Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Preventivka

#1 Příspěvek od Polska Pasha »

Dobry den, prosim o kontrolu diky.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Pepik at 2014-07-14 11:10:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 155 GB (34%) free of 458 GB
Total RAM: 3767 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:27, on 14.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\trend micro\Pepik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HulaToo - {718c8760-6e05-4c6e-a994-912579d0c532} - C:\Program Files (x86)\HulaToo\HulaToobho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Gaming Mouse Driver] "C:\Program Files (x86)\Gaming Mouse\Monitor.EXE"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Pepik\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pepik\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9304 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

winlogon.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
taskeng.exe {205BFCF8-C196-4BB5-BA14-B95870F03341}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1916
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
szndesktop.exe default start
"C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "951129261955845798-20371098591153526111-466308936115694737715798413741461333679
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Pepik\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\AmiUpdXp.job - C:\Users\Pepik\AppData\Local\1449\a22290.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
nppdf32.JPN
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\extensions\
staged
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-01-19 347424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-19 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{718c8760-6e05-4c6e-a994-912579d0c532}]
HulaToo - C:\Program Files (x86)\HulaToo\HulaToobho.dll [2014-07-10 249624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-22 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-23 386584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-23 161304]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-23 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-18 11779176]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-15 190536]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=C:\Users\Pepik\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-07-02 1270872]
"cz.seznam.software.autoupdate"=C:\Users\Pepik\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files (x86)\Zemi Interactive\4StoryUS\PrePatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\Pepik\AppData\Local\Akamai\netsession_win.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files (x86)\Clownfish\Clownfish.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Pepik\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Pepik\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [2013-02-07 9493808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Pepik\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTV]
C:\Program Files (x86)\iTV\iTV.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder]
C:\Program Files (x86)\Media Finder\Media Finder.exe /opentotray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
C:\Program Files (x86)\Overwolf\Overwolf.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2013-02-25 1602984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloaderUltimate]
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 442880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
C:\PROGRA~2\EASPOR~1\NHL09~1\Support\EAREGI~1.EXE [2008-10-04 4374792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin.LNK]
C:\Program Files (x86)\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ubisoft register.lnk]
C:\PROGRA~2\Ubisoft\Register\schedule.exe [2003-10-01 28672]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Gaming Mouse Driver"=C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [2011-09-09 200704]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-23 3567800]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-10 21:48:11 ----D---- C:\Program Files (x86)\HulaToo
2014-07-10 21:47:54 ----A---- C:\Windows\system32\drivers\trz7A63.tmp
2014-07-10 21:47:53 ----A---- C:\Windows\SYSWOW64\trz79C6.tmp
2014-07-10 21:47:53 ----A---- C:\Windows\SYSWOW64\trz7997.tmp
2014-07-10 21:47:53 ----A---- C:\Windows\SYSWOW64\trz7928.tmp
2014-07-10 21:47:44 ----A---- C:\Windows\SYSWOW64\trz5591.tmp
2014-07-09 09:28:00 ----A---- C:\Windows\SYSWOW64\hfpapi.dll
2014-07-07 08:16:41 ----D---- C:\Users\Pepik\AppData\Roaming\.minecraft
2014-07-02 18:50:04 ----D---- C:\Users\Pepik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-29 21:48:04 ----A---- C:\ComboFix.txt
2014-06-29 21:32:37 ----D---- C:\$RECYCLE.BIN
2014-06-29 21:30:27 ----D---- C:\Windows\temp
2014-06-29 20:08:56 ----A---- C:\Windows\zip.exe
2014-06-29 20:08:56 ----A---- C:\Windows\SWSC.exe
2014-06-29 20:08:56 ----A---- C:\Windows\SWREG.exe
2014-06-29 20:08:56 ----A---- C:\Windows\sed.exe
2014-06-29 20:08:56 ----A---- C:\Windows\PEV.exe
2014-06-29 20:08:56 ----A---- C:\Windows\NIRCMD.exe
2014-06-29 20:08:56 ----A---- C:\Windows\MBR.exe
2014-06-29 20:08:56 ----A---- C:\Windows\grep.exe
2014-06-29 20:08:00 ----D---- C:\Qoobox
2014-06-29 20:07:34 ----D---- C:\Windows\erdnt
2014-06-29 17:53:23 ----D---- C:\rsit
2014-06-29 09:55:10 ----D---- C:\Users\Pepik\AppData\Roaming\BANDISOFT
2014-06-23 15:55:15 ----D---- C:\Program Files (x86)\rFactor
2014-06-16 17:49:14 ----D---- C:\ProgramData\Norton
2014-06-16 17:49:10 ----D---- C:\ProgramData\NortonInstaller
2014-06-16 16:59:42 ----D---- C:\Program Files (x86)\SimtMHD

