Prosím o kontrolu logu z FRST
Napsal: 15 led 2015 09:53
Prosím o kontrolu logu z FRST.
Počítač je velmi zpomalený. V prohlížeči se neustále objevují nevyžádané bannery a otevírají nová okna.
Mnohokrát děkuji za pomoc!
Ondra
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Iont (administrator) on IONT-PC on 15-01-2015 09:40:47
Running from C:\Users\Iont\Desktop
Loaded Profiles: Iont & (Available profiles: Iont)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\eGalaxTouch\xTouchMon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Iont\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ClearTKHandle] => C:\Program Files\eGalaxTouch\ClearTKHandle.exe [102400 2008-11-12] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\Run: [DoUSB] => C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe [110592 2010-04-08] () <===== ATTENTION
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\MountPoints2: {69d10d9c-1fd8-11e0-8175-1c6f65734c2d} - E:\dlusb_launcher.exe
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DoUSB] => C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe [110592 2010-04-08] () <===== ATTENTION
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d10d9c-1fd8-11e0-8175-1c6f65734c2d} - E:\dlusb_launcher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchTouchMon.lnk
ShortcutTarget: LaunchTouchMon.lnk -> C:\Program Files\eGalaxTouch\LaunchTouchMon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.triline.cz
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.triline.cz
SearchScopes: HKLM -> DefaultScope {D626447B-D3E2-4561-A66B-C004A91E058E} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> DefaultScope {ED9D5BF4-2AC9-4f17-9FCE-F5BDC9B13479} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> {6B49AB30-4C9A-48C7-B704-14F49472B75A} URL = http://websearch.ask.com/redirect?clien ... B108073DE3
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ED9D5BF4-2AC9-4f17-9FCE-F5BDC9B13479} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6B49AB30-4C9A-48C7-B704-14F49472B75A} URL = http://websearch.ask.com/redirect?clien ... B108073DE3
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL =
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.218 192.168.0.198
FireFox:
========
FF ProfilePath: C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\searchplugins\askcom.xml
FF Extension: All-in-One Gestures - C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-06-06]
FF Extension: URL Suffix - C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\Extensions\{77a873d0-4afd-11d9-9669-0800200c9a66}.xpi [2011-09-01]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18]
CHR Extension: (GGReader) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclfpdflffnadciiehipiknmahlokchp [2014-12-18]
CHR Extension: (AdBlock) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-18]
CHR Extension: (Peněženka Google) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-18]
CHR Extension: (BBuYNsoave) - C:\ProgramData\ceealcheffkppbkhbljpbkdmndecnonf\ [2012-10-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 ASIXIo; C:\Windows\system32\Drivers\asixio.sys [3078 2010-05-13] (ASIX s.r.o) [File not signed]
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-15] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2010-01-07] (Windows (R) Codename Longhorn DDK provider)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [10368 2011-06-06] (gavotte) [File not signed]
S3 sertouch; C:\Windows\System32\DRIVERS\sertouch.sys [136704 2011-03-18] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1145456 2010-04-24] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 xtouch; C:\Windows\System32\DRIVERS\xtouch.sys [134144 2011-04-20] ()
U5 combus; C:\Windows\System32\Drivers\combus.sys [260096 2011-03-24] (eGalax_eMPIA Technology Inc.) [File not signed]
S3 TetaSCDevice; \??\C:\Windows\system32\tetascop.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 09:40 - 2015-01-15 09:41 - 00014515 _____ () C:\Users\Iont\Desktop\FRST.txt
2015-01-15 09:39 - 2015-01-15 09:40 - 00000000 ____D () C:\FRST
2015-01-15 09:38 - 2015-01-15 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\Iont\Desktop\FRSTLauncher.exe
2015-01-15 09:37 - 2015-01-15 09:37 - 01116672 _____ (Farbar) C:\Users\Iont\Desktop\FRST.exe
2015-01-15 09:23 - 2015-01-15 09:24 - 11735564 _____ () C:\Users\Iont\Downloads\mbam-setup-2.0.2.1012.exe
2015-01-13 20:55 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 20:55 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:54 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:54 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:54 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:54 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-06 09:56 - 2015-01-15 09:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 09:56 - 2015-01-15 09:18 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 09:56 - 2015-01-15 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 09:56 - 2015-01-15 09:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-06 09:56 - 2015-01-06 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 09:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 09:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 09:56 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 10:32 - 2015-01-06 10:12 - 00000000 ____D () C:\Program Files\GGReader
2014-12-18 10:31 - 2014-12-18 10:31 - 00000000 ____D () C:\ProgramData\ceealcheffkppbkhbljpbkdmndecnonf
2014-12-18 10:31 - 2014-12-18 10:31 - 00000000 ____D () C:\ProgramData\2217020979324908222
