Prosím o kontrolu logu

[renousek]

Logfile of random's system information tool 1.10 (written by random/random)
Run by renata at 2014-12-10 19:58:11
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 872 GB (93%) free of 941 GB
Total RAM: 3977 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:58:24, on 10. 12. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe
C:\Program Files\trend micro\renata.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\renata\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12672 bytes

======Listing Processes======





wininit.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
C:\windows\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
dashost.exe {dd21e9f4-c075-4b2b-964105b112724b8e}
"C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll" /prefetch:1
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c2c8a1a3-c992-4764-9ccc-5d2f4f7d7743 -SystemEventPortName:HostProcess-8a7c601b-112f-417f-85f7-416ae5b21027 -IoCancelEventPortName:HostProcess-f21bc5bc-6216-4505-9f3c-ca31c82f63aa -NonStateChangingEventPortName:HostProcess-987d571c-a3ec-4df2-8f52-8b46af4a03d7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a5445624-9ef1-43dc-948b-113b672d6519 -DeviceGroupId:WpdFsGroup
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskhost.exe $(Arg0)

C:\windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
taskhostex.exe
"C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /c /a /s UserSession2
C:\windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
"C:\Users\renata\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe"
"C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe" -ServerName:Microsoft.Reader.AppXtszmc7avrx02s7n8gch63tzwg517wd9k.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe"
"C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/8/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/group_01/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warmest_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="396.2.1525965923\420492225" /prefetch:3
"C:\Users\renata\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"
"C:\windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\WmiApSrv.exe

"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe57_ Global\UsGthrCtrlFltPipeMssGthrPipe57 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Users\renata\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\HPCeeScheduleForrenata.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForrenata (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\renata\AppData\Roaming\Mozilla\Firefox\Profiles\pzoox6ep.default