======List of files/folders modified in the last 1 month======

2014-07-14 11:10:25 ----D---- C:\Program Files\trend micro
2014-07-14 11:05:09 ----D---- C:\Users\Pepik\AppData\Roaming\Seznam.cz
2014-07-14 11:04:24 ----D---- C:\Windows\System32
2014-07-14 11:04:24 ----D---- C:\Windows\inf
2014-07-14 11:04:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-14 11:01:31 ----D---- C:\Users\Pepik\AppData\Roaming\BitTorrent
2014-07-14 10:59:14 ----D---- C:\Windows\system32\config
2014-07-14 10:59:08 ----A---- C:\Windows\SYSWOW64\log.txt
2014-07-13 12:08:13 ----D---- C:\Users\Pepik\AppData\Roaming\Skype
2014-07-12 12:25:49 ----D---- C:\Users\Pepik\AppData\Roaming\Foxit Software
2014-07-10 21:48:39 ----D---- C:\Program Files (x86)\Seznam.cz
2014-07-10 21:48:11 ----D---- C:\Program Files (x86)
2014-07-10 21:47:54 ----D---- C:\Windows\system32\drivers
2014-07-10 21:47:53 ----D---- C:\Windows\SysWOW64
2014-07-10 21:47:44 ----D---- C:\Program Files (x86)\Common Files
2014-07-10 21:47:42 ----D---- C:\Windows\Prefetch
2014-07-10 21:47:40 ----D---- C:\Windows\system32\Tasks
2014-07-10 21:47:39 ----D---- C:\Windows\Tasks
2014-07-04 16:04:43 ----D---- C:\Program Files (x86)\Google
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\CamShapes.ini
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\CamLayout.ini
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\Camdata.ini
2014-07-04 07:57:27 ----SHD---- C:\System Volume Information
2014-07-02 18:50:05 ----D---- C:\Users\Pepik\AppData\Roaming\Adobe
2014-07-02 10:40:07 ----D---- C:\Program Files (x86)\BitTorrent
2014-06-29 21:32:48 ----D---- C:\Windows
2014-06-29 21:32:48 ----A---- C:\Windows\system.ini
2014-06-29 21:32:31 ----D---- C:\Windows\system32\drivers\etc
2014-06-29 21:31:54 ----D---- C:\Windows\system32\catroot2
2014-06-29 21:21:48 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-29 21:21:48 ----D---- C:\Windows\AppPatch
2014-06-29 14:16:12 ----SHD---- C:\Windows\Installer
2014-06-29 11:35:04 ----D---- C:\Program Files (x86)\Pando Networks
2014-06-29 11:33:52 ----D---- C:\AdwCleaner
2014-06-29 11:33:37 ----D---- C:\Program Files
2014-06-29 11:33:37 ----AD---- C:\ProgramData
2014-06-29 10:00:20 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-29 09:56:37 ----D---- C:\Program Files (x86)\Game Dev Tycoon v1.3.2
2014-06-29 09:54:20 ----D---- C:\Program Files (x86)\ElcomSoft
2014-06-26 14:05:32 ----D---- C:\Windows\system32\wdi
2014-06-25 14:50:56 ----D---- C:\Users\Pepik\AppData\Roaming\DAEMON Tools Lite
2014-06-24 12:25:45 ----D---- C:\Users\Pepik\AppData\Roaming\Winamp
2014-06-24 09:10:56 ----D---- C:\Games
2014-06-23 15:40:23 ----RSD---- C:\Windows\Fonts
2014-06-22 12:53:58 ----D---- C:\Minecraft_Backup
2014-06-20 14:29:39 ----D---- C:\Program Files (x86)\Steam
2014-06-17 09:29:14 ----D---- C:\Program Files (x86)\NFS Most Wanted

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-22 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-10-22 205320]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-10-22 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-10-22 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-11 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-10-22 65264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-09 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-10-22 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-10-22 84328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-22 2750312]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-01-18 412712]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-28 26440]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-28 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 ALSysIO;ALSysIO; \??\C:\Users\Pepik\AppData\Local\Temp\ALSysIO64.sys []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-09-22 243712]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-22 50344]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-03-12 108032]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-03-12 9216]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-18 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2014-05-08 214520]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-09 655624]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-07 117656]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-09-26 4460280]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1255736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#2 Příspěvek od Márty84 »

Zdravim :)

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#3 Příspěvek od Polska Pasha »

Log zde:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.7.2014
Čas skenování: 9:23:56
Protokol: log.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.07.15.04
Databáze rootkitů: v2014.07.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Pepik

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 654525
Uplynulý čas: 3 hod, 39 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 23
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [0cc47a254c2f93a32329e1ab10f2f20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [0cc47a254c2f93a32329e1ab10f2f20e],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{718c8760-6e05-4c6e-a994-912579d0c532}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2602a752-291a-46d3-8015-7e935fedde74}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{254EC5E9-9BD6-4CFD-917B-053AD6F4918A}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{254EC5E9-9BD6-4CFD-917B-053AD6F4918A}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2602a752-291a-46d3-8015-7e935fedde74}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{718C8760-6E05-4C6E-A994-912579D0C532}, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [8848623da1da7cba4a27b48f10f0bf41],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{01C363CD-0521-4AE2-B939-750C56447EB5}, , [e4ec8b14562586b071ff811816eb53ad],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{CB0E1F41-7DD4-4B0E-8578-F0FEB5BB5CD5}, , [e4ec8b14562586b071ff811816eb53ad],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CB0E1F41-7DD4-4B0E-8578-F0FEB5BB5CD5}, , [e4ec8b14562586b071ff811816eb53ad],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{01C363CD-0521-4AE2-B939-750C56447EB5}, , [e4ec8b14562586b071ff811816eb53ad],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HulaToo, , [99373c63a7d43006df1ae1f1e81a867a],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\HulaToo, , [6a66108f2d4ec175f704ede53ec4c040],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dknkjnkhedbanphkkpbpcgoblmkbfhlf, , [745c623dbac1a78fb41025967b8735cb],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gpicboiclhmnllnjdcfcffifpoaebgkm, , [ddf3bae53e3d68cec57e8f3aeb1720e0],
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [20b0a7f82259de58a9f9e3d89c66cd33],
PUP.Optional.HulaToo.A, HKU\S-1-5-21-2289079560-4057469565-1523236124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HulaToo, , [c40cbfe0116af244d525d8fadd2507f9],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2289079560-4057469565-1523236124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dknkjnkhedbanphkkpbpcgoblmkbfhlf, , [6d63d3cc116a86b0962f1aa1867cb947],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2289079560-4057469565-1523236124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{36E86B2F-A438-4376-9EA0-D3DA9F11149E}, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2289079560-4057469565-1523236124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DD0BAC90-4337-4EEF-8A03-61FB5BB5F831}, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.ShieldPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\spprt, , [f4dcb7e81d5e47ef554bfeb7c04214ec],

