Vir - Cryptowall

[mimo]

Dobrý den,
nedávno se mi zaviroval pc údajně cryptowallem, přesně jsem měl to co ukazují zde na tomto webu : http://www.xp-vista.com/spyware-removal ... oval-guide .

Počítač jsem projel Spyhunterem4, Nodem32, který toho moc nespravil protože je nějaký divný a Malwarebytes.
Vypadá to že virus už v pc neni, nebo není tak aby fungoval, protože při zapnutí pc už nevyskakují žádné okna k zaplacení a všechny podobné chování viru.

Chtěl bych ovšem zjistit zda je počítač plně vyčištěn a hlavní problém, že ten vir zablokoval nebo také zašifroval všechny soubory co jsem měl v pc i na připojených přenosných discích. Je to všechno od filmů, přes písničky, textáky až po fotky a všechny takové věci. Nejdou spustit pak na žádném pc. Nevíte jak se zbavit tohoto zablokování a vrátit soubory do normálu?

[Rudy]

Zdravím!
Zkusíme tento postup: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[mimo]

Zde to je šéfe


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by mimo (administrator) on MSI on 27-07-2014 20:45:25
Running from C:\Users\mimo\Desktop
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Users\mimo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Allstar Group, s.r.o.) C:\Program Files\GamePark2\gpcl.exe
() C:\Users\mimo\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\mimo\Desktop\FRSTLauncher (3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-03-22] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-09-06] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-08-22] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [408232 2013-08-22] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5634800 2012-06-14] (ESET)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-02] (cyberlink)
HKLM-x32\...\Run: [BlueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [Advanced SystemCare 3] => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2342608 2010-02-01] (IObit)
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2014-01-09] ()
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\mimo\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\mimo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Run: [Otlics Update] => regsvr32.exe C:\Users\mimo\AppData\Local\Otlics\webapprt-stub.dll

HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\MountPoints2: {e1c1b2ec-f848-11e3-be94-8c89a50e7276} - "G:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
SearchScopes: HKLM - DefaultScope {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM-x32 - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL =
SearchScopes: HKLM-x32 - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKCU - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL =
SearchScopes: HKCU - {81011E39-A0F7-41EF-96CF-4802A9780789} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {88F7F8C6-6326-4F41-B98B-503043F5E2CD} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {94D3294C-F6D5-4863-ACD0-4536F0459CD6} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {99E01646-4330-4DB3-9F04-9E7CD077F42E} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {A734D46C-0FD7-4783-A21D-7EE9F70ED811} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {AE3DE580-CBEC-4FA5-A108-A4CC0D3820B3} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {CABC489B-4019-487A-9102-91BF4D2C127F} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {D260BBB6-5678-4B02-8836-3D35B7C71B2D} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {DC85170D-44BD-4200-AFB5-901D89118A44} URL = http://search.conduit.com/ResultsExt.as ... 70333&UM=1
SearchScopes: HKCU - {EDCF6918-A47D-482B-854A-5DFDC1EFF90F} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-26]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (AdBlock) - C:\Users\mimo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-09]
CHR Extension: (Peněženka Google) - C:\Users\mimo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-08] (BlueStack Systems, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-26] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-03] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1288104 2012-06-14] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [98672 2013-09-06] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-08-22] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-09] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-07-07] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-12-07] (SolidWorks) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-20] (Stardock Software, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-17] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-08] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-23] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-06-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [149592 2012-06-14] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [138232 2012-06-14] (ESET)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows (R) Win 7 DDK provider)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-05-17] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-09-06] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [407112 2013-09-06] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-09-06] (Realtek Semiconductor Corporation )
S1 3813f185; \??\C:\Windows\system32\drivers\3813f185.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 20:45 - 2014-07-27 20:45 - 00028255 _____ () C:\Users\mimo\Desktop\FRST.txt
2014-07-27 20:44 - 2014-07-27 20:45 - 00000000 ____D () C:\FRST
2014-07-27 20:43 - 2014-07-27 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\FRSTLauncher (3).exe
2014-07-27 20:43 - 2014-07-27 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Desktop\FRSTLauncher (3).exe
2014-07-27 20:43 - 2014-07-27 20:41 - 02093568 _____ (Farbar) C:\Users\mimo\Desktop\FRST64.exe
2014-07-27 20:41 - 2014-07-27 20:41 - 02093568 _____ (Farbar) C:\Users\mimo\Downloads\FRST64.exe
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 865319.crdownload
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 216810.crdownload
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 20620.crdownload
2014-07-27 14:47 - 2014-07-27 14:47 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-27 14:47 - 2014-07-27 14:47 - 00002296 _____ () C:\Users\mimo\Desktop\SpyHunter.lnk
2014-07-27 14:47 - 2014-07-27 14:47 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-27 14:47 - 2014-07-27 14:47 - 00000000 ____D () C:\sh4ldr
2014-07-27 14:44 - 2014-07-27 14:45 - 14960403 _____ () C:\Users\mimo\Downloads\SpyHunter 4.1.11.0 + Crack.rar
2014-07-27 14:36 - 2014-07-27 14:36 - 00000000 ___SD () C:\Users\mimo\Documents\Passwords Database
2014-07-27 08:31 - 2014-07-27 14:38 - 00031692 _____ () C:\Windows\PFRO.log
2014-07-27 00:12 - 2014-07-27 15:33 - 00002035 _____ () C:\o.xml
2014-07-27 00:12 - 2014-07-27 15:33 - 00001657 _____ () C:\c.xml
2014-07-26 22:53 - 2014-07-27 14:47 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-07-26 22:53 - 2014-07-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-07-26 22:47 - 2014-07-26 22:49 - 15169308 _____ () C:\Users\mimo\Downloads\SpyHunter.4.1.11.rar
2014-07-26 22:45 - 2014-07-27 20:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 22:45 - 2014-07-26 22:45 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 22:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-26 22:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-26 22:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-26 22:43 - 2014-07-26 22:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mimo\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-26 22:42 - 2014-07-26 22:44 - 11856630 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-4.16.5.4290-CZ-(ML)-Portable.exe
2014-07-26 22:38 - 2014-07-26 22:38 - 00000000 ____D () C:\Users\mimo\AppData\Local\ESET
2014-07-26 22:09 - 2014-07-27 19:39 - 00207107 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-07-26 21:06 - 2014-07-26 21:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-26 21:06 - 2014-07-26 21:06 - 00000000 _____ () C:\autoexec.bat
2014-07-26 21:05 - 2014-07-26 22:50 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-26 21:00 - 2014-07-26 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-installer.exe
2014-07-26 21:00 - 2014-07-26 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-installer (1).exe
2014-07-25 18:05 - 2014-07-25 18:05 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076 (2).exe
2014-07-25 17:53 - 2014-07-25 17:53 - 10420256 _____ (CCCP Project ) C:\Users\mimo\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2014-07-25 17:39 - 2014-07-25 17:39 - 00260471 _____ () C:\Users\mimo\Downloads\Mpeg2DSSetup (1).exe
2014-07-25 17:38 - 2014-07-25 17:38 - 00260471 _____ () C:\Users\mimo\Downloads\Mpeg2DSSetup.exe
2014-07-25 17:36 - 2014-07-25 17:36 - 00000000 ____D () C:\Users\mimo\AppData\Local\Creative
2014-07-25 17:35 - 2014-07-25 17:35 - 00000000 ____D () C:\ProgramData\GRETECH
2014-07-25 17:34 - 2014-07-25 17:34 - 00000000 ____D () C:\Users\mimo\Documents\GomPlayer
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\GRETECH
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2014-07-25 00:07 - 2014-07-25 00:07 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-24 23:58 - 2014-07-24 23:59 - 24677393 _____ () C:\Users\mimo\Downloads\vlc-2.1.3-win32 (1).exe
2014-07-24 23:55 - 2014-07-25 17:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-24 23:52 - 2014-07-24 23:54 - 24677393 _____ () C:\Users\mimo\Downloads\vlc-2.1.3-win32.exe
2014-07-24 23:37 - 2014-06-14 16:03 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll
2014-07-24 23:34 - 2014-07-24 23:35 - 32632278 _____ ( ) C:\Users\mimo\Downloads\K-Lite_Mega_Codec_Pack_10.6.0.exe
2014-07-24 23:32 - 2014-07-24 23:34 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2014-07-24 23:31 - 2014-07-24 23:31 - 01361419 _____ () C:\Users\mimo\Downloads\MatroskaSplitter.exe
2014-07-24 23:31 - 2014-07-24 23:31 - 01344989 _____ () C:\Users\mimo\Downloads\Haali_MatroskaSplitter-03.03.2011.zip
2014-07-24 23:22 - 2014-07-24 23:23 - 10898649 _____ () C:\Users\mimo\Downloads\BS.Player.PRO.v2.61-full--janco.rar
2014-07-24 23:22 - 2014-07-24 23:22 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076 (1).exe
2014-07-24 23:20 - 2014-07-25 18:14 - 00000009 _____ () C:\END
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Users\mimo\AppData\Local\Tbccint
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\ProgramData\Tbccint
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-07-24 23:18 - 2014-07-24 23:18 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076.exe
2014-07-24 17:45 - 2014-07-24 17:45 - 00008196 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:45 - 2014-07-24 17:45 - 00008196 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:45 - 2014-07-24 17:45 - 00004142 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:45 - 2014-07-24 17:45 - 00004142 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:45 - 2014-07-24 17:45 - 00000272 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-24 17:45 - 2014-07-24 17:45 - 00000272 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.URL
2014-07-24 17:06 - 2014-07-24 17:06 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:06 - 2014-07-24 17:06 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:06 - 2014-07-24 17:06 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-24 17:06 - 2014-07-24 17:06 - 00000000 ____D () C:\Windows\Sun
2014-07-24 17:05 - 2014-07-26 23:18 - 00000000 ____D () C:\ProgramData\AlepMobag
2014-07-22 11:18 - 2014-07-22 11:18 - 00000017 _____ () C:\ProgramData\systemskey.ini
2014-07-22 09:41 - 2014-07-22 09:41 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Publish Providers
2014-07-14 20:22 - 2014-07-14 22:41 - 2104940423 _____ () C:\Users\mimo\Downloads\Misery-(1990)-CZ,-ENG-Titulky.zip
2014-07-14 10:27 - 2014-07-25 17:20 - 00000000 ____D () C:\Users\mimo\Desktop\Hody 2014
2014-07-08 21:29 - 2014-07-09 09:50 - 00000000 ____D () C:\Users\mimo\AppData\Local\Adobe
2014-07-08 21:15 - 2014-07-27 20:26 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 21:15 - 2014-07-27 17:52 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 21:15 - 2014-07-16 21:29 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 21:15 - 2014-07-08 21:21 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 21:15 - 2014-07-08 21:21 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-08 21:15 - 2014-07-08 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-06 08:49 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-06 08:48 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-06 08:48 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-06 08:48 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-06 08:48 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-05 15:31 - 2014-07-05 15:31 - 00001733 _____ () C:\Users\mimo\Desktop\Photoshop – zástupce.lnk
2014-07-05 15:27 - 2014-07-05 15:27 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-05 15:26 - 2014-07-05 15:27 - 00000000 ____D () C:\Program Files\Adobe
2014-07-05 15:26 - 2014-07-05 15:26 - 00001367 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-05 15:26 - 2014-07-05 15:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-05 15:25 - 2014-07-05 15:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 15:25 - 2014-07-05 15:25 - 00001533 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-05 15:24 - 2014-07-05 15:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-05 15:01 - 2014-07-05 15:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-01 11:38 - 2014-07-01 23:58 - 00746634 _____ () C:\Users\mimo\Documents\trail.txt.24
2014-07-01 11:38 - 2014-07-01 11:38 - 00000605 _____ () C:\Users\mimo\Documents\trail.txt.23
2014-07-01 11:37 - 2014-07-01 11:37 - 00001587 _____ () C:\Users\mimo\Documents\trail.txt.22
2014-07-01 10:43 - 2014-07-01 11:37 - 00218159 _____ () C:\Users\mimo\Documents\trail.txt.21
2014-06-30 23:04 - 2014-06-30 23:05 - 00004316 _____ () C:\Users\mimo\Documents\trail.txt.20
2014-06-30 23:04 - 2014-06-30 23:04 - 00001155 _____ () C:\Windows\SysWOW64\trail.txt.1
2014-06-30 21:53 - 2014-06-30 23:03 - 00375468 _____ () C:\Users\mimo\Documents\trail.txt.19
2014-06-30 21:35 - 2014-06-30 21:53 - 00127045 _____ () C:\Users\mimo\Documents\trail.txt.18
2014-06-30 12:07 - 2014-06-30 21:35 - 00049575 _____ () C:\Users\mimo\Documents\trail.txt.17
2014-06-30 11:35 - 2014-06-30 12:07 - 00229071 _____ () C:\Users\mimo\Documents\trail.txt.16
2014-06-30 09:51 - 2014-07-25 17:20 - 00000000 ____D () C:\Users\mimo\Desktop\Příručka ProEngineer
2014-06-30 09:26 - 2014-06-30 11:35 - 00489780 _____ () C:\Users\mimo\Documents\trail.txt.15
2014-06-27 11:34 - 2014-06-28 11:56 - 00339561 _____ () C:\Users\mimo\Documents\trail.txt.14

