VIRY.CZ

Prosím o kontrolu.Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by PC (administrator) on GIGABYTE on 11-02-2015 20:51:27
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available profiles: PC)
Platform: Microsoft Windows 8 Pro (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\explorer\explorer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Run: [Google Update] => C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-20] (Google Inc.)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\MountPoints2: {2a24f6e5-396a-11e3-afa7-00241d0e39eb} - "G:\launcher.exe"
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Winlogon: [Shell] C:\explorer\explorer.exe [2616320 2012-10-02] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://ova.net/
BHO: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1759213100-2023195840-2032902974-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1759213100-2023195840-2032902974-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Vyhledávání Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Tabulky Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Avast Online Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-11]
CHR Extension: (Peněženka Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-11] (AVAST Software)
S2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-11] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [243128 2013-10-20] (Disc Soft Ltd)
S3 k750bus; C:\Windows\System32\drivers\k750bus.sys [55216 2005-02-11] (MCCI)
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80576 2004-10-07] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115744 2004-10-07] (Protection Technology) [File not signed]
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:51 - 2015-02-11 20:51 - 00011344 _____ () C:\Users\PC\Desktop\FRST.txt
2015-02-11 20:49 - 2015-02-11 20:49 - 00026409 _____ () C:\Users\PC\Desktop\Addition.txt
2015-02-11 20:48 - 2015-02-11 20:51 - 00000000 ____D () C:\FRST
2015-02-11 20:42 - 2015-02-11 20:42 - 01125376 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe
2015-02-09 19:17 - 2015-02-09 19:17 - 00000935 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-07 08:58 - 2015-02-03 20:29 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-07 08:58 - 2015-02-03 20:29 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-07 08:57 - 2015-02-11 20:02 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job
2015-02-07 08:57 - 2015-02-10 09:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job
2015-02-06 16:55 - 2015-02-06 16:56 - 00424320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 16:55 - 2012-10-06 23:02 - 08855040 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-02-06 16:55 - 2012-09-26 13:42 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-02-06 16:54 - 2012-10-01 20:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-06 16:54 - 2012-09-19 12:43 - 00133287 _____ () C:\Windows\system32\slmgr.vbs
2015-02-06 16:54 - 2012-09-19 05:39 - 17558016 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-06 16:54 - 2012-07-26 04:20 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2015-02-06 16:54 - 2012-07-26 04:17 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2015-02-06 16:47 - 2015-02-07 08:37 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2015-02-06 13:02 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-02-06 13:02 - 2014-10-09 04:59 - 01151488 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-02-06 13:02 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-02-06 13:01 - 2015-02-06 13:01 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-02-06 13:01 - 2015-02-06 13:01 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 01418752 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 02601472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00052632 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-06 12:59 - 2015-02-06 12:59 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-06 12:58 - 2015-02-06 12:58 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-06 12:58 - 2015-02-06 12:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-06 12:58 - 2015-02-06 12:58 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-06 12:58 - 2015-02-06 12:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-02-06 12:57 - 2015-02-06 12:57 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 01041920 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 02032640 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01474520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01220608 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01166320 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-02-06 12:55 - 2015-02-06 12:55 - 01064048 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-02-06 12:55 - 2015-02-06 12:55 - 00478352 _____ () C:\Windows\system32\locale.nls
2015-02-06 12:55 - 2015-02-06 12:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00175616 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2015-02-06 12:55 - 2015-02-06 12:55 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-06 12:53 - 2015-02-06 12:53 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-06 12:53 - 2015-02-06 12:53 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-06 12:51 - 2015-02-06 12:51 - 01569792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-06 12:46 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-06 01:48 - 2015-02-06 01:48 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-06 01:48 - 2015-02-06 01:48 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-06 01:48 - 2015-02-06 01:48 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-06 01:48 - 2015-02-06 01:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-05 20:31 - 2015-02-11 20:36 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 20:31 - 2015-02-11 20:36 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 12:16 - 2015-02-05 12:18 - 00000000 ____D () C:\Users\PC\Desktop\Filmy
2015-01-27 06:41 - 2015-02-09 19:17 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 12:57 - 2015-01-17 12:58 - 00000000 ____D () C:\NVIDIA
2015-01-17 12:57 - 2006-07-12 15:13 - 00208896 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2015-01-16 14:08 - 2015-01-16 14:09 - 00000000 ____D () C:\Users\PC\Desktop\The Longest Journey
2015-01-14 17:59 - 2015-01-14 18:05 - 00063488 _____ () C:\Users\PC\Desktop\Zápis vyhledaných VZ.xls
2015-01-14 10:04 - 2014-12-19 05:04 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:04 - 2014-12-12 09:37 - 05581632 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:04 - 2014-12-11 06:07 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:04 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:03 - 2014-12-19 06:02 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:03 - 2014-12-09 06:47 - 00444664 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-01-14 10:03 - 2014-12-09 06:47 - 00412664 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-01-14 10:03 - 2014-12-06 07:09 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:03 - 2014-12-06 07:09 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:03 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:03 - 2014-10-29 10:41 - 00368448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:03 - 2014-10-22 02:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-01-14 10:03 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-01-14 10:03 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-14 10:03 - 2014-10-22 02:07 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:50 - 2013-10-20 11:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 20:37 - 2013-10-20 11:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-11 20:00 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\system32\sru
2015-02-11 15:22 - 2013-10-16 14:35 - 00004122 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 15:17 - 2012-07-26 07:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 12:30 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-09 19:18 - 2015-01-07 12:26 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2015-02-09 19:18 - 2013-10-27 12:07 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Media Player Classic
2015-02-09 19:18 - 2013-10-20 10:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2015-02-09 19:17 - 2013-10-20 11:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 09:26 - 2012-07-26 07:43 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-07 08:44 - 2014-04-26 11:25 - 00000000 ____D () C:\Users\PC\Desktop\Hudba
2015-02-06 17:32 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\rescache
2015-02-06 16:47 - 2012-07-26 07:53 - 00000000 ___RD () C:\Windows\ToastData
2015-02-06 16:47 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\WinStore
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-06 01:49 - 2013-10-20 11:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-06 01:48 - 2013-10-20 11:10 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-06 01:48 - 2013-10-20 11:09 - 00000000 ____D () C:\Program Files\Java
2015-02-05 08:37 - 2013-10-20 10:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 08:37 - 2013-10-16 15:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 12:55 - 2015-01-11 16:10 - 00000000 ____D () C:\Users\PC\Desktop\Nová složka

