AppData\Local\Temp\Gw2.exe
C:\Users\Matouskovi\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Matouskovi\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Matouskovi\AppData\Local\Temp\i4jdel0.exe
C:\Users\Matouskovi\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Matouskovi\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Matouskovi\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Matouskovi\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Matouskovi\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Matouskovi\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Matouskovi\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Matouskovi\AppData\Local\Temp\nvStInst.exe
C:\Users\Matouskovi\AppData\Local\Temp\Quarantine.exe
C:\Users\Matouskovi\AppData\Local\Temp\raidcall.exe
C:\Users\Matouskovi\AppData\Local\Temp\setup.exe
C:\Users\Matouskovi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matouskovi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Matouskovi\AppData\Local\Temp\ubi89E8.tmp.exe
C:\Users\Matouskovi\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 19:54

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:167.58 GB) (Free:26.36 GB) NTFS
Drive d: (Data disk) (Fixed) (Total:1863.01 GB) (Free:1057.4 GB) NTFS
Drive e: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF

Available physical RAM: 2293.85 MB
Total physical RAM: 4029.62 MB
Percentage of memory in use: 43%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0879521D)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 34838E54)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Matouskovi\Desktop" je 3684 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR12
"D:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Matouskovi\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Matouskovi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"D:\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire
"C:\Program Files\EslWire\wire.exe" --tray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvdbufSrv
"C:\Windows\system32\msvdbuf.vbe" mskviy mssdxk [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf
C:\Program Files (x86)\Overwolf\Overwolf.exe -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall
C:\Program Files (x86)\RaidCall\raidcall.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Razer Synapse
"C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay
C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"D:\Program Files (x86)\Steam\Steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"D:\Program Files (x86)\Winamp\winampa.exe" [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **vyosek** » 09 čer 2014 21:59

Zdravim a pekny vecer preji
Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#3 Příspěvek od **vyosek** » 09 čer 2014 22:01

Jste se dal na chov konicku trojskych ci co

Cela zoo i s babkou pokladni

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

resetIEproxy;
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

petal219 · #4 Příspěvek od **petal219** » 10 čer 2014 14:58

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/10/2014 03:55:30 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe (PID: 1684) [UP-HEUR]
* C:\Users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\b2cf53524eae253.exe (PID: 1776) [UP-HEUR]
* C:\Users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\FunctionMethodWindows.exe (PID: 3868) [UP-HEUR]

3 proccesses terminated!

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\Matouskovi\Desktop\rkill\rkill-06-10-2014-03-55-34.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh

20 out of 192 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 06/10/2014 03:55:45 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

#5 Příspěvek od **vyosek** » 10 čer 2014 15:00

Pokracujte Zoek-em

petal219 · #6 Příspěvek od **petal219** » 10 čer 2014 15:13

Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Matouskovi on Łt 10.06.2014 at 15:57:45,73.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Matouskovi\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.6.2014 15:59:25 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1528716315-3860698994-2152196103-1000\Software\Microsoft\Internet Explorer\SearchScopes\{13FD8C9D-66CA-4D65-9291-F6B92FF6FBA1} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Gianluca\AppData\Roaming\Mozilla\Firefox\Profiles\48szkt78.default\prefs.js:

Added to C:\Users\Gianluca\AppData\Roaming\Mozilla\Firefox\Profiles\48szkt78.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\af272fa8.tmp deleted
C:\Users\Matouskovi\AppData\Roaming\OpenCandy deleted
C:\Users\Matouskovi\DB93E2C2851F44B2B09C351D2C624AE1.TMP deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\Users\Matouskovi\AppData\LocalLow\surfcanyon deleted
C:\user.js deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\Matouskovi\AppData\Roaming\GHISLER" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gianluca\AppData\Roaming\Mozilla\Firefox\Profiles\48szkt78.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

ExtDir: C:\Users\Matouskovi\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ExtDir%\suggestor@suggestor.pirrit.com.xpi

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11.04.2014 19:46]