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 20:45 - 2014-07-27 20:45 - 00028255 _____ () C:\Users\mimo\Desktop\FRST.txt
2014-07-27 20:45 - 2014-07-27 20:44 - 00000000 ____D () C:\FRST
2014-07-27 20:45 - 2014-01-09 20:16 - 00000000 ____D () C:\Users\mimo\AppData\Local\PMB Files
2014-07-27 20:45 - 2013-11-08 20:49 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Skype
2014-07-27 20:43 - 2014-07-27 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\FRSTLauncher (3).exe
2014-07-27 20:43 - 2014-07-27 20:43 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Desktop\FRSTLauncher (3).exe
2014-07-27 20:41 - 2014-07-27 20:43 - 02093568 _____ (Farbar) C:\Users\mimo\Desktop\FRST64.exe
2014-07-27 20:41 - 2014-07-27 20:41 - 02093568 _____ (Farbar) C:\Users\mimo\Downloads\FRST64.exe
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 865319.crdownload
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 216810.crdownload
2014-07-27 20:41 - 2014-07-27 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\mimo\Downloads\Nepotvrzeno 20620.crdownload
2014-07-27 20:35 - 2014-07-26 22:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 20:26 - 2014-07-08 21:15 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 20:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-27 19:57 - 2014-01-21 21:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 19:39 - 2014-07-26 22:09 - 00207107 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 17:57 - 2014-05-14 23:04 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Seznam.cz
2014-07-27 17:53 - 2013-11-10 22:57 - 00000406 _____ () C:\Windows\Tasks\AWC AutoSweep.job
2014-07-27 17:53 - 2013-11-08 20:03 - 00059611 _____ () C:\Users\mimo\AppData\Local\BTServer.log
2014-07-27 17:53 - 2013-09-07 02:29 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-07-27 17:52 - 2014-07-08 21:15 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 17:51 - 2013-09-07 02:30 - 00000000 ____D () C:\ProgramData\Realtek
2014-07-27 17:51 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 17:50 - 2014-04-07 17:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 17:50 - 2014-04-07 17:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 15:33 - 2014-07-27 00:12 - 00002035 _____ () C:\o.xml
2014-07-27 15:33 - 2014-07-27 00:12 - 00001657 _____ () C:\c.xml
2014-07-27 15:10 - 2014-04-07 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 14:47 - 2014-07-27 14:47 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-07-27 14:47 - 2014-07-27 14:47 - 00002296 _____ () C:\Users\mimo\Desktop\SpyHunter.lnk
2014-07-27 14:47 - 2014-07-27 14:47 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-07-27 14:47 - 2014-07-27 14:47 - 00000000 ____D () C:\sh4ldr
2014-07-27 14:47 - 2014-07-26 22:53 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-07-27 14:45 - 2014-07-27 14:44 - 14960403 _____ () C:\Users\mimo\Downloads\SpyHunter 4.1.11.0 + Crack.rar
2014-07-27 14:38 - 2014-07-27 08:31 - 00031692 _____ () C:\Windows\PFRO.log
2014-07-27 14:37 - 2014-01-19 18:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-27 14:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-27 14:36 - 2014-07-27 14:36 - 00000000 ___SD () C:\Users\mimo\Documents\Passwords Database
2014-07-27 14:36 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-27 11:33 - 2013-11-08 20:10 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1051548242-2753322845-1442528999-1002
2014-07-27 08:48 - 2013-11-24 16:17 - 00000000 ____D () C:\Program Files (x86)\BS_Player_ControlBar
2014-07-27 08:29 - 2013-07-20 10:47 - 00000000 ____D () C:\Windows\lv
2014-07-26 23:18 - 2014-07-24 17:05 - 00000000 ____D () C:\ProgramData\AlepMobag
2014-07-26 23:18 - 2013-11-24 16:17 - 00000000 ____D () C:\ProgramData\Conduit
2014-07-26 22:53 - 2014-07-26 22:53 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-07-26 22:50 - 2014-07-26 21:05 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-26 22:49 - 2014-07-26 22:47 - 15169308 _____ () C:\Users\mimo\Downloads\SpyHunter.4.1.11.rar
2014-07-26 22:45 - 2014-07-26 22:45 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-26 22:45 - 2014-07-26 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-26 22:44 - 2014-07-26 22:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\mimo\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-26 22:44 - 2014-07-26 22:42 - 11856630 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-4.16.5.4290-CZ-(ML)-Portable.exe
2014-07-26 22:38 - 2014-07-26 22:38 - 00000000 ____D () C:\Users\mimo\AppData\Local\ESET
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-07-26 22:04 - 2014-07-26 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-07-26 21:06 - 2014-07-26 21:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-26 21:06 - 2014-07-26 21:06 - 00000000 _____ () C:\autoexec.bat
2014-07-26 21:00 - 2014-07-26 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-installer.exe
2014-07-26 21:00 - 2014-07-26 21:00 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\mimo\Downloads\SpyHunter-installer (1).exe
2014-07-26 20:57 - 2014-05-15 09:52 - 00000330 _____ () C:\Users\mimo\rgut
2014-07-25 18:18 - 2013-11-24 16:22 - 00000000 ____D () C:\Program Files (x86)\Webteh
2014-07-25 18:14 - 2014-07-24 23:20 - 00000009 _____ () C:\END
2014-07-25 18:14 - 2013-11-08 20:54 - 00000000 ____D () C:\Users\mimo\AppData\Local\CrashDumps
2014-07-25 18:05 - 2014-07-25 18:05 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076 (2).exe
2014-07-25 17:53 - 2014-07-25 17:53 - 10420256 _____ (CCCP Project ) C:\Users\mimo\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2014-07-25 17:39 - 2014-07-25 17:39 - 00260471 _____ () C:\Users\mimo\Downloads\Mpeg2DSSetup (1).exe
2014-07-25 17:38 - 2014-07-25 17:38 - 00260471 _____ () C:\Users\mimo\Downloads\Mpeg2DSSetup.exe
2014-07-25 17:36 - 2014-07-25 17:36 - 00000000 ____D () C:\Users\mimo\AppData\Local\Creative
2014-07-25 17:35 - 2014-07-25 17:35 - 00000000 ____D () C:\ProgramData\GRETECH
2014-07-25 17:34 - 2014-07-25 17:34 - 00000000 ____D () C:\Users\mimo\Documents\GomPlayer
2014-07-25 17:33 - 2014-06-23 10:35 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\GRETECH
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-07-25 17:32 - 2014-07-25 17:32 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2014-07-25 17:27 - 2014-07-24 23:55 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-25 17:20 - 2014-07-14 10:27 - 00000000 ____D () C:\Users\mimo\Desktop\Hody 2014
2014-07-25 17:20 - 2014-06-30 09:51 - 00000000 ____D () C:\Users\mimo\Desktop\Příručka ProEngineer
2014-07-25 17:20 - 2014-06-23 10:28 - 00000000 ____D () C:\Users\mimo\Desktop\ProEngineer Wildfire 4.0 win32 x86
2014-07-25 17:20 - 2013-12-25 18:40 - 00000000 ____D () C:\Users\mimo\Desktop\Priklady (C++)
2014-07-25 17:20 - 2013-12-07 16:15 - 00000000 ____D () C:\Users\mimo\Desktop\SolidWorks
2014-07-25 17:20 - 2013-12-07 10:52 - 00000000 ____D () C:\SolidWorks Data
2014-07-25 17:20 - 2013-09-06 18:20 - 00000000 ____D () C:\Users\Public\Desktop\User Manual
2014-07-25 00:07 - 2014-07-25 00:07 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-24 23:59 - 2014-07-24 23:58 - 24677393 _____ () C:\Users\mimo\Downloads\vlc-2.1.3-win32 (1).exe
2014-07-24 23:54 - 2014-07-24 23:52 - 24677393 _____ () C:\Users\mimo\Downloads\vlc-2.1.3-win32.exe
2014-07-24 23:35 - 2014-07-24 23:34 - 32632278 _____ ( ) C:\Users\mimo\Downloads\K-Lite_Mega_Codec_Pack_10.6.0.exe
2014-07-24 23:34 - 2014-07-24 23:32 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2014-07-24 23:32 - 2013-11-10 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2014-07-24 23:31 - 2014-07-24 23:31 - 01361419 _____ () C:\Users\mimo\Downloads\MatroskaSplitter.exe
2014-07-24 23:31 - 2014-07-24 23:31 - 01344989 _____ () C:\Users\mimo\Downloads\Haali_MatroskaSplitter-03.03.2011.zip
2014-07-24 23:23 - 2014-07-24 23:22 - 10898649 _____ () C:\Users\mimo\Downloads\BS.Player.PRO.v2.61-full--janco.rar