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 11
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [fad668370b705fd793109b203bc77d83],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo, , [99373c63a7d43006df1ae1f1e81a867a],
PUP.Keylogger, C:\Program Files (x86)\DanuSoft Free Keylogger, , [428ed5ca245741f54f9145aef112e21e],
PUP.Optional.OnlineVid.A, C:\Program Files (x86)\OnlineHD.TV, , [9040891683f8a88e47ff564b70920ef2],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Common, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.ShieldPlus.A, C:\Users\Pepik\AppData\Local\ShieldPlus\spprt, , [f4dcb7e81d5e47ef554bfeb7c04214ec],

Soubory: 129
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\BitTorrentControl_v12\BitTorrentControl_v12ToolbarHelper1.exe.vir, , [ab25752a9cdf2313da6f05195ea2857b],
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir, , [9d33a7f8e596a294badf949bfa06ff01],
PUP.Optional.SProtect.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\continuetosave\sprotector.dll.vir, , [daf6504f9edddb5b592469be62a0669a],
PUP.Optional.HulaToo.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HulaToo\HulaTooBHO.dll.vir, , [626e9a0508737abc454c90e713ee7090],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mghooking.dll.vir, , [a42c3966611a76c09b538d379d6741bf],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir, , [b81816895724bd7932bc4183a75da060],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll.vir, , [478907985b2048eeaa44ecd8f014b64a],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgArchive.dll.vir, , [814ffba494e7a492af3fcdf7cd375ea2],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommon.dll.vir, , [547c8817601b171f59953d87ca3a20e0],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll.vir, , [943c019ed9a2f3434ea09e2614f08c74],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgconfig.dll.vir, , [e2eedbc4fb8049ed4ea0566e0bf9be42],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll.vir, , [587838675d1e3ef821cd7c48eb197888],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll.vir, , [cb0519860873a4925d91715363a1f808],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir, , [735dc6d9a1da082e8c626d57cc38ff01],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mglogger.dll.vir, , [527ed4cbd5a6b77f02eceed635cff10f],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll.vir, , [527e059a3348f046b03e556f0afae31d],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll.vir, , [3e92079887f465d1608e4084a95b3cc4],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir, , [9e32c3dc0e6d2d0904ea893ba0640ef2],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll.vir, , [4888d2cd2c4f3afccd21be069470946c],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll.vir, , [329e2e710675b383ab43ecd82bd99c64],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll.vir, , [5977613e6912c6707e70b11338ccda26],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll.vir, , [90406837c2b9dd594ca2655f030104fc],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll.vir, , [69679906b6c52d0995599430ae5642be],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir, , [e1ef7b24453642f406e82e969f659c64],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\SweetIM.exe.vir, , [1cb4316e56253006509e2f955ba94bb5],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir, , [ad23405f423930068965d1f310f42cd4],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir, , [0dc3dbc4384344f296588e36d430f709],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir, , [06ca1b8489f2cc6ac826daea70948f71],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir, , [ffd1f3ac8fec71c55a94f9cb0202d32d],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir, , [b51b227d5c1f61d55a94626252b2857b],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir, , [28a83669f68575c1806e3b8931d35aa6],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir, , [a729c0df0576cd69a34b5d6758ac03fd],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir, , [ad23d2cd0b70f44203eb952f758f47b9],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir, , [aa265b44fe7da690ab43cdf73cc855ab],
PUP.Optional.SweetPacks, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir, , [88488a1565168caa9cfb51739a6ab44c],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir, , [1bb539669ddee15540ae8d37ed177e82],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir, , [1ab66738f6857cbac22c2c987f85f010],
PUP.Optional.OptChrome.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\OptChrome.exe.vir, , [349c3e61413aa98d9e0ee23c15eb12ee],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\ProgramData\SweetIM\Messenger\update\sweetimsetup.exe.vir, , [d2fe76292b506cca32bc764ef0144eb2],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Pepik\AppData\Local\Conduit\CT3225826\BitTorrentControl_v12AutoUpdateHelper.exe.vir, , [10c0a0ff0a71003675d4f727c937f808],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll, , [8d43534cc8b3d36333336f9972909f61],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, , [547c217e1f5c70c69ccade2aa75b956b],
PUP.RiskwareTool.CK, C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll, , [3e92138ca3d8a690580e92769c663fc1],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaTooBHO.dll, , [b7195946176464d28809ee89b34e41bf],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\trz7AF1.tmp, , [735d059aa3d860d6b40c696546be7b85],
PUP.Keylogger, C:\Program Files (x86)\DanuSoft Free Keylogger\DSKeylogger.exe, , [6a66544bd7a44ee8302522e455ac6e92],
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{82BCDD33-431A-4140-A3AB-0B38595FFFC5}\Custom.dll, , [dcf47e21a2d9999dd5ada19c768a31cf],
PUP.Optional.Amonetize.A, C:\Users\Pepik\AppData\Local\1449\a22290.exe, , [8848623da1da7cba4a27b48f10f0bf41],
PUP.Optional.Somoto.A, C:\Users\Pepik\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000, , [943c9a0505760f278c588d04b74ac838],
PUP.Optional.OutBrowse, C:\Users\Pepik\AppData\Local\Temp\awhF80B.tmp, , [10c0a7f8265562d4447f0e8bee1348b8],
PUP.Optional.Amonetize, C:\Users\Pepik\AppData\Local\Temp\Wifikill For Pc__3038_i1024264891_il1760292.exe, , [854bcfd078032d09acc4aceda35ef60a],
Trojan.LVBP, C:\Users\Pepik\Desktop\nfsu2-tr.exe, , [bc14019edf9c0f275612a39908f81de3],
Hacktool.Crk, C:\Users\Pepik\Desktop\Hry\StarCraft-Brood War\Registry.exe, , [4c84dbc46d0e5dd977880d0c46bc4db3],
