Stránka 1 z 2

Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 16:54
od zigulo
Ahojte

Antivir v PC našiel nejaké vírusy ale nie je schopný ich odstrániť. Stále vyžaduje úplnú kontrolu a potom reštart. Po reštarte sú tam tie isté víry a znova sa to opakuje dokola. Už ma to prestáva baviť. Asi je to rootkit či čo. Skúšal som rôzne antivirové programy ale nič nepomohlo. Skúšal som aj program GMER. Na tomto fóre som sa dočítal že to viete podľa toho pozrieť, ale neviem kde mám poslať ten súbor. Vie mi niekto poradiť ako sa toho zbaviť? Ďakujem.

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 18:26
od Rudy

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 18:35
od zigulo
Ahoj

Neviem ako mám ten súbor poslať cez priložiť súbor mi to nejde

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 18:39
od zigulo
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Zigulo (administrator) on ZIGULO-HP on 31-10-2014 18:16:09
Running from C:\Users\Zigulo\Desktop\inštalačky
Loaded Profile: Zigulo (Available profiles: Zigulo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Firebird Project) C:\Program Files (x86)\CENKROSplus\Firebird\FBbin\fbserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(BitTorrent Inc.) C:\Users\Zigulo\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(F-Secure Corporation) C:\Users\Zigulo\Desktop\inštalačky\fsbl.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-10-17] (FileOpen Systems Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe [743936 2009-09-20] (FinePrint Software, LLC)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [uTorrent] => C:\Users\Zigulo\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-09] (BitTorrent Inc.)
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [UQXmedia] => regsvr32.exe C:\Users\Zigulo\AppData\Local\UQXmedia\dllvogxdhoz.dll <===== ATTENTION
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [YTWPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Zigulo\AppData\Local\Ertion\dbexpmys.dll
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1821075556-45950443-1226241379-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {46BA68EC-B182-45F5-9F5D-85F117D59F15} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {46BA68EC-B182-45F5-9F5D-85F117D59F15} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {46BA68EC-B182-45F5-9F5D-85F117D59F15} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-21] (EasyBits Software Corp.)
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Norton Confidential) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BDA Tuning Model DVB Tuning Space) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-10-22]
CHR Extension: (Disk Google) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Website Logon) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc [2012-12-12]
CHR Extension: (YouTube) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Hľadať v Google) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Skype Click to Call) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-21]
CHR Extension: (Peňaženka Google) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [bfmogjcijkfeahcajecmmegieipfbdcc] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-10-17] (FileOpen Systems Inc.)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5653800 2013-01-04] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 KrosPlusFireBird; C:\Program Files (x86)\CENKROSplus\Firebird\FBbin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 angkeyu; C:\Windows\System32\Drivers\angkeyu.sys [22904 2012-12-11] (Identcode Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2014-02-12] (Feitian Technologies Co., Ltd.)
R3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [23592 2014-02-12] (Feitian Technologies Co., Ltd.)
S3 MFE_RR; \??\C:\Users\Zigulo\AppData\Local\Temp\mfe_rr.sys [X]
U3 kfrcipog; \??\C:\Users\Zigulo\AppData\Local\Temp\kfrcipog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 18:11 - 2014-10-31 18:16 - 00000000 ____D () C:\FRST
2014-10-31 07:56 - 2014-10-31 07:56 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-31 07:56 - 2014-10-31 07:56 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-31 07:56 - 2014-10-31 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-31 07:56 - 2014-10-31 07:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-31 07:55 - 2014-10-31 18:16 - 00000000 ____D () C:\Users\Zigulo\Desktop\inštalačky
2014-10-31 07:00 - 2014-10-31 07:00 - 00783120 _____ (McAfee, Inc.) C:\Users\Zigulo\Desktop\rootkitremover.exe
2014-10-29 21:22 - 2014-10-29 21:30 - 00000000 _____ () C:\END
2014-10-29 21:22 - 2014-10-29 21:22 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\SearchProtect
2014-10-29 19:55 - 2014-10-30 09:11 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2014-10-29 19:24 - 2014-10-29 20:06 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\F-Secure
2014-10-29 18:57 - 2014-10-29 20:00 - 00000000 ____D () C:\ProgramData\F-Secure
2014-10-29 18:36 - 2014-10-29 19:02 - 00000000 ____D () C:\Users\NULL
2014-10-29 18:36 - 2014-10-29 18:36 - 00000000 ____D () C:\Users\NULL\AppData\Local\Hewlett-Packard
2014-10-27 22:43 - 2014-10-31 15:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-27 08:11 - 2014-10-30 09:10 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-27 08:11 - 2014-10-27 08:12 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\DropboxMaster
2014-10-27 08:11 - 2014-10-27 08:12 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\Dropbox
2014-10-27 07:58 - 2014-10-29 21:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-24 04:06 - 2014-10-30 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 18:16 - 2014-10-23 18:16 - 00844344 _____ () C:\Users\Zigulo\Downloads\installer_adobe_flash_player_English.exe
2014-10-22 22:23 - 2014-10-30 00:35 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\Ertion
2014-10-22 22:23 - 2014-10-22 22:24 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\UQXmedia
2014-10-17 15:51 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 15:51 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 15:51 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 15:51 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 15:51 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 15:51 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 15:51 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 15:51 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 15:51 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 15:51 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 15:51 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 15:51 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 15:51 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 15:51 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 15:51 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 15:51 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 15:51 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 15:51 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 15:51 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 15:51 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 15:51 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 15:51 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 15:51 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 15:51 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 15:51 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 15:51 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 15:51 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 15:51 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 15:51 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 15:51 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 15:51 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 15:51 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 15:51 