Seznam Li\u0161ti\u010Dka - Email - Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Skype for Chromium - Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba - Gianluca\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
AdBlock - Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{4F833CAA-94E3-40C1-BE60-4F3FBA29F155}"
{05EF0A21-C92E-4743-8E39-730E26024039} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{48FB8B09-5758-462C-971F-8241120BC74F} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_12454"
{4F833CAA-94E3-40C1-BE60-4F3FBA29F155} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{7FB123D2-EA11-4D13-B9B7-18D27F58A421} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_12454"
{96382310-48A0-4DDF-AD92-613B8A5CB223} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_12454"
{B698D1D6-D6AF-4397-8E21-CAC7D387B574} Google Url="http://www.google.cz/search?q={searchTe ... {startPage}"
{CDBF616F-FE64-4FDF-BE82-9D58616AA328} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454"
{CE67BA7D-24B5-4481-AFB4-48B896032C3A} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_12454"
{DC303589-C36F-4BB1-8484-B5FAC272634A} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{E5C3AF93-9698-4585-A13D-2D96003B49F5} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_12454"

==== Reset Google Chrome ======================

C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR12 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gianluca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gianluca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Matouskovi\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Matouskovi\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gianluca\AppData\Local\Mozilla\Firefox\Profiles\48szkt78.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Gianluca\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Matouskovi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=13 27828006 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gianluca\AppData\Local\Temp emptied successfully
C:\Users\Matouskovi\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MATOUS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Łt 10.06.2014 at 16:12:02,59 ======================