2014-07-24 23:22 - 2014-07-24 23:22 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076 (1).exe
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Users\mimo\AppData\Local\Tbccint
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\ProgramData\Tbccint
2014-07-24 23:19 - 2014-07-24 23:19 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2014-07-24 23:18 - 2014-07-24 23:18 - 00771576 _____ (© 2014 ClientConnect Ltd.) C:\Users\mimo\Downloads\bsplayer267-1076.exe
2014-07-24 22:49 - 2013-11-08 20:03 - 00000000 ____D () C:\Users\mimo
2014-07-24 22:38 - 2013-12-01 22:47 - 00000000 ____D () C:\Users\mimo\Documents\Visual Studio 2010
2014-07-24 22:37 - 2014-06-14 10:38 - 00000000 ____D () C:\Users\mimo\Documents\CyberLink
2014-07-24 22:37 - 2013-11-23 21:22 - 00000000 ____D () C:\Users\mimo\Documents\My Games
2014-07-24 17:57 - 2014-05-22 20:29 - 63453720 _____ () C:\Users\mimo\Documents\layout.avi
2014-07-24 17:47 - 2014-01-22 14:02 - 00091160 _____ () C:\Users\mimo\Desktop\Misery.1990.1080p.BRRip.H264-MAJO ENG.srt
2014-07-24 17:47 - 2014-01-22 00:06 - 2106096023 _____ () C:\Users\mimo\Desktop\Misery.1990.1080p.BRRip.H264-MAJO.mp4
2014-07-24 17:45 - 2014-07-24 17:45 - 00008196 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:45 - 2014-07-24 17:45 - 00008196 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:45 - 2014-07-24 17:45 - 00004142 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:45 - 2014-07-24 17:45 - 00004142 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:45 - 2014-07-24 17:45 - 00000272 _____ () C:\Users\mimo\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-07-24 17:45 - 2014-07-24 17:45 - 00000272 _____ () C:\Users\mimo\AppData\DECRYPT_INSTRUCTION.URL
2014-07-24 17:45 - 2014-04-14 18:19 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\LibreOffice
2014-07-24 17:45 - 2014-04-02 20:24 - 00000000 ____D () C:\Users\mimo\AppData\Local\PunkBuster
2014-07-24 17:45 - 2014-03-26 01:22 - 00000000 ____D () C:\Users\mimo\AppData\Local\Skype
2014-07-24 17:45 - 2014-03-15 22:02 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\.minecraft
2014-07-24 17:45 - 2014-02-05 20:06 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Sony
2014-07-24 17:45 - 2014-01-09 21:39 - 00000000 ____D () C:\Riot Games
2014-07-24 17:45 - 2013-12-07 10:49 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\SolidWorks
2014-07-24 17:45 - 2013-11-23 18:41 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\DAEMON Tools Lite
2014-07-24 17:45 - 2013-11-14 19:24 - 00000000 ____D () C:\Users\mimo\AppData\Local\Rockstar Games
2014-07-24 17:45 - 2013-11-14 19:19 - 00000000 __RHD () C:\Users\mimo\AppData\Roaming\SecuROM
2014-07-24 17:45 - 2013-11-08 20:11 - 00000000 ____D () C:\Users\mimo\AppData\Local\Google
2014-07-24 17:45 - 2013-11-08 20:04 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Adobe
2014-07-24 17:06 - 2014-07-24 17:06 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-07-24 17:06 - 2014-07-24 17:06 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-07-24 17:06 - 2014-07-24 17:06 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-07-24 17:06 - 2014-07-24 17:06 - 00000000 ____D () C:\Windows\Sun
2014-07-24 17:06 - 2014-06-23 10:45 - 00006168 _____ () C:\ptcsetup.bak
2014-07-24 17:06 - 2013-12-07 11:00 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-07-24 17:06 - 2013-11-14 19:24 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-07-24 17:06 - 2013-09-07 02:25 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-24 17:05 - 2014-05-18 19:19 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager
2014-07-24 17:05 - 2013-09-07 03:18 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-07-24 16:31 - 2013-11-09 21:03 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-07-24 16:29 - 2013-09-07 02:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-22 13:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-22 12:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-22 11:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-22 11:18 - 2014-07-22 11:18 - 00000017 _____ () C:\ProgramData\systemskey.ini
2014-07-22 09:41 - 2014-07-22 09:41 - 00000000 ____D () C:\Users\mimo\AppData\Roaming\Publish Providers
2014-07-22 09:33 - 2013-07-20 11:29 - 00793838 _____ () C:\Windows\system32\perfh005.dat
2014-07-22 09:33 - 2013-07-20 11:29 - 00172944 _____ () C:\Windows\system32\perfc005.dat
2014-07-22 09:33 - 2012-07-26 09:28 - 01901122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 09:26 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-16 21:29 - 2014-07-08 21:15 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-14 22:41 - 2014-07-14 20:22 - 2104940423 _____ () C:\Users\mimo\Downloads\Misery-(1990)-CZ,-ENG-Titulky.zip
2014-07-11 14:05 - 2014-04-14 16:24 - 05114896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-11 10:59 - 2014-02-05 20:07 - 00000000 ____D () C:\Users\mimo\AppData\Local\Otlics
2014-07-09 09:50 - 2014-07-08 21:29 - 00000000 ____D () C:\Users\mimo\AppData\Local\Adobe
2014-07-08 21:21 - 2014-07-08 21:15 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 21:21 - 2014-07-08 21:15 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-08 21:20 - 2014-01-21 19:22 - 00000000 ____D () C:\Users\mimo\AppData\Local\Opera Software
2014-07-08 21:20 - 2014-01-21 19:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-08 21:15 - 2014-07-08 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 21:15 - 2013-11-08 20:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-08 21:13 - 2014-01-21 21:06 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:59 - 2014-02-04 21:57 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 19:34 - 2014-01-09 20:16 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-07 22:18 - 2014-04-02 20:25 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-07 22:18 - 2013-11-09 20:58 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-07 22:18 - 2013-11-09 20:58 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-07 09:59 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-05 15:31 - 2014-07-05 15:31 - 00001733 _____ () C:\Users\mimo\Desktop\Photoshop – zástupce.lnk
2014-07-05 15:27 - 2014-07-05 15:27 - 00001085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-05 15:27 - 2014-07-05 15:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-05 15:27 - 2014-07-05 15:26 - 00000000 ____D () C:\Program Files\Adobe
2014-07-05 15:27 - 2014-07-05 15:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-05 15:26 - 2014-07-05 15:26 - 00001367 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-05 15:26 - 2014-07-05 15:26 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-05 15:26 - 2014-07-05 15:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-05 15:25 - 2014-07-05 15:25 - 00001533 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-05 15:25 - 2014-07-05 15:01 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-01 23:58 - 2014-07-01 11:38 - 00746634 _____ () C:\Users\mimo\Documents\trail.txt.24
2014-07-01 11:38 - 2014-07-01 11:38 - 00000605 _____ () C:\Users\mimo\Documents\trail.txt.23
2014-07-01 11:37 - 2014-07-01 11:37 - 00001587 _____ () C:\Users\mimo\Documents\trail.txt.22
2014-07-01 11:37 - 2014-07-01 10:43 - 00218159 _____ () C:\Users\mimo\Documents\trail.txt.21
2014-06-30 23:05 - 2014-06-30 23:04 - 00004316 _____ () C:\Users\mimo\Documents\trail.txt.20
2014-06-30 23:04 - 2014-06-30 23:04 - 00001155 _____ () C:\Windows\SysWOW64\trail.txt.1
2014-06-30 23:03 - 2014-06-30 21:53 - 00375468 _____ () C:\Users\mimo\Documents\trail.txt.19
2014-06-30 21:53 - 2014-06-30 21:35 - 00127045 _____ () C:\Users\mimo\Documents\trail.txt.18
2014-06-30 21:35 - 2014-06-30 12:07 - 00049575 _____ () C:\Users\mimo\Documents\trail.txt.17
2014-06-30 12:07 - 2014-06-30 11:35 - 00229071 _____ () C:\Users\mimo\Documents\trail.txt.16
2014-06-30 11:35 - 2014-06-30 09:26 - 00489780 _____ () C:\Users\mimo\Documents\trail.txt.15
2014-06-28 11:56 - 2014-06-27 11:34 - 00339561 _____ () C:\Users\mimo\Documents\trail.txt.14