==================== Files in the root of some directories =======

2013-12-31 17:45 - 2014-01-02 15:56 - 0000028 _____ () C:\Users\PC\AppData\Roaming\msqplkte.dat
2014-01-01 08:12 - 2014-01-02 07:55 - 0001625 _____ () C:\Users\PC\AppData\Roaming\mswenmc.dat
2014-07-31 21:46 - 2014-07-31 21:46 - 0000000 _____ () C:\Users\PC\AppData\Local\{2E35F07B-4245-4704-A540-8D52BB35C077}
2014-08-13 16:18 - 2014-08-13 16:18 - 0000000 _____ () C:\Users\PC\AppData\Local\{9DD5A1BE-ED7B-4AEC-8D1F-B46162A00E64}

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\GLB1A2B.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 08:23

==================== End Of Log ============================

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Postup kolegy Naughtyho:
Po stazeni http://www.xuetr.com/download/PCHunter_free.zip
(rezervni odkaz http://www.epoolsoft.com/pchunter/PCHunter_free.zip ),
rozbaleni, spusteni spravne verze dle operacniho systemu 32b vs 64b, prejdi do zalozky Examination, v ni zaskrkej vsechny volby, dej generovat, po skonceni generovani klik na exportovat - textak do raru a vloz do prispevku (neb bude dlouhy a nevesel by se).

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Tak tady to je.Doufám,že je to správně.

Ještě log z mbam.Už se na tom pracuje.

Jasne Pokud ho nastavite presne jak je v navodu (vlastni sken, ktery skenuje cely PC), tak to vezme az nekolik hodin.

btw. log z PC Huntera je ve spravnem formatu

Dobré ráno.Tady je log z mbam.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12. 2. 2015
Čas skenování: 6:43:36
Protokol: mbma.txt
Správce: Ano

Verze: 0.00.0.0000
Databáze malwaru: v2015.02.12.01
Databáze rootkitů: v2015.02.03.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto

OS: Windows 8
CPU: x86
Souborový systém: NTFS
Uživatel: PC

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 482942
Uplynulý čas: 1 hod, 41 min, 37 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 0
(Žádné zákerné zjištěny položek)

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

Otestujte na virustotal.com C:\explorer\explorer.exe - pokud uz byl soubor otestovany, zvolte Reanalyze. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

MBAM odinstalujte.

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• Aktualizujte virovou databazi klikem na Update a pokracujte na Next
• Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

Tady je link z virustotal.

https://www.virustotal.com/cs/file/1c53 ... 423736743/

A log z mbar.