opakuje se to ale teď nemám adblock tak někam kliknout to je porod

#7 Příspěvek od **vyosek** » 10 čer 2014 15:27

Zkuste pracovat v nouzovem rezimu

Aplikujte ComboFix

petal219 · #8 Příspěvek od **petal219** » 10 čer 2014 15:37

ComboFix 14-06-10.01 - Matouskovi 10.06.2014 16:26:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2491 [GMT 2:00]
Spuštěný z: c:\users\Matouskovi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\5cd91ef1d926c91.exe
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\7958e7ae468a21c.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\a4c510c21ff52d8.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\b2cf53524eae253.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libgcc_s_dw2-1.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libstdc++-6.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libwinpthread-1.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\mingwm10.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\QtCore4.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\QtNetwork4.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\RegFltrX64.sys
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\RegFltrX86.sys
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DDA2473-FCDF-47EB-9F82-56F8C0E78B82}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76BE3C58-07A9-45F9-A541-A515380B0CDF}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FB190ED-7377-40AE-BC8E-CBE29381BFF5}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B09232F6-68A4-4038-913F-66E2DA7298B8}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBB50402-B4E1-4612-8355-735DDA455598}.xps
c:\windows\PFRO.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RegFltrX64
-------\Service_7958e7ae468a21c.exe
-------\Service_b2cf53524eae253.exe
-------\Service_7958e7ae468a21c.exe
-------\Service_b2cf53524eae253.exe
-------\Service_RegFltrX64
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-10 do 2014-06-10 )))))))))))))))))))))))))))))))
.
.
2014-06-10 14:30 . 2014-06-10 14:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-10 14:30 . 2014-06-10 14:30 -------- d-----w- c:\users\Jindřiška\AppData\Local\temp
2014-06-10 14:09 . 2014-06-10 13:57 24064 ----a-w- c:\windows\zoek-delete.exe
2014-06-10 14:09 . 2014-06-10 14:33 -------- d-----w- c:\users\Matouskovi\AppData\Local\Temp
2014-06-10 13:57 . 2014-06-10 14:10 -------- d-----w- C:\zoek_backup
2014-06-09 20:12 . 2014-06-09 20:23 -------- d-----w- C:\FRST
2014-06-09 18:10 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{290D3B7B-ACCC-4A59-8255-4D43787045EA}\mpengine.dll
2014-06-07 18:31 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-06 19:01 . 2014-06-06 19:01 -------- d-----w- c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
2014-06-05 06:37 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088E2EFD-CAE4-4F6B-B9CB-C78041D75390}\gapaengine.dll
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\programdata\SecTaskMan
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-05-29 15:38 . 2014-06-10 14:30 -------- d-----w- c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
2014-05-22 18:35 . 2014-05-22 18:35 -------- d-----w- c:\users\EsterkaPú\AppData\Roaming\vlc
2014-05-21 14:00 . 2014-05-21 14:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-21 06:57 . 2014-05-21 06:57 -------- d-----w- c:\users\Jindřiška\AppData\Local\LogMeIn
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieUserList
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieSiteList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-01 10:43 . 2012-11-23 10:33 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-01 10:43 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-31 13:19 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-14 16:06 . 2012-11-07 16:15 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:06 . 2012-11-07 16:15 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 07:38 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-29 14:01 . 2014-05-03 20:16 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-04-29 13:40 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 12:34 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-21 08:57 . 2014-04-21 08:57 4685824 ----a-w- c:\programdata\ClassicShellSetup64_4_1_0.msi
2014-04-15 19:09 . 2012-11-07 17:20 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-14 02:24 . 2014-05-03 20:14 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-14 02:19 . 2014-05-03 20:14 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 21:03 . 2012-11-07 16:37 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-20 21:03 . 2012-11-07 16:37 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-20 21:03 . 2013-11-01 14:43 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2013-06-14 16:43 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2014-03-20 21:03 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-20 21:03 . 2013-06-14 16:43 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 21:03 . 2013-11-01 14:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-20 21:02 . 2014-03-20 21:02 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-20 21:02 . 2014-03-20 21:02 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-20 21:02 . 2014-03-20 21:02 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-20 21:02 . 2014-03-20 21:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-03-20 21:02 . 2014-03-20 21:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2013-11-01 14:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2013-06-14 16:43 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2013-06-14 16:43 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2013-06-14 16:43 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-20 06:52 . 2014-04-15 19:26 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{788B6AC3-A173-4E97-AE75-821610B5B07E}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2014-05-29 1754816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 eqnuhafc;eqnuhafc;c:\windows\system32\drivers\eqnuhafc.sys;c:\windows\SYSNATIVE\drivers\eqnuhafc.sys [x]
R1 vspxlbdp;vspxlbdp;c:\windows\system32\drivers\vspxlbdp.sys;c:\windows\SYSNATIVE\drivers\vspxlbdp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d11a7098fe97eff.exe;d11a7098fe97eff.exe;c:\users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe;c:\users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AddonControlScript.exe;AddonControlScript.exe;c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe;c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - REGFLTRX64
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 17:45 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 16:06]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=12454
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:13558
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - d:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-DAEMON Tools Lite - d:\daemon tools lite\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SeznamInstall - c:\users\Matouskovi\AppData\Roaming\Seznam.cz\szninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\FunctionMethodWindows.exe
.
**************************************************************************
.
Celkový čas: 2014-06-10 16:35:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-10 14:35
.
Před spuštěním: Volných bajtů: 42 694 221 824
Po spuštění: Volných bajtů: 42 700 128 256
.
- - End Of File - - 0A9CE0A9333EADFC2042E36D24BE1262
A36C5E4F47E84449FF07ED3517B43A31