Some content of TEMP:
====================
C:\Users\mimo\AppData\Local\Temp\ExPromo.exe
C:\Users\mimo\AppData\Local\Temp\InstHelper.exe
C:\Users\mimo\AppData\Local\Temp\NSISPromotionEx.dll
C:\Users\mimo\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-26 23:34




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS_Install) (Fixed) (Total:472.25 GB) (Free:390.48 GB) NTFS
Drive d: (Data) (Fixed) (Total:205.72 GB) (Free:152.7 GB) NTFS
Drive h: (Transcend) (Fixed) (Total:931.51 GB) (Free:740.46 GB) NTFS

Available physical RAM: 4071.46 MB
Total physical RAM: 8111.71 MB
Percentage of memory in use: 49%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 699 GB) (Disk ID: CC0FA62A)
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D5ECF933)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AWC AutoSweep.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Kaspersky PURE 3.0 (Disabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\mimo\Desktop" je 4511 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\MountPoints2: {e1c1b2ec-f848-11e3-be94-8c89a50e7276} - "G:\setup.exe"
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
SearchScopes: HKLM - DefaultScope {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM-x32 - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL =
SearchScopes: HKLM-x32 - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKCU - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL =
SearchScopes: HKCU - {DC85170D-44BD-4200-AFB5-901D89118A44} URL = http://search.conduit.com/ResultsExt.as ... 70333&UM=1
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S1 3813f185; \??\C:\Windows\system32\drivers\3813f185.sys [X]
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\Conduit
C:\Users\mimo\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Doporučuji odinstalovat AdvancedSystemCare. Důvod: viewtopic.php?f=14&t=127320 .

[mimo]

Zde je ten log :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by mimo at 2014-07-27 22:09:03 Run:1
Running from C:\Users\mimo\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\...\MountPoints2: {e1c1b2ec-f848-11e3-be94-8c89a50e7276} - "G:\setup.exe"
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
URLSearchHook: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
URLSearchHook: HKCU - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
SearchScopes: HKLM - DefaultScope {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKLM-x32 - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL =
SearchScopes: HKLM-x32 - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL = http://www.bing.com/search?q={searchTer ... &pc=MAMIJS;
SearchScopes: HKCU - DefaultScope {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {0E10CE65-F973-4C8A-93AE-07DDB697630C} URL = http://trovi.com/ResultsExt.aspx?q={sea ... 57515&UM=4
SearchScopes: HKCU - {10CA9157-A69F-4B12-82E6-51656AE38EF1} URL =
SearchScopes: HKCU - {DC85170D-44BD-4200-AFB5-901D89118A44} URL = http://search.conduit.com/ResultsExt.as ... 70333&UM=1
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: BS Player ControlBar Toolbar -> {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} -> C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKLM-x32 - BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player_ControlBar\prxtbBS_P.dll No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S1 3813f185; \??\C:\Windows\system32\drivers\3813f185.sys [X]
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\Conduit
C:\Users\mimo\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value deleted successfully.
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
"HKU\S-1-5-21-1051548242-2753322845-1442528999-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1c1b2ec-f848-11e3-be94-8c89a50e7276}" => Key deleted successfully.
"HKCR\CLSID\{e1c1b2ec-f848-11e3-be94-8c89a50e7276}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key deleted successfully.
"HKCR\CLSID\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E10CE65-F973-4C8A-93AE-07DDB697630C}" => Key deleted successfully.
"HKCR\CLSID\{0E10CE65-F973-4C8A-93AE-07DDB697630C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key deleted successfully.
"HKCR\CLSID\{10CA9157-A69F-4B12-82E6-51656AE38EF1}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC85170D-44BD-4200-AFB5-901D89118A44}" => Key deleted successfully.
"HKCR\CLSID\{DC85170D-44BD-4200-AFB5-901D89118A44}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => value deleted successfully.
"HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data" => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000016 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000016 => Deleted successfully.
c2cautoupdatesvc => Unable to stop service
c2cautoupdatesvc => Service deleted successfully.
3813f185 => Service deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => Moved successfully.
C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.