prefs.js - "browser.startup.homepage" - "http://google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-09-25 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [2014-09-16 2334416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-09-25 153240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26 392336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-16 583520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2014-09-16 1729232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 6133848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07 4439128]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-10-09 7634288]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2014-02-14 391152]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2014-02-14 771568]
"Persistence"=C:\windows\system32\igfxpers.exe [2014-02-14 770544]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-10-09 1386712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-11-11 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\renata\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2014-11-20 9282376]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"=C:\Users\renata\AppData\Local\Pokki\Engine\HostAppService.exe [2014-11-20 7805256]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"=C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2014-01-17 624640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-10 19:58:12 ----D---- C:\Program Files\trend micro
2014-12-10 19:58:11 ----D---- C:\rsit
2014-12-09 20:41:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-09 17:41:10 ----A---- C:\windows\system32\drivers\SMR430.dat
2014-12-09 17:38:54 ----A---- C:\windows\ntbtlog.txt
2014-12-09 17:37:59 ----A---- C:\windows\system32\drivers\SMR430.SYS
2014-12-01 17:38:19 ----D---- C:\Users\renata\AppData\Roaming\LibreOffice
2014-12-01 17:35:43 ----D---- C:\Program Files (x86)\LibreOffice 4
2014-11-19 17:09:54 ----A---- C:\windows\SYSWOW64\pku2u.dll
2014-11-19 17:09:54 ----A---- C:\windows\SYSWOW64\kerberos.dll
2014-11-19 17:09:54 ----A---- C:\windows\system32\pku2u.dll
2014-11-19 17:09:54 ----A---- C:\windows\system32\kerberos.dll
2014-11-12 17:48:02 ----A---- C:\windows\SYSWOW64\schannel.dll
2014-11-12 17:48:02 ----A---- C:\windows\system32\schannel.dll
2014-11-12 17:48:01 ----A---- C:\windows\SYSWOW64\ncryptsslp.dll
2014-11-12 17:48:01 ----A---- C:\windows\system32\ncryptsslp.dll
2014-11-12 17:48:01 ----A---- C:\windows\system32\dpapisrv.dll
2014-11-12 17:47:36 ----A---- C:\windows\SYSWOW64\certcli.dll
2014-11-12 17:47:36 ----A---- C:\windows\system32\rdpcorets.dll
2014-11-12 17:47:36 ----A---- C:\windows\system32\lsasrv.dll
2014-11-12 17:47:36 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-11-12 17:47:36 ----A---- C:\windows\system32\drivers\cng.sys
2014-11-12 17:47:36 ----A---- C:\windows\system32\certcli.dll
2014-11-12 17:47:35 ----A---- C:\windows\SYSWOW64\adtschema.dll
2014-11-12 17:47:35 ----A---- C:\windows\system32\rfxvmt.dll
2014-11-12 17:47:35 ----A---- C:\windows\system32\drivers\rdpvideominiport.sys
2014-11-12 17:47:35 ----A---- C:\windows\system32\adtschema.dll
2014-11-12 17:47:34 ----A---- C:\windows\SYSWOW64\msaudite.dll
2014-11-12 17:47:33 ----A---- C:\windows\system32\rdpudd.dll
2014-11-12 17:47:33 ----A---- C:\windows\system32\msaudite.dll
2014-11-12 17:46:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-11-12 17:46:16 ----A---- C:\windows\system32\msi.dll
2014-11-12 17:46:16 ----A---- C:\windows\system32\authui.dll
2014-11-12 17:46:15 ----A---- C:\windows\SYSWOW64\authui.dll
2014-11-12 17:46:14 ----A---- C:\windows\SYSWOW64\msihnd.dll
2014-11-12 17:46:14 ----A---- C:\windows\system32\msihnd.dll
2014-11-12 17:46:14 ----A---- C:\windows\system32\consent.exe
2014-11-12 17:46:14 ----A---- C:\windows\system32\appinfo.dll
2014-11-12 17:46:09 ----A---- C:\windows\system32\wuaueng.dll
2014-11-12 17:46:08 ----A---- C:\windows\SYSWOW64\wuapi.dll
2014-11-12 17:46:08 ----A---- C:\windows\system32\WUSettingsProvider.dll
2014-11-12 17:46:08 ----A---- C:\windows\system32\wucltux.dll
2014-11-12 17:46:08 ----A---- C:\windows\system32\wuapi.dll
2014-11-12 17:46:07 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2014-11-12 17:46:07 ----A---- C:\windows\SYSWOW64\wudriver.dll
2014-11-12 17:46:07 ----A---- C:\windows\system32\wuwebv.dll
2014-11-12 17:46:07 ----A---- C:\windows\system32\wups.dll
2014-11-12 17:46:07 ----A---- C:\windows\system32\wudriver.dll
2014-11-12 17:46:06 ----A---- C:\windows\SYSWOW64\wups.dll
2014-11-12 17:46:06 ----A---- C:\windows\SYSWOW64\wuapp.exe
2014-11-12 17:46:06 ----A---- C:\windows\system32\wups2.dll
2014-11-12 17:46:06 ----A---- C:\windows\system32\wuauclt.exe
2014-11-12 17:46:06 ----A---- C:\windows\system32\wuapp.exe
2014-11-12 17:46:06 ----A---- C:\windows\system32\wuaext.dll
2014-11-12 17:45:28 ----A---- C:\windows\system32\user32.dll
2014-11-12 17:45:27 ----A---- C:\windows\SYSWOW64\user32.dll
2014-11-12 17:45:27 ----A---- C:\windows\system32\drivers\WdNisDrv.sys
2014-11-12 17:45:27 ----A---- C:\windows\system32\drivers\WdFilter.sys
2014-11-12 17:45:26 ----A---- C:\windows\system32\drivers\WdBoot.sys
2014-11-12 17:45:25 ----A---- C:\windows\SYSWOW64\winshfhc.dll
2014-11-12 17:45:25 ----A---- C:\windows\system32\winshfhc.dll
2014-11-12 17:44:52 ----A---- C:\windows\system32\mshtml.dll
2014-11-12 17:44:51 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-11-12 17:43:12 ----A---- C:\windows\system32\ieframe.dll
2014-11-12 17:42:57 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-11-12 17:42:46 ----A---- C:\windows\system32\jscript9.dll
2014-11-12 17:42:41 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-11-12 17:42:39 ----A---- C:\windows\system32\wininet.dll