petal219 · #9 Příspěvek od **petal219** » 10 čer 2014 15:38

ComboFix 14-06-10.01 - Matouskovi 10.06.2014 16:26:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2491 [GMT 2:00]
Spuštìný z: c:\users\Matouskovi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\5cd91ef1d926c91.exe
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1\7958e7ae468a21c.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\a4c510c21ff52d8.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\b2cf53524eae253.exe
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libgcc_s_dw2-1.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libstdc++-6.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\libwinpthread-1.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\mingwm10.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\QtCore4.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\QtNetwork4.dll
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\RegFltrX64.sys
c:\users\Matouskovi\AppData\Local\aa163f7c2795a1efc5ebff5295f40334\RegFltrX86.sys
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DDA2473-FCDF-47EB-9F82-56F8C0E78B82}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76BE3C58-07A9-45F9-A541-A515380B0CDF}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FB190ED-7377-40AE-BC8E-CBE29381BFF5}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B09232F6-68A4-4038-913F-66E2DA7298B8}.xps
c:\users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBB50402-B4E1-4612-8355-735DDA455598}.xps
c:\windows\PFRO.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladaèe/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RegFltrX64
-------\Service_7958e7ae468a21c.exe
-------\Service_b2cf53524eae253.exe
-------\Service_7958e7ae468a21c.exe
-------\Service_b2cf53524eae253.exe
-------\Service_RegFltrX64
.
.
((((((((((((((((((((((((( Soubory vytvoøené od 2014-05-10 do 2014-06-10 )))))))))))))))))))))))))))))))
.
.
2014-06-10 14:30 . 2014-06-10 14:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-10 14:30 . 2014-06-10 14:30 -------- d-----w- c:\users\Jindøiška\AppData\Local\temp
2014-06-10 14:09 . 2014-06-10 13:57 24064 ----a-w- c:\windows\zoek-delete.exe
2014-06-10 14:09 . 2014-06-10 14:33 -------- d-----w- c:\users\Matouskovi\AppData\Local\Temp
2014-06-10 13:57 . 2014-06-10 14:10 -------- d-----w- C:\zoek_backup
2014-06-09 20:12 . 2014-06-09 20:23 -------- d-----w- C:\FRST
2014-06-09 18:10 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{290D3B7B-ACCC-4A59-8255-4D43787045EA}\mpengine.dll
2014-06-07 18:31 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-06 19:01 . 2014-06-06 19:01 -------- d-----w- c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
2014-06-05 06:37 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088E2EFD-CAE4-4F6B-B9CB-C78041D75390}\gapaengine.dll
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\programdata\SecTaskMan
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-05-29 15:38 . 2014-06-10 14:30 -------- d-----w- c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
2014-05-22 18:35 . 2014-05-22 18:35 -------- d-----w- c:\users\EsterkaPú\AppData\Roaming\vlc
2014-05-21 14:00 . 2014-05-21 14:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-21 06:57 . 2014-05-21 06:57 -------- d-----w- c:\users\Jindøiška\AppData\Local\LogMeIn
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieUserList
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieSiteList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-01 10:43 . 2012-11-23 10:33 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-01 10:43 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-31 13:19 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-14 16:06 . 2012-11-07 16:15 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:06 . 2012-11-07 16:15 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 07:38 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-29 14:01 . 2014-05-03 20:16 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-04-29 13:40 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 12:34 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-21 08:57 . 2014-04-21 08:57 4685824 ----a-w- c:\programdata\ClassicShellSetup64_4_1_0.msi
2014-04-15 19:09 . 2012-11-07 17:20 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-14 02:24 . 2014-05-03 20:14 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-14 02:19 . 2014-05-03 20:14 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 21:03 . 2012-11-07 16:37 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-20 21:03 . 2012-11-07 16:37 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-20 21:03 . 2013-11-01 14:43 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2013-06-14 16:43 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2014-03-20 21:03 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-20 21:03 . 2013-06-14 16:43 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 21:03 . 2013-11-01 14:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-20 21:02 . 2014-03-20 21:02 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-20 21:02 . 2014-03-20 21:02 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-20 21:02 . 2014-03-20 21:02 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-20 21:02 . 2014-03-20 21:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-03-20 21:02 . 2014-03-20 21:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2013-11-01 14:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2013-06-14 16:43 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2013-06-14 16:43 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2013-06-14 16:43 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-20 06:52 . 2014-04-15 19:26 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{788B6AC3-A173-4E97-AE75-821610B5B07E}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštìcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2014-05-29 1754816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 eqnuhafc;eqnuhafc;c:\windows\system32\drivers\eqnuhafc.sys;c:\windows\SYSNATIVE\drivers\eqnuhafc.sys [x]
R1 vspxlbdp;vspxlbdp;c:\windows\system32\drivers\vspxlbdp.sys;c:\windows\SYSNATIVE\drivers\vspxlbdp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d11a7098fe97eff.exe;d11a7098fe97eff.exe;c:\users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe;c:\users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítì Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AddonControlScript.exe;AddonControlScript.exe;c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe;c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WinRST;WinRST;c:\program files (x86)\WinRST\WinRST.exe;c:\program files (x86)\WinRST\WinRST.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Ostatní služby/ovladaèe v pamìti ---
.
*NewlyCreated* - REGFLTRX64
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 17:45 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáøe 'Naplánované úlohy'
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 16:06]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Doplòkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=12454
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:13558
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANÌNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - d:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-DAEMON Tools Lite - d:\daemon tools lite\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SeznamInstall - c:\users\Matouskovi\AppData\Roaming\Seznam.cz\szninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍÈE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\FunctionMethodWindows.exe
.
**************************************************************************
.
Celkový èas: 2014-06-10 16:35:03 - poèítaè byl restartován
ComboFix-quarantined-files.txt 2014-06-10 14:35
.
Pøed spuštìním: Volných bajtù: 42 694 221 824
Po spuštìní: Volných bajtù: 42 700 128 256
.
- - End Of File - - 0A9CE0A9333EADFC2042E36D24BE1262
A36C5E4F47E84449FF07ED3517B43A31