PUP.Optional.Amonetize, C:\Users\Pepik\Downloads\Wifikill For Pc__3038_i1024264891_il1760292.exe, , [e4ec8b14562586b071ff811816eb53ad],
PUP.Optional.SweetIM, C:\Windows\Installer\2538cb4.msi, , [4c842c73bfbc330339b5d3f10ff5d62a],
PUP.Optional.SweetIM, C:\Windows\Installer\2538cb9.msi, , [18b8257afb8046f019d58143897bd22e],
PUP.Optional.NetFilter, C:\Windows\System32\drivers\trz7A63.tmp, , [22ae48577407db5b3e31ddb716eb1ce4],
PUP.Optional.Amonetize, C:\Windows\SysWOW64\trz7997.tmp, , [814feab5bfbcaf87ea57920236cb34cc],
PUP.Optional.Amonetize, C:\Windows\SysWOW64\trz79C6.tmp, , [a828aff00b7049ed43ff573d877a17e9],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [fad668370b705fd793109b203bc77d83],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [fad668370b705fd793109b203bc77d83],
PUP.Optional.Conduit.A, C:\Users\Pepik\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx, , [9d33e1bee69565d1dde6ccef58aa9b65],
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, , [50802d72166568ce0cf0e6d9fb07847c],
PUP.Optional.HulaToo.A, C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\extensions\firefox@hulatoo.net.xpi, , [8a46dcc3a1daf145053b0fb17a8853ad],
PUP.Optional.CrossRider.A, C:\Users\Pepik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjbgonfbgjdmlkjofohofdjnakkfppge_0.localstorage-journal, , [28a82a75097281b5dfa72aa5f2107888],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaToo.ico, , [99373c63a7d43006df1ae1f1e81a867a],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\7za.exe, , [99373c63a7d43006df1ae1f1e81a867a],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaTooUninstall.exe, , [99373c63a7d43006df1ae1f1e81a867a],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [daf68817e4971a1c880306e4da284fb1],
PUP.Keylogger, C:\Program Files (x86)\DanuSoft Free Keylogger\logfile.txt, , [428ed5ca245741f54f9145aef112e21e],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\Autorun.inf, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\crx.tar, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\ffassist.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\GameApps.ini, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\GameConsole.exe, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\GameEngine.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\GLOBALUNINSTALL.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\hmac.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\iehpr.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\iestage2.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\IEToolbar.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\IEToolbar64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\INSTALL.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\LastSession.log, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\log.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\MinecraftShims64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\PARTNER.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\passport.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\passport64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\pinnedSearch.htm, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\pinnedSearch_FindWide.htm, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\progress.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\regsvr.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\RemoteSkin.wms, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\sqlite.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\tnt2chrome.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\TNT2User.exe, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\TNT2UserPS.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\TNT2UserPS64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\TntMagicDel.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\UnInjLib.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\UnInjLib64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\UNINSTALL.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\UninstallDlg.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\untar.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\UPDATE.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\xpi.tar, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\2.0.0.1599\zipunzip.1.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Common\GameConsole.exe, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Common\pinnedSearch.htm, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\inst.ini, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\os10511.xml, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\PARTNER.1.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\partner.dat, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\passport.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\passport64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\runt.ini, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10511\yah10511.xml, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\inst.ini, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\os10513.xml, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\PARTNER.1.TNT, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\partner.dat, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\passport.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\passport64.dll, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\runt.ini, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.TidyNetwork.A, C:\Users\Pepik\AppData\Local\TNT2\Profiles\10513\yah10513.xml, , [15bb039c2259b08681d68f127d858b75],
PUP.Optional.ShieldPlus.A, C:\Users\Pepik\AppData\Local\ShieldPlus\spprt\Data, , [f4dcb7e81d5e47ef554bfeb7c04214ec],
PUP.Optional.ShieldPlus.A, C:\Users\Pepik\AppData\Local\ShieldPlus\spprt\spprt.exe, , [f4dcb7e81d5e47ef554bfeb7c04214ec],
PUP.Optional.Babylon.A, C:\Users\Pepik\AppData\Local\Google\Chrome\User Data\Default\Preferences, Dobré: (), Špatné: ( "startup_urls": [ "https://www.google.cz/", "http://search.babylon.com/?affID=112060 ... de2b38ec0e", "http://search.iminent.com/?appId=039256 ... 30307E1558", "http://search.conduit.com/?ctid=CT32258 ... hSource=48", "http://www.buenosearch.com/?babsrc=HP_s ... p&tsp=5272" ],), ,[d1ffcfd0e794de58b3e38e42a95bb749]