"C:\Users\mimo\AppData\Local\Temp" directory move:

C:\Users\mimo\AppData\Local\Temp\.bk => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\1511610099158455421.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\1511610099158460812.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\1511610099166849687.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\1511610099174051406.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\1511610099193517609.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\192472078.bat => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\3590660602158453812.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\3590660602158459562.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\3590660602166847406.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\4153031819158463562.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\amt3.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\AvgRep.xml => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\catalog0 => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\cb10452_73856677.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\cb2192_73847118.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\EsgScanner.inf => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\ESGScanner.sys => Moved successfully.
Could not move "C:\Users\mimo\AppData\Local\Temp\etilqs_ccc3g6N1DxVAscc" => Scheduled to move on reboot.
Could not move "C:\Users\mimo\AppData\Local\Temp\etilqs_iSyXVkBTOWF6m78" => Scheduled to move on reboot.
C:\Users\mimo\AppData\Local\Temp\ExPromo.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\IWCSDrvInstaller.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Lang_cs-CZ.msi => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\mimo.bmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\MSI5012a.LOG => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\MSI581.LOG => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\MSIbe6f9.LOG => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\MSIfc44.LOG => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\MSIfcb94.LOG => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsd7B28.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsd9683.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nse4C13.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nshA149.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsi3E85.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsi8A3D.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\NSISPromotionEx.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\NSISPromotionEx.ini => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsq28C.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsr7A89.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nss96F7.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nst8887.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstCBF.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nsx304D.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\OpenSearch214912718.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Silverlight0.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\SilverlightMSI.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\TUInstallLogBP_2014-07-25_15-33-01.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\TUInstallLogLP_2014-07-25_15-33-01.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\TUM105A.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\TUM1165.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\tuneupmsi.7z => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\ucaevents.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\winstore.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~117F.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~3D0D.tmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~DF0CC092C02CE49848.TMP => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~DF15C096FED8141386.TMP => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~DF2610F5E0C9E77A9A.TMP => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~DF7C30636E811C31C6.TMP => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\~DFF07B7C850978F73D.TMP => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\splogs\spLog.log => Moved successfully.
Could not move "C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-0FPMTiXt9FOUJIi2bAB5N5jH" => Scheduled to move on reboot.
Could not move "C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-phzpoOlghddc6BDdcPdgutYo" => Scheduled to move on reboot.
Could not move "C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-ws8hdVhXdgIqNH8lvV6mPflK" => Scheduled to move on reboot.
Could not move "C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-YFw0jodat9eiLa1ivHem81uB" => Scheduled to move on reboot.
C:\Users\mimo\AppData\Local\Temp\Rar$EXa0.625\SpyHunter 4.1.11.0 + Crack\README.txt => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Rar$EXa0.625\SpyHunter 4.1.11.0 + Crack\spyhunterS.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Rar$EXa0.625\SpyHunter 4.1.11.0 + Crack\Crack\SpyHunter4.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Rar$DRa1.227\SpyHunter 4.1.11.0 + Crack\Crack\SpyHunter4.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\Rar$DRa0.227\SpyHunter 4.1.11.0 + Crack\Crack\SpyHunter4.exe => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\AdvSplash.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\AlwaysOnTop.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\CPUFeatures.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\InstallOptions.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\ioSpecial.ini => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\modern-header.bmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\nsDialogs.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\nsisos.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\System.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\nstC07B.tmp\UserInfo.dll => Moved successfully.
C:\Users\mimo\AppData\Local\Temp\0\ddt.csf => Moved successfully.
Could not move "C:\Users\mimo\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-27 22:13:08)<=

C:\Users\mimo\AppData\Local\Temp\etilqs_ccc3g6N1DxVAscc => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp\etilqs_iSyXVkBTOWF6m78 => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-0FPMTiXt9FOUJIi2bAB5N5jH => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-phzpoOlghddc6BDdcPdgutYo => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-ws8hdVhXdgIqNH8lvV6mPflK => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp\Skype\DbTemp\temp-YFw0jodat9eiLa1ivHem81uB => Is moved successfully.
C:\Users\mimo\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====


Po fixu vyžadoval PC restart, tak jsem restartoval a po opětovném zapnutí se nechce načíst wifi ani jakýkoliv jiný druh připojení, skype a pc se zapne jako kdyby jen do půlky. Načte se plocha a většina programů ale zbytek ne a vyhazuje to nějaké okna s errory viz obrázek v příloze.

[Rudy]

Spusťte příkazový řádek a postupně zadejte:

netsh winsock reset catalog

a pak:

netsh int ip reset reset.log hit

Po každem zadání odentrujte. Nakonec restartujte PC.

[mimo]

Provedeno. Počítač se načetl již celý.

Bohužel stále soubory po řádění viru jsou stále zablokované

[Rudy]

Dekryptování je jiná věc a asi to bude problém. Dejte ještě log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[mimo]

ComboFix 14-07-25.01 - mimo . 07. 2014 18:38:28.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8112.4546 [GMT 2:00]
Spuštěný z: c:\users\mimo\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\systemskey.ini
c:\programdata\Tbccint
c:\programdata\Tbccint\IE\CT3329621\configutaion.json
c:\programdata\Tbccint\IE\CT3329621\SetupIcon.ico
c:\programdata\Tbccint\IE\CT3329621\UninstallerUI.exe
c:\programdata\Tbccint\Multi\CT3329621\configutaion.json
c:\programdata\Tbccint\Multi\CT3329621\SetupIcon.ico
c:\programdata\Tbccint\Multi\CT3329621\UninstallerUI.exe
c:\users\mimo\AppData\Local\Tbccint
c:\users\mimo\AppData\Local\Tbccint\Community Alerts\Alert.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Start8
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-28 )))))))))))))))))))))))))))))))
.
.
2014-07-27 18:44 . 2014-07-27 20:13 -------- d-----w- C:\FRST
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-07-27 12:47 . 2014-07-27 12:47 -------- d-----w- C:\sh4ldr
2014-07-25 15:36 . 2014-07-25 15:36 -------- d-----w- c:\users\mimo\AppData\Local\Creative
2014-07-25 15:35 . 2014-07-25 15:35 -------- d-----w- c:\programdata\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\users\mimo\AppData\Roaming\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\program files (x86)\GRETECH
2014-07-24 21:55 . 2014-07-25 15:27 -------- d-----w- c:\program files (x86)\VideoLAN
2014-07-24 21:37 . 2014-06-14 14:03 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-07-24 21:19 . 2014-07-24 21:19 -------- d-----w- c:\program files (x86)\Tbccint
2014-07-24 15:22 . 2014-07-24 15:22 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-07-24 15:06 . 2014-07-24 15:06 -------- d-----w- c:\windows\Sun
2014-07-24 15:05 . 2014-07-26 21:18 -------- d-----w- c:\programdata\AlepMobag
2014-07-22 07:41 . 2014-07-22 07:41 -------- d-----w- c:\users\mimo\AppData\Roaming\Publish Providers
2014-07-08 19:29 . 2014-07-09 07:50 -------- d-----w- c:\users\mimo\AppData\Local\Adobe
2014-07-06 06:49 . 2014-05-15 01:02 59424 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-06 06:48 . 2014-05-14 22:43 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-06 06:48 . 2014-05-14 22:43 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-07-06 06:48 . 2014-05-14 22:43 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-07-06 06:48 . 2014-05-14 22:42 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-07-05 13:27 . 2014-07-05 13:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-05 13:26 . 2014-07-05 13:27 -------- d-----w- c:\program files\Adobe
2014-07-05 13:24 . 2014-07-05 13:27 -------- d-----w- c:\program files\Common Files\Adobe
2014-07-05 13:02 . 2014-07-05 13:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 17:59 . 2014-02-04 19:57 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-07 20:18 . 2014-04-02 18:25 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-23 08:32 . 2014-06-23 08:32 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-20 02:44 . 2014-05-27 12:57 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-27 12:57 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-27 12:57 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-27 12:57 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-27 12:57 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-27 12:57 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-27 12:57 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-27 12:57 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-27 12:57 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2014-05-20 02:44 . 2014-05-27 12:57 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-27 12:57 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-27 12:57 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-27 12:57 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-27 12:57 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-27 12:57 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-27 12:57 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-27 12:57 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-02-18 21:14 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-09-07 00:25 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-09-07 00:25 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-09-07 00:25 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-09-07 00:25 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2013-09-07 00:25 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2013-09-07 00:25 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 01:25 . 2013-09-07 00:26 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-09-07 00:26 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-09-07 00:26 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-09-07 00:26 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-05-20 01:25 . 2013-09-07 00:26 1078616 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-09-07 00:26 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-14 23:49 . 2013-09-07 00:26 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-04-30 18:29 . 2013-12-03 18:37 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-03 18:37 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-01 2342608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2014-01-09 4287536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"cz.seznam.software.autoupdate"="c:\users\mimo\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\mimo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-02-07 490480]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2013-04-02 181208]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-01-07 597880]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-4-2 442880]
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-17 554496]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/09/06 18:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bwcW8x64.sys;c:\windows\SYSNATIVE\DRIVERS\bwcW8x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-16 19:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 19:13]
.
2014-07-28 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2013-11-10 13:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-06 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-06 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-06 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-06 13538376]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-04-23 253440]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2013-08-22 406920]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2013-08-22 408232]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-04-23 34432]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-14 5634800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-Otlics Update - c:\users\mimo\AppData\Local\Otlics\webapprt-stub.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-IECT3329621 - c:\programdata\Tbccint\IE\CT3329621\UninstallerUI.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1051548242-2753322845-1442528999-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:05,7c,d2,e5,46,0d,d3,8b,57,fa,e3,fc,1d,c4,66,4f,84,b9,68,54,20,
0f,94,61,55,5b,af,8f,df,f4,cc,4a,fc,3a,2a,af,d2,11,1a,2c,a3,f6,ac,cf,8a,d9,\
"rkeysecu"=hex:0f,5b,52,4a,7b,89,b0,b8,d5,ce,24,ce,7e,57,3b,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\users\mimo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-07-28 18:54:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-28 16:54
.
Před spuštěním: 418 877 050 880 bytes free
Po spuštění: 418 087 960 576 bytes free
.
- - End Of File - - 02E50B165DF02AA7399267D17C1F387A
5FB38429D5D77768867C76DCBDB35194