#10 Příspěvek od **vyosek** » 10 čer 2014 15:54

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\SYSNATIVE\drivers\eqnuhafc.sys
c:\windows\SYSNATIVE\drivers\vspxlbdp.sys
c:\users\Matouskovi\AppData\Local\7adb2d282e94c04fb80b2b4806a40862\d11a7098fe97eff.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe

Folder::
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
c:\program files (x86)\WinRST

File::
c:\windows\zoek-delete.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
eqnuhafc
vspxlbdp
d11a7098fe97eff.exe
AddonControlScript.exe
c2cautoupdatesvc
c2cpnrsvc
WinRST

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:13558
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

petal219 · #11 Příspěvek od **petal219** » 10 čer 2014 19:15

ComboFix 14-06-10.01 - Matouskovi 10.06.2014 20:02:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2636 [GMT 2:00]
Spuštěný z: c:\users\Matouskovi\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Matouskovi\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\zoek-delete.exe"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRST
c:\program files (x86)\WinRST\msvcp100.dll
c:\program files (x86)\WinRST\msvcr100.dll
c:\program files (x86)\WinRST\QtCore4.dll
c:\program files (x86)\WinRST\QtNetwork4.dll
c:\program files (x86)\WinRST\WinRST.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\AddonControlScript.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\desktop\FunctionMethodWindows.exe-(PID-3868)-316744\FunctionMethodWindows.exe-(PID-3868).dmp
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\desktop\FunctionMethodWindows.exe-(PID-3868)-316744\rkill64.com-(PID-5872).dmp
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\FunctionMethodWindows.exe
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\libgcc_s_dw2-1.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\libstdc++-6.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\libwinpthread-1.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\mingwm10.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\QtCore4.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\QtNetwork4.dll
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\RegFltrX64.sys
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\RegFltrX86.sys
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\service\AddonControlScript.exe-(PID-1684)-316042\AddonControlScript.exe-(PID-1684).dmp
c:\users\Matouskovi\AppData\Local\de62af7612640d5cb348a842962ef6e2\service\AddonControlScript.exe-(PID-1684)-316042\rkill64.com-(PID-5872).dmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AddonControlScript.exe
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_d11a7098fe97eff.exe
-------\Service_eqnuhafc
-------\Service_vspxlbdp
-------\Service_WinRST
-------\Legacy_RegFltrX64
-------\Legacy_RegFltrX64
-------\Service_RegFltrX64
-------\Service_RegFltrX64
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-10 do 2014-06-10 )))))))))))))))))))))))))))))))
.
.
2014-06-10 18:06 . 2014-06-10 18:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-10 18:06 . 2014-06-10 18:06 -------- d-----w- c:\users\Jindřiška\AppData\Local\temp
2014-06-10 18:06 . 2014-06-10 18:06 -------- d-----w- c:\users\Gianluca\AppData\Local\temp
2014-06-10 18:06 . 2014-06-10 18:06 -------- d-----w- c:\users\EsterkaPú\AppData\Local\temp
2014-06-10 18:06 . 2014-06-10 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-10 14:09 . 2014-06-10 13:57 24064 ----a-w- c:\windows\zoek-delete.exe
2014-06-10 14:09 . 2014-06-10 18:07 -------- d-----w- c:\users\Matouskovi\AppData\Local\Temp
2014-06-10 13:57 . 2014-06-10 14:10 -------- d-----w- C:\zoek_backup
2014-06-09 20:12 . 2014-06-09 20:23 -------- d-----w- C:\FRST
2014-06-09 18:10 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{290D3B7B-ACCC-4A59-8255-4D43787045EA}\mpengine.dll
2014-06-07 18:31 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-05 06:37 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{088E2EFD-CAE4-4F6B-B9CB-C78041D75390}\gapaengine.dll