Fyzické sektory: 0
(No malicious items detected)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#4 Příspěvek od Márty84 »

:???: Toto tam mate schvalne?
Polska Pasha píše:PUP.Keylogger, C:\Program Files (x86)\DanuSoft Free Keylogger\logfile.txt, , [428ed5ca245741f54f9145aef112e21e],
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#5 Příspěvek od Polska Pasha »

nevim proč?
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#6 Příspěvek od Márty84 »

Protoze je to program, ktery sbira napriklad hesla atd
http://cs.wikipedia.org/wiki/Keylogger

Jestli je v pc schvalne, tak nalezy MBAM, kde se vyskytuje, ponechte, zbytek odstrante (do karanteny). Pokud tam neni schvalne, vyhodte uplne vsechno. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, ze se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#7 Příspěvek od Polska Pasha »

Dobry den posilam log diky.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 16.7.2014
Čas skenování: 9:36:45
Protokol: log.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.07.16.02
Databáze rootkitů: v2014.07.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Pepik

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 655588
Uplynulý čas: 3 hod, 3 min, 46 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 1
PUP.Optional.Babylon.A, C:\Users\Pepik\AppData\Local\Google\Chrome\User Data\Default\Preferences, Dobré: (), Špatné: ( "startup_urls": [ "https://www.google.cz/", "http://search.babylon.com/?affID=112060 ... de2b38ec0e", "http://search.iminent.com/?appId=039256 ... 30307E1558", "http://search.conduit.com/?ctid=CT32258 ... hSource=48", "http://www.buenosearch.com/?babsrc=HP_s ... p&tsp=5272" ],), ,[46ecb1ef6b109d990352349e08fca25e]

Fyzické sektory: 0
(No malicious items detected)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#8 Příspěvek od Márty84 »

:arrow: Nalezy nechte odstranit, pak MBAM odinstalujte.

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#9 Příspěvek od Polska Pasha »

Tak tady ten log:

# AdwCleaner v3.216 - Report created 17/07/2014 at 21:43:42
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pepik - PEPA
# Running from : C:\Users\Pepik\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Pepik\AppData\Local\Temp\HulaToo
Folder Deleted : C:\Users\Pepik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Users\Pepik\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16470


-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Pepik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Startup_urls] : hxxp://search.babylon.com/?affID=112060&tt=270912_cln_3912_8&babsrc=HP_ss&mntrId=ca0ea42000000000000016de2b38ec0e
Deleted [Startup_urls] : hxxp://search.iminent.com/?appId=03925681-2D12-446E-BD31-0B30307E1558
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
Deleted [Startup_urls] : hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... p&tsp=5272

*************************

AdwCleaner[R0].txt - [56358 octets] - [02/05/2014 14:04:06]
AdwCleaner[R1].txt - [56369 octets] - [04/05/2014 12:24:42]
AdwCleaner[R2].txt - [56430 octets] - [04/05/2014 12:30:03]
AdwCleaner[R3].txt - [7353 octets] - [29/06/2014 11:31:48]
AdwCleaner[R4].txt - [2466 octets] - [17/07/2014 21:40:49]
AdwCleaner[S0].txt - [56988 octets] - [04/05/2014 12:35:05]
AdwCleaner[S1].txt - [7234 octets] - [29/06/2014 11:33:36]
AdwCleaner[S2].txt - [2281 octets] - [17/07/2014 21:43:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2341 octets] ##########
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#10 Příspěvek od Márty84 »

:!: Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) :!:

:!: Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

:arrow: Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#11 Příspěvek od Polska Pasha »

Tady je log:

ComboFix 14-07-17.03 - Pepik 18.07.2014 8:52.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3767.2415 [GMT 2:00]
Spuštěný z: c:\users\Pepik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\trz5591.tmp
c:\windows\SysWow64\trz7928.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-18 do 2014-07-18 )))))))))))))))))))))))))))))))
.
.
2014-07-18 07:01 . 2014-07-18 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-16 18:47 . 2014-07-16 18:47 -------- d-----w- C:\m-r-software
2014-07-16 18:46 . 2014-07-16 18:46 -------- d-----w- c:\program files (x86)\Aerosoft
2014-07-16 15:45 . 2014-07-16 15:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35B0DA69-CA29-468B-A724-69C7CDB88E9D}\offreg.dll
2014-07-15 07:20 . 2014-07-17 18:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 07:20 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-15 07:20 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 07:20 . 2014-07-15 07:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-10 19:47 . 2014-07-16 07:14 -------- d-----w- c:\users\Pepik\AppData\Local\1449
2014-07-07 06:16 . 2014-07-05 14:28 -------- d-----w- c:\users\Pepik\AppData\Roaming\.minecraft
2014-07-04 05:57 . 2014-06-17 00:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35B0DA69-CA29-468B-A724-69C7CDB88E9D}\mpengine.dll
2014-07-02 16:50 . 2014-07-02 16:50 -------- d-----w- c:\users\Pepik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-29 15:53 . 2014-06-29 15:53 -------- d-----w- C:\rsit
2014-06-29 07:55 . 2014-06-29 07:55 -------- d-----w- c:\users\Pepik\AppData\Roaming\BANDISOFT
2014-06-23 13:55 . 2014-06-25 13:27 -------- d-----w- c:\program files (x86)\rFactor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 05:25 . 2011-11-09 12:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 07:51 . 2012-03-05 14:47 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-08 07:51 . 2012-03-05 14:47 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-01 17:56 . 2012-06-08 04:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 17:56 . 2011-07-20 08:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 17:56 . 2014-05-01 17:56 17338544 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-02 10:52 . 2013-06-02 10:52 97979392 ----a-w- c:\program files (x86)\Samsung New PC Studio.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Pepik\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-07-02 1270872]
"cz.seznam.software.autoupdate"="c:\users\Pepik\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Pepik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Gaming Mouse Driver"="c:\program files (x86)\Gaming Mouse\Monitor.EXE" [2011-09-09 200704]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-23 3567800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Pepik\AppData\Local\Temp\ALSysIO64.sys;c:\users\Pepik\AppData\Local\Temp\ALSysIO64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-04 14:04 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-22 14:04 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL =
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.9 212.47.0.7
FF - ProfilePath - c:\users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2014-06-28 20:13; cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack; c:\users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Clownfish - c:\program files (x86)\Clownfish\uninstall.exe
AddRemove-IMG Tool - c:\program files (x86)\GTA3Mods\IMG Tool\Uninstall.exe
AddRemove-Minecraft1.7.2 - c:\users\Pepik\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-MP3 2 Ogg Lab 2004_is1 - c:\program files (x86)\MP3 2 Ogg Lab 2004\unins000.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-{E00EA780-9C24-47BA-B9C8-210316D1C461}_is1 - c:\program files (x86)\Auto Mouse Clicker v3.4\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2289079560-4057469565-1523236124-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-07-18 09:04:22
ComboFix-quarantined-files.txt 2014-07-18 07:04
ComboFix2.txt 2014-06-29 19:48
ComboFix3.txt 2014-06-29 18:40
.
Před spuštěním: Volných bajtů: 200 797 302 784
Po spuštění: Volných bajtů: 201 391 845 376
.
- - End Of File - - DB982939D68E24C96910656CEA8046B0
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#12 Příspěvek od Márty84 »

:arrow: Vypnete trvale Windows Defender



:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"=-
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=-
"Adobe ARM"=-
"AdobeCS6ServiceManager"=-
"seznam-listicka-distribuce"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-

Regnull::
[HKEY_USERS\S-1-5-21-2289079560-4057469565-1523236124-1000\Control Panel\Desktop*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Driver::
SwitchBoard

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#13 Příspěvek od Polska Pasha »

Tak tady ten log:

ComboFix 14-07-17.03 - Pepik 19.07.2014 7:58.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3767.2367 [GMT 2:00]
Spuštěný z: c:\users\Pepik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pepik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SwitchBoard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-19 do 2014-07-19 )))))))))))))))))))))))))))))))
.
.
2014-07-19 06:08 . 2014-07-19 06:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-16 18:47 . 2014-07-16 18:47 -------- d-----w- C:\m-r-software
2014-07-16 18:46 . 2014-07-16 18:46 -------- d-----w- c:\program files (x86)\Aerosoft
2014-07-16 15:45 . 2014-07-16 15:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35B0DA69-CA29-468B-A724-69C7CDB88E9D}\offreg.dll
2014-07-15 07:20 . 2014-07-18 10:43 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 07:20 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-15 07:20 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 07:20 . 2014-07-15 07:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-10 19:47 . 2014-07-16 07:14 -------- d-----w- c:\users\Pepik\AppData\Local\1449
2014-07-07 06:16 . 2014-07-05 14:28 -------- d-----w- c:\users\Pepik\AppData\Roaming\.minecraft
2014-07-04 05:57 . 2014-06-17 00:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35B0DA69-CA29-468B-A724-69C7CDB88E9D}\mpengine.dll
2014-07-02 16:50 . 2014-07-02 16:50 -------- d-----w- c:\users\Pepik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-29 15:53 . 2014-06-29 15:53 -------- d-----w- C:\rsit
2014-06-29 07:55 . 2014-06-29 07:55 -------- d-----w- c:\users\Pepik\AppData\Roaming\BANDISOFT
2014-06-23 13:55 . 2014-06-25 13:27 -------- d-----w- c:\program files (x86)\rFactor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 05:25 . 2011-11-09 12:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 07:51 . 2012-03-05 14:47 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-08 07:51 . 2012-03-05 14:47 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-01 17:56 . 2012-06-08 04:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 17:56 . 2011-07-20 08:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 17:56 . 2014-05-01 17:56 17338544 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-02 10:52 . 2013-06-02 10:52 97979392 ----a-w- c:\program files (x86)\Samsung New PC Studio.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"Gaming Mouse Driver"="c:\program files (x86)\Gaming Mouse\Monitor.EXE" [2011-09-09 200704]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-23 3567800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Pepik\AppData\Local\Temp\ALSysIO64.sys;c:\users\Pepik\AppData\Local\Temp\ALSysIO64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 11:44 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-22 14:04 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-23 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-23 161304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-23 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL =
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.9 212.47.0.7
FF - ProfilePath - c:\users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2014-06-28 20:13; cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack; c:\users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Clownfish - c:\program files (x86)\Clownfish\uninstall.exe
AddRemove-IMG Tool - c:\program files (x86)\GTA3Mods\IMG Tool\Uninstall.exe
AddRemove-Minecraft1.7.2 - c:\users\Pepik\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-MP3 2 Ogg Lab 2004_is1 - c:\program files (x86)\MP3 2 Ogg Lab 2004\unins000.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-{E00EA780-9C24-47BA-B9C8-210316D1C461}_is1 - c:\program files (x86)\Auto Mouse Clicker v3.4\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2289079560-4057469565-1523236124-1000\Control Panel\Desktop*]
@Allowed: (Read) (RestrictedCode)
"WheelScrollLines"="3"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2014-07-19 08:18:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-19 06:18
ComboFix2.txt 2014-07-18 07:04
ComboFix3.txt 2014-06-29 19:48
ComboFix4.txt 2014-06-29 18:40
.
Před spuštěním: Volných bajtů: 199 361 921 024
Po spuštění: Volných bajtů: 199 323 029 504
.
- - End Of File - - F3E90F009934E7169CA5378E754F21DE
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Preventivka