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files (x86)\Tbccint

Regnull::
[HKEY_USERS\S-1-5-21-1051548242-2753322845-1442528999-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[mimo]

Hotovo .
Zde log :
ComboFix 14-07-25.01 - mimo . 07. 2014 19:14:15.2.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8112.5816 [GMT 2:00]
Spuštěný z: c:\users\mimo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mimo\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Tbccint
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-28 )))))))))))))))))))))))))))))))
.
.
2014-07-28 17:18 . 2014-07-28 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-27 20:24 . 2014-07-28 17:17 -------- d-----w- c:\users\mimo\AppData\Local\Temp
2014-07-27 18:44 . 2014-07-27 20:13 -------- d-----w- C:\FRST
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-07-27 12:47 . 2014-07-27 12:47 -------- d-----w- C:\sh4ldr
2014-07-25 15:36 . 2014-07-25 15:36 -------- d-----w- c:\users\mimo\AppData\Local\Creative
2014-07-25 15:35 . 2014-07-25 15:35 -------- d-----w- c:\programdata\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\users\mimo\AppData\Roaming\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\program files (x86)\GRETECH
2014-07-24 21:55 . 2014-07-25 15:27 -------- d-----w- c:\program files (x86)\VideoLAN
2014-07-24 21:37 . 2014-06-14 14:03 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-07-24 15:22 . 2014-07-24 15:22 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-07-24 15:06 . 2014-07-24 15:06 -------- d-----w- c:\windows\Sun
2014-07-24 15:05 . 2014-07-26 21:18 -------- d-----w- c:\programdata\AlepMobag
2014-07-22 07:41 . 2014-07-22 07:41 -------- d-----w- c:\users\mimo\AppData\Roaming\Publish Providers
2014-07-08 19:29 . 2014-07-09 07:50 -------- d-----w- c:\users\mimo\AppData\Local\Adobe
2014-07-06 06:49 . 2014-05-15 01:02 59424 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-06 06:48 . 2014-05-14 22:43 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-06 06:48 . 2014-05-14 22:43 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-07-06 06:48 . 2014-05-14 22:43 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-07-06 06:48 . 2014-05-14 22:42 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-07-05 13:27 . 2014-07-05 13:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-05 13:26 . 2014-07-05 13:27 -------- d-----w- c:\program files\Adobe
2014-07-05 13:24 . 2014-07-05 13:27 -------- d-----w- c:\program files\Common Files\Adobe
2014-07-05 13:02 . 2014-07-05 13:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 17:59 . 2014-02-04 19:57 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-07 20:18 . 2014-04-02 18:25 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-23 08:32 . 2014-06-23 08:32 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-20 02:44 . 2014-05-27 12:57 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-27 12:57 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-27 12:57 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-27 12:57 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-27 12:57 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-27 12:57 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-27 12:57 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-27 12:57 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-27 12:57 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2014-05-20 02:44 . 2014-05-27 12:57 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-27 12:57 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-27 12:57 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-27 12:57 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-27 12:57 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-27 12:57 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-27 12:57 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-27 12:57 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-02-18 21:14 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-09-07 00:25 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-09-07 00:25 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-09-07 00:25 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-09-07 00:25 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2013-09-07 00:25 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2013-09-07 00:25 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 01:25 . 2013-09-07 00:26 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-09-07 00:26 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-09-07 00:26 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-09-07 00:26 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-05-20 01:25 . 2013-09-07 00:26 1078616 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-09-07 00:26 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-14 23:49 . 2013-09-07 00:26 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-04-30 18:29 . 2013-12-03 18:37 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-03 18:37 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-01 2342608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2014-01-09 4287536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"cz.seznam.software.autoupdate"="c:\users\mimo\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\mimo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-02-07 490480]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2013-04-02 181208]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-01-07 597880]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-4-2 442880]
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-17 554496]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/09/06 18:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bwcW8x64.sys;c:\windows\SYSNATIVE\DRIVERS\bwcW8x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-16 19:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 19:13]
.
2014-07-28 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2013-11-10 13:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-06 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-06 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-06 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-06 13538376]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-04-23 253440]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2013-08-22 406920]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2013-08-22 408232]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-04-23 34432]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-14 5634800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-IECT3329621 - c:\programdata\Tbccint\IE\CT3329621\UninstallerUI.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1051548242-2753322845-1442528999-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:05,7c,d2,e5,46,0d,d3,8b,57,fa,e3,fc,1d,c4,66,4f,84,b9,68,54,20,
0f,94,61,55,5b,af,8f,df,f4,cc,4a,fc,3a,2a,af,d2,11,1a,2c,a3,f6,ac,cf,8a,d9,\
"rkeysecu"=hex:0f,5b,52,4a,7b,89,b0,b8,d5,ce,24,ce,7e,57,3b,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\users\mimo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-07-28 19:24:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-28 17:24
ComboFix2.txt 2014-07-28 16:54
.
Před spuštěním: 418 105 126 912 bytes free
Po spuštění: 417 860 571 136 bytes free
.
- - End Of File - - 5F6535D40D0820F60D9917FC634CB1E3
5FB38429D5D77768867C76DCBDB35194


Co dál?