2014-11-12 17:42:38 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-11-12 17:42:38 ----A---- C:\windows\system32\urlmon.dll
2014-11-12 17:42:37 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-11-12 17:42:37 ----A---- C:\windows\system32\inetcomm.dll
2014-11-12 17:42:37 ----A---- C:\windows\system32\iertutil.dll
2014-11-12 17:42:36 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2014-11-12 17:42:36 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-11-12 17:42:36 ----A---- C:\windows\system32\actxprxy.dll
2014-11-12 17:42:35 ----A---- C:\windows\SYSWOW64\jscript.dll
2014-11-12 17:42:35 ----A---- C:\windows\system32\jscript9diag.dll
2014-11-12 17:42:35 ----A---- C:\windows\system32\jscript.dll
2014-11-12 17:42:35 ----A---- C:\windows\system32\ieui.dll
2014-11-12 17:42:34 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-11-12 17:42:34 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-11-12 17:42:34 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-11-12 17:42:34 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-11-12 17:42:34 ----A---- C:\windows\system32\vbscript.dll
2014-11-12 17:42:34 ----A---- C:\windows\system32\msfeeds.dll
2014-11-12 17:42:33 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-11-12 17:42:33 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-11-12 17:42:33 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-11-12 17:42:33 ----A---- C:\windows\system32\webcheck.dll
2014-11-12 17:42:33 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-11-12 17:42:33 ----A---- C:\windows\system32\ieapfltr.dll
2014-11-12 17:42:33 ----A---- C:\windows\system32\dxtrans.dll
2014-11-12 17:42:33 ----A---- C:\windows\system32\dxtmsft.dll
2014-11-12 17:42:32 ----A---- C:\windows\SYSWOW64\webcheck.dll
2014-11-12 17:42:32 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-11-12 17:42:32 ----A---- C:\windows\SYSWOW64\hlink.dll
2014-11-12 17:42:32 ----A---- C:\windows\system32\iedkcs32.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\msfeedsbs.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\inseng.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\iepeers.dll
2014-11-12 17:42:31 ----A---- C:\windows\SYSWOW64\actxprxy.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\mshtmled.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\msfeedsbs.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\jsproxy.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\inseng.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\ieUnatt.exe
2014-11-12 17:42:31 ----A---- C:\windows\system32\iesysprep.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\iepeers.dll
2014-11-12 17:42:31 ----A---- C:\windows\system32\ieetwcollector.exe
2014-11-12 17:42:31 ----A---- C:\windows\system32\ie4uinit.exe
2014-11-12 17:42:31 ----A---- C:\windows\system32\hlink.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\wextract.exe
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\url.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\pngfilt.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\occache.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\mshta.exe
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\msfeedssync.exe
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\licmgr10.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\imgutil.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\iexpress.exe
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 17:42:30 ----A---- C:\windows\SYSWOW64\IEAdvpack.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\wextract.exe
2014-11-12 17:42:30 ----A---- C:\windows\system32\url.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\pngfilt.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\occache.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\msrating.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\MshtmlDac.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\mshta.exe
2014-11-12 17:42:30 ----A---- C:\windows\system32\msfeedssync.exe
2014-11-12 17:42:30 ----A---- C:\windows\system32\licmgr10.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\imgutil.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\iexpress.exe
2014-11-12 17:42:30 ----A---- C:\windows\system32\iesetup.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\iernonce.dll
2014-11-12 17:42:30 ----A---- C:\windows\system32\IEAdvpack.dll
2014-11-12 17:42:27 ----A---- C:\windows\system32\oleaut32.dll
2014-11-12 17:42:26 ----A---- C:\windows\SYSWOW64\oleaut32.dll
2014-11-12 17:42:22 ----A---- C:\windows\SYSWOW64\msxml3.dll
2014-11-12 17:42:21 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-11-12 17:42:21 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 17:42:21 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\win32k.sys
2014-11-12 17:42:21 ----A---- C:\windows\system32\msxml3.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\EncDump.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\audiosrv.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\AudioSes.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\AudioEng.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\AudioEndpointBuilder.dll
2014-11-12 17:42:21 ----A---- C:\windows\system32\audiodg.exe
2014-11-12 17:42:20 ----A---- C:\windows\SYSWOW64\packager.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\packager.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\generaltel.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\devinv.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\aepic.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\aepdu.dll
2014-11-12 17:42:20 ----A---- C:\windows\system32\aeinv.dll