#14 Příspěvek od Márty84 »

Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Polska Pasha
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 113
Registrován: 29 čer 2014 09:06

Re: Preventivka

#15 Příspěvek od Polska Pasha »

log zde:

System drive C: has 205 GB (45%) free of 458 GB
Total RAM: 3767 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:43, on 20.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Pepik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp& ... ZJ863ZJ863
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp& ... ZJ863ZJ863
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp& ... ZJ863ZJ863
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp& ... ZJ863ZJ863
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 178.217.187.203 master.serwery.wiaderko.com
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Norpalla - {78f5a1e7-dd0d-49f9-871b-1889c9729861} - C:\Program Files (x86)\Norpalla\Norpallabho.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Gaming Mouse Driver] "C:\Program Files (x86)\Gaming Mouse\Monitor.EXE"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9694 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\ProgramData\IePluginServices\PluginService.exe -service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
taskeng.exe {9DC5291C-91C2-479C-A377-6273C670B20C}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2132
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files (x86)\SupTab\HpUI.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\SupTab\Loader32.exe"
"C:\Program Files (x86)\SupTab\Loader64.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskhost.exe SYSTEM

"C:\Users\Pepik\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default

prefs.js - "browser.startup.homepage" - "http://isearch.omiga-plus.com/?type=hp& ... ZJ863ZJ863"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeExManDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
flashplayer.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
nppdf32.JPN
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
omiga-plus.xml

C:\Users\Pepik\AppData\Roaming\Mozilla\Firefox\Profiles\6icesh4i.default\extensions\
faststartff@gmail.com
staged
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-01-19 347424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-19 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-07-19 515464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f5a1e7-dd0d-49f9-871b-1889c9729861}]
Norpalla - C:\Program Files (x86)\Norpalla\Norpallabho.dll [2014-02-28 249632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-22 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-23 386584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-23 161304]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-23 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-18 11779176]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-15 190536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files (x86)\Zemi Interactive\4StoryUS\PrePatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\Pepik\AppData\Local\Akamai\netsession_win.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Users\Pepik\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-07-02 1270872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files (x86)\Clownfish\Clownfish.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Pepik\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Pepik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Pepik\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [2013-02-07 9493808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Pepik\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTV]
C:\Program Files (x86)\iTV\iTV.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Finder]
C:\Program Files (x86)\Media Finder\Media Finder.exe /opentotray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
C:\Program Files (x86)\Overwolf\Overwolf.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2013-02-25 1602984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloaderUltimate]
C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 442880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
C:\PROGRA~2\EASPOR~1\NHL09~1\Support\EAREGI~1.EXE [2008-10-04 4374792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin.LNK]
C:\Program Files (x86)\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pepik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ubisoft register.lnk]
C:\PROGRA~2\Ubisoft\Register\schedule.exe [2003-10-01 28672]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"Gaming Mouse Driver"=C:\Program Files (x86)\Gaming Mouse\Monitor.EXE [2011-09-09 200704]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-23 3567800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-07-20 09:58:39 ----D---- C:\Program Files\CCleaner
2014-07-19 13:30:07 ----D---- C:\Users\Pepik\AppData\Roaming\Opera Software
2014-07-19 13:29:59 ----D---- C:\Program Files (x86)\Opera
2014-07-19 13:14:00 ----D---- C:\ProgramData\IePluginServices
2014-07-19 13:13:52 ----D---- C:\Program Files (x86)\SupTab
2014-07-19 13:13:45 ----D---- C:\ProgramData\WindowsMangerProtect
2014-07-19 13:12:40 ----D---- C:\Program Files (x86)\MyPC Backup
2014-07-19 13:12:31 ----D---- C:\Program Files (x86)\Norpalla
2014-07-19 08:18:17 ----A---- C:\ComboFix.txt
2014-07-19 08:13:05 ----D---- C:\$RECYCLE.BIN
2014-07-19 08:08:07 ----D---- C:\Windows\temp
2014-07-16 20:47:07 ----D---- C:\m-r-software
2014-07-16 20:46:57 ----D---- C:\Program Files (x86)\Aerosoft
2014-07-15 09:20:47 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-15 09:20:26 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-07-15 09:20:26 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-15 09:20:25 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 08:16:41 ----D---- C:\Users\Pepik\AppData\Roaming\.minecraft
2014-07-02 18:50:04 ----D---- C:\Users\Pepik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-06-29 20:08:56 ----A---- C:\Windows\zip.exe
2014-06-29 20:08:56 ----A---- C:\Windows\SWSC.exe
2014-06-29 20:08:56 ----A---- C:\Windows\SWREG.exe
2014-06-29 20:08:56 ----A---- C:\Windows\sed.exe
2014-06-29 20:08:56 ----A---- C:\Windows\PEV.exe
2014-06-29 20:08:56 ----A---- C:\Windows\NIRCMD.exe
2014-06-29 20:08:56 ----A---- C:\Windows\MBR.exe
2014-06-29 20:08:56 ----A---- C:\Windows\grep.exe
2014-06-29 20:08:00 ----D---- C:\Qoobox
2014-06-29 20:07:34 ----D---- C:\Windows\erdnt
2014-06-29 17:53:23 ----D---- C:\rsit
2014-06-29 09:55:10 ----D---- C:\Users\Pepik\AppData\Roaming\BANDISOFT
2014-06-23 15:55:15 ----D---- C:\Program Files (x86)\rFactor