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 15:51 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 15:51 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 15:51 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 15:51 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 15:51 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 15:51 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 15:51 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 15:51 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 15:51 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 15:51 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 15:51 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 15:51 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 15:51 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 15:51 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 15:51 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 15:51 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 15:51 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 15:51 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 15:51 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 15:51 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 15:51 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 15:51 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 15:51 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 15:51 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 15:51 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 15:51 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 15:51 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 15:51 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 15:51 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 15:51 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 15:51 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 15:51 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 15:51 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 15:51 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 15:51 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 15:51 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 15:51 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 15:51 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 15:51 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 15:51 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 15:51 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 15:51 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 15:51 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 15:51 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 15:51 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 15:48 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 15:48 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 15:48 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 15:48 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 15:48 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 15:48 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 15:48 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 15:48 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 15:48 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 15:48 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 15:48 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 15:48 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 15:48 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 15:48 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 15:48 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 15:48 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 15:48 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 18:13 - 2013-01-29 21:15 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\uTorrent
2014-10-31 18:05 - 2012-12-12 07:05 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 17:54 - 2013-01-20 10:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-31 17:05 - 2012-11-08 17:10 - 01260341 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 15:59 - 2012-12-11 15:48 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\CrashDumps
2014-10-31 15:49 - 2013-01-05 11:27 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 11
2014-10-31 15:49 - 2012-12-11 15:41 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\Skype
2014-10-31 15:49 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-10-31 15:32 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 15:32 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 15:28 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 15:24 - 2012-12-12 07:05 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-31 15:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 11:51 - 2012-12-17 20:27 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\cache
2014-10-31 07:50 - 2012-12-12 22:10 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\GoodSync
2014-10-31 06:37 - 2009-07-14 06:08 - 00032498 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-30 19:29 - 2012-12-11 15:44 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1989AAC3-54CB-4743-82FA-4EE03A04B09D}
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 09:11 - 2013-01-29 21:44 - 00000000 ____D () C:\Users\Zigulo\Downloads\Adobe.Acrobat.Reader.PRO.7.0.[CZ].[Krytak]
2014-10-30 09:11 - 2013-01-29 21:41 - 00000000 ____D () C:\Users\Zigulo\Downloads\Adobe Reader 9.0
2014-10-30 09:11 - 2012-12-12 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-30 09:11 - 2012-12-11 22:02 - 00000000 ____D () C:\Users\Zigulo\AppData\Roaming\GHISLER
2014-10-30 09:11 - 2012-12-11 15:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-30 09:11 - 2012-12-11 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-30 09:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-30 09:09 - 2014-02-12 21:05 - 00000000 ____D () C:\CENKROSplusData
2014-10-30 01:38 - 2014-07-16 09:25 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForZigulo
2014-10-30 01:38 - 2014-07-16 09:25 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForZigulo.job
2014-10-29 23:13 - 2012-12-11 15:36 - 00000000 ____D () C:\Users\Zigulo
2014-10-24 04:06 - 2014-03-19 06:21 - 00002523 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-24 04:06 - 2013-02-09 09:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-24 04:06 - 2011-10-21 16:34 - 00000000 ____D () C:\ProgramData\Skype
2014-10-22 20:54 - 2013-01-09 09:17 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-22 20:54 - 2012-12-12 20:31 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 20:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-21 18:00 - 2012-12-12 07:05 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 18:00 - 2012-12-12 07:05 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-21 17:20 - 2014-06-17 06:31 - 00000000 ____D () C:\Users\Zigulo\AppData\Local\Adobe
2014-10-21 17:20 - 2013-01-20 10:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-21 17:20 - 2013-01-20 10:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-21 17:20 - 2011-10-21 16:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 16:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 05:10 - 2009-07-14 05:45 - 00486728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 05:08 - 2014-05-06 23:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 05:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-10-18 05:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-10-17 19:48 - 2012-12-17 20:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 19:43 - 2013-08-15 05:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 19:33 - 2013-01-11 07:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 13:23 - 2012-12-11 15:48 - 00142728 _____ () C:\Users\Zigulo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 14:14 - 2013-01-14 18:46 - 00015410 _____ () C:\Users\Zigulo\Documents\plot.log