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\programdata\SecTaskMan
2014-05-30 19:04 . 2014-05-30 19:04 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-05-29 15:38 . 2014-06-10 14:30 -------- d-----w- c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
2014-05-22 18:35 . 2014-05-22 18:35 -------- d-----w- c:\users\EsterkaPú\AppData\Roaming\vlc
2014-05-21 14:00 . 2014-05-21 14:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-21 06:57 . 2014-05-21 06:57 -------- d-----w- c:\users\Jindřiška\AppData\Local\LogMeIn
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieUserList
2014-05-19 19:27 . 2014-05-19 19:27 -------- d-sh--w- c:\users\EsterkaPú\AppData\Local\EmieSiteList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-01 10:43 . 2012-11-23 10:33 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-01 10:43 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-31 13:19 . 2012-11-22 18:43 281392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-14 16:06 . 2012-11-07 16:15 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:06 . 2012-11-07 16:15 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-02 07:38 . 2014-05-02 07:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-29 14:01 . 2014-05-03 20:16 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-04-29 13:40 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-29 12:34 . 2014-05-03 20:16 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-21 08:57 . 2014-04-21 08:57 4685824 ----a-w- c:\programdata\ClassicShellSetup64_4_1_0.msi
2014-04-15 19:09 . 2012-11-07 17:20 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-14 02:24 . 2014-05-03 20:14 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-14 02:19 . 2014-05-03 20:14 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 21:03 . 2012-11-07 16:37 62408 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-20 21:03 . 2012-11-07 16:37 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-03-20 21:03 . 2013-11-01 14:43 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2013-06-14 16:43 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2014-03-20 21:03 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-20 21:03 . 2013-06-14 16:43 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 21:03 . 2013-11-01 14:43 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-20 21:02 . 2014-03-20 21:02 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-20 21:02 . 2014-03-20 21:02 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-20 21:02 . 2014-03-20 21:02 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-20 21:02 . 2014-03-20 21:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-03-20 21:02 . 2014-03-20 21:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2013-11-01 14:43 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2013-06-14 16:43 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2013-06-14 16:43 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2013-06-14 16:43 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-20 06:52 . 2014-04-15 19:26 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{788B6AC3-A173-4E97-AE75-821610B5B07E}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 17:45 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 16:06]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
2014-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2013-06-29 151552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=12454
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BattlEye for A2 - d:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-DAEMON Tools Lite - d:\daemon tools lite\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2014-06-10 20:09:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-10 18:09
ComboFix2.txt 2014-06-10 14:35
.
Před spuštěním: Volných bajtů: 42 862 866 432
Po spuštění: Volných bajtů: 42 490 232 832
.
- - End Of File - - 35525467460D831B8F7CE21B9F891EC7
A36C5E4F47E84449FF07ED3517B43A31