======List of files/folders modified in the last 1 month======

2014-12-10 19:58:12 ----RD---- C:\Program Files
2014-12-10 19:57:55 ----D---- C:\windows\Prefetch
2014-12-10 19:57:52 ----D---- C:\windows\Temp
2014-12-10 19:00:00 ----D---- C:\windows\system32\sru
2014-12-10 16:37:15 ----D---- C:\windows\Microsoft.NET
2014-12-10 13:34:40 ----D---- C:\windows\system32\config
2014-12-10 13:31:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 13:31:44 ----RD---- C:\Program Files (x86)
2014-12-09 19:00:28 ----D---- C:\windows\SysWOW64
2014-12-09 18:22:01 ----SHD---- C:\System Volume Information
2014-12-09 17:56:06 ----HD---- C:\Program Files\WindowsApps
2014-12-09 17:56:06 ----D---- C:\windows\AppReadiness
2014-12-09 17:43:52 ----RD---- C:\windows\System32
2014-12-09 17:43:52 ----D---- C:\windows\Inf
2014-12-09 17:43:52 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-12-09 17:41:10 ----HD---- C:\ProgramData
2014-12-09 17:41:10 ----D---- C:\windows\system32\drivers
2014-12-09 17:41:08 ----D---- C:\Windows
2014-12-09 17:39:21 ----D---- C:\NPE
2014-12-08 21:00:34 ----D---- C:\Users\renata\AppData\Roaming\vlc
2014-12-01 17:37:20 ----SHD---- C:\windows\Installer
2014-12-01 17:37:18 ----RSD---- C:\windows\assembly
2014-12-01 17:36:18 ----RSD---- C:\windows\Fonts
2014-11-30 11:25:12 ----D---- C:\windows\Tasks
2014-11-30 11:25:12 ----D---- C:\windows\system32\Tasks
2014-11-30 11:24:11 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-26 16:53:52 ----D---- C:\windows\CbsTemp
2014-11-26 16:53:49 ----D---- C:\windows\WinSxS
2014-11-24 17:55:41 ----SD---- C:\Users\renata\AppData\Roaming\Microsoft
2014-11-20 21:51:37 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-11-20 18:47:45 ----D---- C:\windows\Hewlett-Packard
2014-11-20 18:47:32 ----AD---- C:\SWSETUP
2014-11-16 16:36:10 ----D---- C:\windows\system32\catroot2
2014-11-15 13:47:45 ----D---- C:\Users\renata\AppData\Roaming\Skype
2014-11-14 13:59:09 ----D---- C:\windows\rescache
2014-11-13 14:02:25 ----D---- C:\windows\system32\catroot
2014-11-12 22:36:58 ----SD---- C:\windows\system32\CompatTel
2014-11-12 22:36:57 ----D---- C:\Program Files\Windows Defender
2014-11-12 22:36:57 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-12 22:36:56 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-11-12 22:36:56 ----D---- C:\windows\system32\wbem
2014-11-12 22:36:55 ----D---- C:\windows\SYSWOW64\migration
2014-11-12 22:36:55 ----D---- C:\windows\system32\cs-CZ
2014-11-12 22:36:55 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 22:36:54 ----D---- C:\windows\system32\migration
2014-11-12 22:36:54 ----D---- C:\Program Files\Internet Explorer
2014-11-12 18:10:32 ----D---- C:\windows\system32\MRT
2014-11-12 18:06:32 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [2014-08-26 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [2014-08-26 1148120]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [2014-10-03 1587416]
R1 ccSet_NIS;NIS Settings Manager; C:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [2014-02-21 162392]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2013-11-12 91912]
R1 dtsoftbus01;@oem71.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\windows\System32\drivers\dtsoftbus01.sys [2014-10-11 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-08-26 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141209.001\IDSvia64.sys [2014-11-18 637656]
R1 SMR430;Symantec SMR Utility Service 4.3.0; C:\windows\System32\drivers\SMR430.SYS [2014-12-09 108216]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [2014-08-26 37592]
R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [2014-08-06 266968]
R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [2014-08-26 593112]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 AmUHubftr;@oem56.inf,%AmUHubftr.SvcDesc%;AM USB Hub Driver; C:\windows\System32\drivers\AmUHubftr.sys [2014-10-09 25880]
R3 athr;@oem65.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athwbx.sys [2013-09-10 3855872]
R3 clwvd;@oem68.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2014-01-28 41704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-08-26 142640]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-01-17 4222976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2014-10-09 4001752]
R3 iwdbus;@oem64.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2013-12-27 27032]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\ENG64.SYS [2014-08-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141209.019\EX64.SYS [2014-08-11 2137304]
R3 RSP2STOR;@oem62.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\windows\system32\DRIVERS\RtsP2Stor.sys [2014-10-09 294104]
R3 RTL8168;@oem66.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-11-26 838872]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [2014-08-26 876248]
R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2014-10-11 177752]
R3 TXEIx64;@oem69.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\windows\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 SymELAM;Symantec ELAM Driver; C:\windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [2014-08-26 23568]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem63.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2013-12-27 38296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2014-01-13 92160]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-01 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [2014-01-22 168216]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [2014-09-21 276376]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-10-09 290520]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 WACSM;Office Web Apps; C:\Program Files\Microsoft Office Web Apps\AgentManager\Microsoft.Office.Web.AgentManager.exe [2014-01-23 69728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-02-14 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-01 822232]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-09 114800]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\windows\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\windows\system32\svchost.exe [2013-08-22 37768]