Some content of TEMP:
====================
C:\Users\Zigulo\AppData\Local\Temp\CSOFQ.exe
C:\Users\Zigulo\AppData\Local\Temp\LCFOR.exe
C:\Users\Zigulo\AppData\Local\Temp\MTYCQH.exe
C:\Users\Zigulo\AppData\Local\Temp\NHKAVWC.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 06:59

==================== End Of Log ============================

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 18:40
od zigulo
už sa mi to podarilo :D

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 18:47
od Rudy
OK. Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 19:08
od zigulo
# AdwCleaner v3.311 - Report created 31/10/2014 at 19:00:12
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zigulo - ZIGULO-HP
# Running from : C:\Users\Zigulo\Desktop\inštalačky\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Zigulo\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Zigulo\AppData\Roaming\YourFileDownloader
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

Task Deleted : YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222230}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222231}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222232}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\YourFileDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [3054 octets] - [31/10/2014 18:57:37]
AdwCleaner[S0].txt - [2627 octets] - [31/10/2014 19:00:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2687 octets] ##########

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 19:09
od zigulo
môj antivirák po reštarte zasa žiada úplný scan.

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 19:43
od zigulo
Ešte som asi zabudol poslať toto

# AdwCleaner v3.311 - Report created 31/10/2014 at 18:57:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zigulo - ZIGULO-HP
# Running from : C:\Users\Zigulo\Desktop\inštalačky\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Users\Zigulo\AppData\Local\SearchProtect
Folder Found : C:\Users\Zigulo\AppData\Roaming\YourFileDownloader

***** [ Scheduled Tasks ] *****

Task Found : YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222230}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222231}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26481357-118E-0B11-9AC7-222222222232}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Zigulo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [2882 octets] - [31/10/2014 18:57:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2942 octets] ##########

Re: Po reštarte PC sú vírusy späť

Napsal: 31 říj 2014 19:51
od Rudy
Dejte nový log FRST.

Re: Po reštarte PC sú vírusy späť

Napsal: 01 lis 2014 08:23
od zigulo
Ahoj
Z mojho pc sa na vasu stranku uz neviem dostat tak som ten novy subor poslal na tvoj mail

Re: Po reštarte PC sú vírusy späť

Napsal: 01 lis 2014 11:20
od Rudy
Teď vidím, že ADW nic nesmazal, zapoměl jste kliknout na >clean<. Zopakujte postup.

Re: Po reštarte PC sú vírusy späť

Napsal: 02 lis 2014 07:28
od zigulo
Ahoj

postup som zopakoval čakám na odpoveď. Už sa na vašu stránku z môjho PC dostanem chyba bola asi niekde inde ako som si myslel.

Re: Po reštarte PC sú vírusy späť

Napsal: 02 lis 2014 07:49
od zigulo
Tie subory som ti vcera poslal na mail

Re: Po reštarte PC sú vírusy späť

Napsal: 02 lis 2014 10:33
od Rudy
ADW jsou již OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Google\Google Toolbar
c:\Program Files (x86)\Skype\Toolbars
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Zigulo\AppData\Local\Temp
End
Uložte do C:\Users\Zigulo\Desktop\Nový priečinok jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.