#12 Příspěvek od **vyosek** » 10 čer 2014 19:21

To odeslani je v poradku, pomaha to autorovi k vylepseni programu a pridani novych skodnych

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=-

:files
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1
C:\zoek_backup
C:\FRST
c:\windows\zoek-delete.exe
c:\windows\Tasks\*.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

petal219 · #13 Příspěvek od **petal219** » 10 čer 2014 19:27

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LogMeIn GUI not found.
========== FILES ==========
c:\users\EsterkaPú\AppData\Local\288fd6393358f20ff850df97fdd6f5d1 folder moved successfully.
C:\zoek_backup\Low.tmp\SkypeClickToCall\Logs folder moved successfully.
C:\zoek_backup\Low.tmp\SkypeClickToCall folder moved successfully.
C:\zoek_backup\Low.tmp folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_searchplugins folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_Extensions folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin\{9B56576B-C669-469E-B85E-EDCE2EAA5D9A} folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin\{4BA890C3-AD60-40AF-93F8-C02808C2A48F} folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin\{3B39C6C8-5C39-4419-85E9-BF4B25BB4CBC} folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin\{25AE22E6-D489-4B1F-BB2F-1890637BD61E} folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin\{0621265B-671F-48B2-AB7B-B9CF56AFFC7D} folder moved successfully.
C:\zoek_backup\C_Windows_SysWow64_AI_RecycleBin folder moved successfully.
C:\zoek_backup\C_Users_Matouskovi_DB93E2C2851F44B2B09C351D2C624AE1.TMP folder moved successfully.
C:\zoek_backup\C_Users_Matouskovi_AppData_Roaming_OpenCandy\6D9B2E20797F4601B9802B3BC3255665 folder moved successfully.
C:\zoek_backup\C_Users_Matouskovi_AppData_Roaming_OpenCandy folder moved successfully.
C:\zoek_backup\C_Users_Matouskovi_AppData_Roaming_GHISLER folder moved successfully.
C:\zoek_backup\C_Users_Matouskovi_AppData_LocalLow_surfcanyon folder moved successfully.
C:\zoek_backup folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
c:\windows\zoek-delete.exe moved successfully.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: EsterkaPú
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46564438 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 356405653 bytes
->Opera cache emptied: 24881867 bytes
->Flash cache emptied: 3283 bytes

User: EsterkaP�
->Temp folder emptied: 0 bytes

User: Gianluca
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 187087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4102515 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jindřiška
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25248367 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 364402984 bytes
->Flash cache emptied: 2500 bytes

User: Jind�i�ka
->Temp folder emptied: 0 bytes

User: Matouskovi
->Temp folder emptied: 155232 bytes
->Temporary Internet Files folder emptied: 3487065 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8069010 bytes
->Opera cache emptied: 105722357 bytes
->Flash cache emptied: 1762 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 896,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: EsterkaPú
->Flash cache emptied: 0 bytes

User: EsterkaP�

User: Gianluca
->Flash cache emptied: 0 bytes

User: Jindřiška
->Flash cache emptied: 0 bytes

User: Jind�i�ka

User: Matouskovi
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: EsterkaPú
->Java cache emptied: 0 bytes

User: EsterkaP�

User: Gianluca
->Java cache emptied: 0 bytes

User: Jindřiška
->Java cache emptied: 0 bytes

User: Jind�i�ka

User: Matouskovi
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06102014_202452

Files\Folders moved on Reboot...
C:\Users\Matouskovi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Matouskovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 10 čer 2014 19:28

Jak se chova PC

petal219 · #15 Příspěvek od **petal219** » 10 čer 2014 19:34

zřejmě ok děkuji reklamy nevyskakují

ale neměl byste k doporučení nějáky antivirus essentials zjevně nedostačuje

VIRY.CZ

adware

adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware

Re: adware