-----------------EOF-----------------

[Márty84]

Zdravim

Neco tam vidim


Odinstalujte McAfee Security Scan


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[renousek]

# AdwCleaner v4.105 - Report created 13/12/2014 at 16:28:00
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1 Connected (64 bits)
# Username : renata - RENATKA
# Running from : C:\Users\renata\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 cs)


*************************

AdwCleaner[R0].txt - [3635 octets] - [13/12/2014 16:06:20]
AdwCleaner[S0].txt - [3589 octets] - [13/12/2014 16:28:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3649 octets] #########c#

[renousek]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14. 12. 2014
Scan Time: 19:34:23
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.14.06
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: renata

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 526262
Time Elapsed: 1 hr, 38 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Somoto, C:\Users\renata\AppData\Local\Microsoft\Windows\INetCache\IE\1O1EXWLL\setup[1].exe, , [ae10a9b96e0e38feb948cdeb0cf5946c],
PUP.Optional.Somoto, C:\Users\renata\AppData\Local\Microsoft\Windows\INetCache\IE\V8QPJL5B\BiTool[1].dll, , [7e40e97989f33204ec5e722557abbf41],
PUP.Optional.Somoto, C:\Users\renata\AppData\Local\Temp\nstE575.tmp, , [7b43dc86324a9c9ac43d9424ee133ec2],
PUP.Optional.Somoto, C:\Users\renata\AppData\Local\Temp\bitool.dll, , [4c72a8ba93e9f6409ab02f686f9325db],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Nalezy MBAM hodte do karanteny, pak MBAM odinstalujte.

Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

[renousek]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Connected x64
Ran by renata on ne 21. 12. 2014 at 18:52:20,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 21. 12. 2014 at 18:58:19,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Márty84]

Dejte log podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100



18.1. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975