======List of files/folders modified in the last 1 month======

2014-07-20 10:23:40 ----D---- C:\Program Files\trend micro
2014-07-20 10:23:30 ----D---- C:\Users\Pepik\AppData\Roaming\Skype
2014-07-20 10:13:14 ----D---- C:\Users\Pepik\AppData\Roaming\DAEMON Tools Lite
2014-07-20 10:13:13 ----D---- C:\Users\Pepik\AppData\Roaming\BitTorrent
2014-07-20 10:11:35 ----D---- C:\Windows\inf
2014-07-20 10:11:26 ----D---- C:\Windows
2014-07-20 09:58:45 ----D---- C:\Windows\system32\Tasks
2014-07-20 09:58:39 ----D---- C:\Program Files
2014-07-20 08:40:09 ----D---- C:\Windows\system32\config
2014-07-20 08:29:54 ----A---- C:\Windows\SYSWOW64\log.txt
2014-07-19 13:47:48 ----D---- C:\Program Files (x86)
2014-07-19 13:47:48 ----AD---- C:\ProgramData
2014-07-19 11:24:43 ----D---- C:\Program Files\Common Files\Adobe
2014-07-19 11:24:35 ----SHD---- C:\Windows\Installer
2014-07-19 11:24:34 ----D---- C:\ProgramData\Adobe
2014-07-19 11:24:23 ----D---- C:\Program Files (x86)\Adobe
2014-07-19 11:24:21 ----D---- C:\Windows\SysWOW64
2014-07-19 11:23:55 ----D---- C:\Program Files\Adobe
2014-07-19 08:18:21 ----D---- C:\Windows\system32\drivers
2014-07-19 08:13:08 ----A---- C:\Windows\system.ini
2014-07-19 08:13:03 ----D---- C:\Windows\system32\drivers\etc
2014-07-19 08:04:40 ----D---- C:\Windows\SYSWOW64\drivers
2014-07-19 08:04:40 ----D---- C:\Windows\AppPatch
2014-07-19 08:04:39 ----D---- C:\Program Files (x86)\Common Files
2014-07-19 07:47:27 ----D---- C:\Users\Pepik\AppData\Roaming\Seznam.cz
2014-07-18 17:47:28 ----D---- C:\Windows\System32
2014-07-18 17:47:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-18 08:49:59 ----SHD---- C:\System Volume Information
2014-07-17 21:44:09 ----D---- C:\AdwCleaner
2014-07-16 20:46:57 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-07-16 18:20:40 ----D---- C:\Program Files\Mafia
2014-07-16 16:46:01 ----D---- C:\Games
2014-07-16 09:16:02 ----D---- C:\Windows\en-US
2014-07-16 09:14:30 ----D---- C:\Windows\Tasks
2014-07-15 09:20:30 ----D---- C:\Users\Pepik\AppData\Roaming\Malwarebytes
2014-07-15 09:20:25 ----D---- C:\ProgramData\Malwarebytes
2014-07-12 12:25:49 ----D---- C:\Users\Pepik\AppData\Roaming\Foxit Software
2014-07-10 21:48:39 ----D---- C:\Program Files (x86)\Seznam.cz
2014-07-10 21:47:42 ----D---- C:\Windows\Prefetch
2014-07-04 16:04:43 ----D---- C:\Program Files (x86)\Google
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\CamShapes.ini
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\CamLayout.ini
2014-07-04 16:01:42 ----A---- C:\Users\Pepik\AppData\Roaming\Camdata.ini
2014-07-02 18:50:05 ----D---- C:\Users\Pepik\AppData\Roaming\Adobe
2014-07-02 10:40:07 ----D---- C:\Program Files (x86)\BitTorrent
2014-06-29 21:31:54 ----D---- C:\Windows\system32\catroot2
2014-06-29 11:35:04 ----D---- C:\Program Files (x86)\Pando Networks
2014-06-29 09:56:37 ----D---- C:\Program Files (x86)\Game Dev Tycoon v1.3.2
2014-06-29 09:54:20 ----D---- C:\Program Files (x86)\ElcomSoft
2014-06-26 14:05:32 ----D---- C:\Windows\system32\wdi
2014-06-24 12:25:45 ----D---- C:\Users\Pepik\AppData\Roaming\Winamp
2014-06-23 15:40:23 ----RSD---- C:\Windows\Fonts
2014-06-22 12:53:58 ----D---- C:\Minecraft_Backup

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-22 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-10-22 205320]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-10-22 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-10-22 1032416]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-11 409832]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-10-22 65264]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-09 270912]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-10-22 38984]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-10-22 84328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-22 2750312]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-01-18 412712]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-28 26440]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-28 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 ALSysIO;ALSysIO; \??\C:\Users\Pepik\AppData\Local\Temp\ALSysIO64.sys []
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-09-22 243712]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 68992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-22 50344]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-03-12 108032]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-03-12 9216]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-07-19 3427208]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-08-18 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2014-05-08 214520]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2014-07-19 535936]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-09 655624]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-07 117656]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-09-26 4460280]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-02-25 543144]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1255736]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“