[Rudy]

Zkuste to ještě jednou, chybně jste uložil skript (CFScript.txt.txt). Správně má být CFScript.txt .

[mimo]

Snad to je už správně.


log :
ComboFix 14-07-25.01 - mimo . 07. 2014 21:36:26.4.8 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8112.5908 [GMT 2:00]
Spuštěný z: c:\users\mimo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mimo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-28 do 2014-07-28 )))))))))))))))))))))))))))))))
.
.
2014-07-28 19:41 . 2014-07-28 19:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-27 20:24 . 2014-07-28 19:39 -------- d-----w- c:\users\mimo\AppData\Local\Temp
2014-07-27 18:44 . 2014-07-27 20:13 -------- d-----w- C:\FRST
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-07-27 12:47 . 2014-07-27 12:47 110080 ----a-r- c:\users\mimo\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-07-27 12:47 . 2014-07-27 12:47 -------- d-----w- C:\sh4ldr
2014-07-25 15:36 . 2014-07-25 15:36 -------- d-----w- c:\users\mimo\AppData\Local\Creative
2014-07-25 15:35 . 2014-07-25 15:35 -------- d-----w- c:\programdata\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\users\mimo\AppData\Roaming\GRETECH
2014-07-25 15:32 . 2014-07-25 15:32 -------- d-----w- c:\program files (x86)\GRETECH
2014-07-24 21:55 . 2014-07-25 15:27 -------- d-----w- c:\program files (x86)\VideoLAN
2014-07-24 21:37 . 2014-06-14 14:03 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-07-24 15:22 . 2014-07-24 15:22 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-07-24 15:06 . 2014-07-24 15:06 -------- d-----w- c:\windows\Sun
2014-07-24 15:05 . 2014-07-26 21:18 -------- d-----w- c:\programdata\AlepMobag
2014-07-22 07:41 . 2014-07-22 07:41 -------- d-----w- c:\users\mimo\AppData\Roaming\Publish Providers
2014-07-08 19:29 . 2014-07-09 07:50 -------- d-----w- c:\users\mimo\AppData\Local\Adobe
2014-07-06 06:49 . 2014-05-15 01:02 59424 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-06 06:48 . 2014-05-14 22:43 3286528 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-06 06:48 . 2014-05-14 22:43 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-07-06 06:48 . 2014-05-14 22:43 1623040 ----a-w- c:\windows\system32\wucltux.dll
2014-07-06 06:48 . 2014-05-14 22:42 176640 ----a-w- c:\windows\system32\storewuauth.dll
2014-07-05 13:27 . 2014-07-05 13:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-07-05 13:26 . 2014-07-05 13:27 -------- d-----w- c:\program files\Adobe
2014-07-05 13:24 . 2014-07-05 13:27 -------- d-----w- c:\program files\Common Files\Adobe
2014-07-05 13:02 . 2014-07-05 13:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 17:59 . 2014-02-04 19:57 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-07 20:18 . 2014-04-02 18:25 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-07 20:18 . 2013-11-09 18:58 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-23 08:32 . 2014-06-23 08:32 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-05-20 02:44 . 2014-05-27 12:57 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-27 12:57 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-27 12:57 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-27 12:57 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-27 12:57 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-27 12:57 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-27 12:57 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-27 12:57 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-27 12:57 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-27 12:57 32544 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2014-05-20 02:44 . 2014-05-27 12:57 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-27 12:57 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-27 12:57 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-27 12:57 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-27 12:57 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-27 12:57 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-05-27 12:57 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-27 12:57 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-27 12:57 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-27 12:57 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-27 12:57 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-27 12:57 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-27 12:57 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-02-18 21:14 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-09-07 00:25 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-09-07 00:25 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-09-07 00:25 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-09-07 00:25 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2013-09-07 00:25 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2013-09-07 00:25 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 01:25 . 2013-09-07 00:26 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-09-07 00:26 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-09-07 00:26 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-09-07 00:26 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-05-20 01:25 . 2013-09-07 00:26 1078616 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-09-07 00:26 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-09-07 00:26 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-14 23:49 . 2013-09-07 00:26 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-04-30 18:29 . 2013-12-03 18:37 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-30 18:29 . 2013-12-03 18:37 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-01 2342608]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2014-01-09 4287536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"cz.seznam.software.autoupdate"="c:\users\mimo\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\mimo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-02-07 490480]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2013-04-02 181208]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-01-07 597880]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
GamePark klient 2.lnk - c:\program files\GamePark2\gpcl.exe [2014-4-2 442880]
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-17 554496]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-4 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/09/06 18:14;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\System32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bwcW8x64.sys;c:\windows\SYSNATIVE\DRIVERS\bwcW8x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\SCM\MSIService.exe;c:\program files (x86)\SCM\MSIService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\e22w8x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w8x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-16 19:27 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 19:13]
.
2014-07-28 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe [2013-11-10 13:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-06 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-06 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-06 444400]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-09-06 13538376]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-04-23 253440]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Radio Manager"="c:\program files (x86)\SCM\Radio Manager.exe" [2013-08-22 406920]
"SCM"="c:\program files (x86)\SCM\SCM.exe" [2013-08-22 408232]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-04-23 34432]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-14 5634800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.10.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-IECT3329621 - c:\programdata\Tbccint\IE\CT3329621\UninstallerUI.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1051548242-2753322845-1442528999-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:05,7c,d2,e5,46,0d,d3,8b,57,fa,e3,fc,1d,c4,66,4f,84,b9,68,54,20,
0f,94,61,55,5b,af,8f,df,f4,cc,4a,fc,3a,2a,af,d2,11,1a,2c,a3,f6,ac,cf,8a,d9,\
"rkeysecu"=hex:0f,5b,52,4a,7b,89,b0,b8,d5,ce,24,ce,7e,57,3b,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\users\mimo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-07-28 21:47:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-28 19:47
ComboFix2.txt 2014-07-28 17:24
ComboFix3.txt 2014-07-28 16:54
.
Před spuštěním: 417 138 081 792 bytes free
Po spuštění: 417 155 903 488 bytes free
.
- - End Of File - - 2DAAE2552BC81FA4AAA89EE4A125CB6F
5FB38429D5D77768867C76DCBDB35194

[Rudy]

Ano, teď je to v pořádku. Nastala nějaká změna?

[mimo]

Co se týče toho decryptu tak bohužel ne :-/ .

// edit : chci se zeptat, nemohlo by pomoci , když jsem našel v systému někde složku Crypto v tom složku RSA a v tom nějaké další soubory, které jsou pojmenovány např. ve tvaru : e52f73ea1e6d8fb5afd750e25de6c8fa_0669ed9b-bd82-43a7-b452-2abfc3571b34