2014-12-18 08:52 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:11 - 2014-12-17 14:11 - 00009947 _____ () C:\Users\Iont\Desktop\16-12-14.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 09:41 - 2009-07-14 05:34 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:41 - 2009-07-14 05:34 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:04 - 2012-10-18 10:18 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 08:57 - 2012-08-13 08:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 08:57 - 2011-01-04 08:56 - 01141772 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 08:46 - 2012-10-18 10:18 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 08:45 - 2013-01-03 09:27 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-01-15 08:45 - 2011-06-01 11:32 - 00000145 _____ () C:\service.log
2015-01-15 08:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 08:45 - 2009-07-14 05:39 - 00165169 _____ () C:\Windows\setupact.log
2015-01-14 08:20 - 2011-01-24 11:31 - 00000000 ____D () C:\Users\Iont\AppData\Roaming\SoftGrid Client
2015-01-14 07:56 - 2012-03-29 06:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 07:56 - 2011-05-19 04:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-07 10:47 - 2011-01-26 12:25 - 00071794 _____ () C:\Windows\PFRO.log
2015-01-06 10:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Speech
2015-01-06 09:55 - 2011-01-04 08:33 - 00000000 ____D () C:\install
2015-01-06 09:42 - 2011-04-22 09:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-06 09:42 - 2011-01-14 15:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-05 13:13 - 2012-11-13 10:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-05 13:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-31 12:13 - 2011-01-14 13:38 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-22 11:21 - 2013-01-21 10:57 - 00002046 ____H () C:\Users\Iont\Documents\Default.rdp
2014-12-22 09:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 08:44 - 2011-01-04 09:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-17 10:03 - 2011-01-04 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-17 09:55 - 2012-05-03 12:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Files to move or delete:
====================
C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Iont\Desktop" je 22 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
"C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\Windows\system32\hkcmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\Windows\system32\igfxpers.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xAuto4PtsCalOnce
C:\Program Files\Touchkit\xAuto4PtsCal.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Počítač je velmi zpomalený. V prohlížeči se neustále objevují nevyžádané bannery a otevírají nová okna.
Mnohokrát děkuji za pomoc!
Ondra
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Iont (administrator) on IONT-PC on 15-01-2015 09:40:47
Running from C:\Users\Iont\Desktop
Loaded Profiles: Iont & (Available profiles: Iont)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\eGalaxTouch\xTouchMon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Iont\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ClearTKHandle] => C:\Program Files\eGalaxTouch\ClearTKHandle.exe [102400 2008-11-12] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\Run: [DoUSB] => C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe [110592 2010-04-08] () <===== ATTENTION
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\...\MountPoints2: {69d10d9c-1fd8-11e0-8175-1c6f65734c2d} - E:\dlusb_launcher.exe
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DoUSB] => C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe [110592 2010-04-08] () <===== ATTENTION
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d10d9c-1fd8-11e0-8175-1c6f65734c2d} - E:\dlusb_launcher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchTouchMon.lnk
ShortcutTarget: LaunchTouchMon.lnk -> C:\Program Files\eGalaxTouch\LaunchTouchMon.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.triline.cz
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.triline.cz
SearchScopes: HKLM -> DefaultScope {D626447B-D3E2-4561-A66B-C004A91E058E} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> DefaultScope {ED9D5BF4-2AC9-4f17-9FCE-F5BDC9B13479} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> {6B49AB30-4C9A-48C7-B704-14F49472B75A} URL = http://websearch.ask.com/redirect?clien ... B108073DE3
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000 -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ED9D5BF4-2AC9-4f17-9FCE-F5BDC9B13479} URL =
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6B49AB30-4C9A-48C7-B704-14F49472B75A} URL = http://websearch.ask.com/redirect?clien ... B108073DE3
SearchScopes: HKU\S-1-5-21-2589439641-3237727066-4264695250-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D626447B-D3E2-4561-A66B-C004A91E058E} URL =
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.218 192.168.0.198
FireFox:
========
FF ProfilePath: C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\searchplugins\askcom.xml
FF Extension: All-in-One Gestures - C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-06-06]
FF Extension: URL Suffix - C:\Users\Iont\AppData\Roaming\Mozilla\Firefox\Profiles\6druoncq.default\Extensions\{77a873d0-4afd-11d9-9669-0800200c9a66}.xpi [2011-09-01]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18]
CHR Extension: (GGReader) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\eclfpdflffnadciiehipiknmahlokchp [2014-12-18]
CHR Extension: (AdBlock) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-18]
CHR Extension: (Peněženka Google) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\Iont\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-18]
CHR Extension: (BBuYNsoave) - C:\ProgramData\ceealcheffkppbkhbljpbkdmndecnonf\ [2012-10-18]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
R2 ASIXIo; C:\Windows\system32\Drivers\asixio.sys [3078 2010-05-13] (ASIX s.r.o) [File not signed]
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-01-15] (Windows (R) 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [70656 2010-01-07] (Windows (R) Codename Longhorn DDK provider)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [10368 2011-06-06] (gavotte) [File not signed]
S3 sertouch; C:\Windows\System32\DRIVERS\sertouch.sys [136704 2011-03-18] ()
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1145456 2010-04-24] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 xtouch; C:\Windows\System32\DRIVERS\xtouch.sys [134144 2011-04-20] ()
U5 combus; C:\Windows\System32\Drivers\combus.sys [260096 2011-03-24] (eGalax_eMPIA Technology Inc.) [File not signed]
S3 TetaSCDevice; \??\C:\Windows\system32\tetascop.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 09:40 - 2015-01-15 09:41 - 00014515 _____ () C:\Users\Iont\Desktop\FRST.txt
2015-01-15 09:39 - 2015-01-15 09:40 - 00000000 ____D () C:\FRST
2015-01-15 09:38 - 2015-01-15 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\Iont\Desktop\FRSTLauncher.exe
2015-01-15 09:37 - 2015-01-15 09:37 - 01116672 _____ (Farbar) C:\Users\Iont\Desktop\FRST.exe
2015-01-15 09:23 - 2015-01-15 09:24 - 11735564 _____ () C:\Users\Iont\Downloads\mbam-setup-2.0.2.1012.exe
2015-01-13 20:55 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 20:55 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:54 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:54 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:54 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:54 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-06 09:56 - 2015-01-15 09:19 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 09:56 - 2015-01-15 09:18 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 09:56 - 2015-01-15 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 09:56 - 2015-01-15 09:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-06 09:56 - 2015-01-06 09:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-06 09:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-06 09:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-06 09:56 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 10:32 - 2015-01-06 10:12 - 00000000 ____D () C:\Program Files\GGReader
2014-12-18 10:31 - 2014-12-18 10:31 - 00000000 ____D () C:\ProgramData\ceealcheffkppbkhbljpbkdmndecnonf
2014-12-18 10:31 - 2014-12-18 10:31 - 00000000 ____D () C:\ProgramData\2217020979324908222
2014-12-18 08:52 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 14:11 - 2014-12-17 14:11 - 00009947 _____ () C:\Users\Iont\Desktop\16-12-14.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 09:41 - 2009-07-14 05:34 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:41 - 2009-07-14 05:34 - 00026208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 09:04 - 2012-10-18 10:18 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 08:57 - 2012-08-13 08:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 08:57 - 2011-01-04 08:56 - 01141772 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 08:46 - 2012-10-18 10:18 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 08:45 - 2013-01-03 09:27 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-01-15 08:45 - 2011-06-01 11:32 - 00000145 _____ () C:\service.log
2015-01-15 08:45 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 08:45 - 2009-07-14 05:39 - 00165169 _____ () C:\Windows\setupact.log
2015-01-14 08:20 - 2011-01-24 11:31 - 00000000 ____D () C:\Users\Iont\AppData\Roaming\SoftGrid Client
2015-01-14 07:56 - 2012-03-29 06:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 07:56 - 2011-05-19 04:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-07 10:47 - 2011-01-26 12:25 - 00071794 _____ () C:\Windows\PFRO.log
2015-01-06 10:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Speech
2015-01-06 09:55 - 2011-01-04 08:33 - 00000000 ____D () C:\install
2015-01-06 09:42 - 2011-04-22 09:44 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-06 09:42 - 2011-01-14 15:11 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-05 13:13 - 2012-11-13 10:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-05 13:11 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-31 12:13 - 2011-01-14 13:38 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-22 11:21 - 2013-01-21 10:57 - 00002046 ____H () C:\Users\Iont\Documents\Default.rdp
2014-12-22 09:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 08:44 - 2011-01-04 09:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-17 10:03 - 2011-01-04 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-17 09:55 - 2012-05-03 12:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Files to move or delete:
====================
C:\Users\Iont\AppData\Local\Temp\dlusb_launcher.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Iont\Desktop" je 22 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU
"C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\Windows\system32\hkcmd.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\Windows\system32\igfxpers.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xAuto4PtsCalOnce
C:\Program Files\Touchkit\xAuto4PtsCal.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================