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.02.12.02
rootkit: v2015.02.03.01

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.17183
PC :: GIGABYTE [administrator]

12. 2. 2015 11:36:26
mbar-log-2015-02-12 (11-36-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 305290
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\msqplkte.vbe (Trojan.Script) -> Delete on reboot. [840e08156c1e1a1cfca0ae278a79bb45]
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Delete on reboot. [029034e9c1c9fe38eb2f8765b35159a7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Ulozte na plochu rkill.exe, ukoncete vsechny aplikace a spustte - kdyby ho havet blokovala, pouzijte alternativni odkaz

• http://download.bleepingcomputer.com/grinler/rkill.exe
• http://download.bleepingcomputer.com/grinler/rkill.com
• obsah logu vytvoreneho take na plose (rkill.txt) zaslete v pristi odpovedi
• nerestartujte ted pocitac jinak prijdete o ucinek rkillu

POZOR - TATO UTILITA MA VELKOU SCHOPNOST MAZAT - NESPOUSTEJTE JI BEZ DOPORUCENI RADCE
Ulozte na plochu ComboFix.exe - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete antiviry a vsechny real-time ochrany
• spustte ComboFix jako spravce (lepe pod uctem s administratorskym opravnenim)
• s licencnimi podminkami souhlaste - Ano
• pokud je nabidnuta instalace konzoly pro zotaveni, souhlaste
• v prubehu skenovani nechte PC v klidu - nic nespoustejte a do okna CombFixu neklikejte
• vysledek skenu naleznete v C:\ComboFix.txt, jehoz obsah mi zkopirujte do pristi odpovedi.

Log z rkill.

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/12/2015 12:15:32 PM in x86 mode.
Windows Version: Windows 8 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => C:\explorer\explorer.exe

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/12/2015 12:16:09 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)


A log z combofix.

ComboFix 15-02-09.01 - PC . 02. 2015 12:21:16.1.2 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.2558.1895 [GMT 1:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\explorer
c:\explorer\7SUI\7AUI.exe
c:\explorer\7SUI\7SUI.exe
c:\explorer\7SUI\Install.cmd
c:\explorer\7UI\7AUI.exe
c:\explorer\7UI\7UI.exe
c:\explorer\7UI\Install.cmd
c:\explorer\8UI\8AUI.exe
c:\explorer\8UI\8UI.exe
c:\explorer\8UI\Install.cmd
c:\explorer\ar-sa\explorer.exe.mui
c:\explorer\bg-bg\explorer.exe.mui
c:\explorer\cs-cz\explorer.exe.mui
c:\explorer\da-dk\explorer.exe.mui
c:\explorer\de-de\explorer.exe.mui
c:\explorer\el-gr\explorer.exe.mui
c:\explorer\en-us\explorer.exe.mui
c:\explorer\es-es\explorer.exe.mui
c:\explorer\et-ee\explorer.exe.mui
c:\explorer\explorer.dll
c:\explorer\explorer.exe
c:\explorer\fi-fi\explorer.exe.mui
c:\explorer\fr-fr\explorer.exe.mui
c:\explorer\he-il\explorer.exe.mui
c:\explorer\hr-hr\explorer.exe.mui
c:\explorer\hu-hu\explorer.exe.mui
c:\explorer\it-it\explorer.exe.mui
c:\explorer\ja-jp\explorer.exe.mui
c:\explorer\ko-kr\explorer.exe.mui
c:\explorer\lt-lt\explorer.exe.mui
c:\explorer\lv-lv\explorer.exe.mui
c:\explorer\nb-no\explorer.exe.mui
c:\explorer\nl-nl\explorer.exe.mui
c:\explorer\pl-pl\explorer.exe.mui
c:\explorer\pt-br\explorer.exe.mui
c:\explorer\pt-pt\explorer.exe.mui
c:\explorer\ro-ro\explorer.exe.mui
c:\explorer\ru-ru\explorer.exe.mui
c:\explorer\sdw.exe
c:\explorer\sk-sk\explorer.exe.mui
c:\explorer\sl-si\explorer.exe.mui
c:\explorer\sr-latn-cs\explorer.exe.mui
c:\explorer\sv-se\explorer.exe.mui
c:\explorer\th-th\explorer.exe.mui
c:\explorer\tr-tr\explorer.exe.mui
c:\explorer\UI.apm
c:\explorer\UI.exe
c:\explorer\uk-ua\explorer.exe.mui
c:\explorer\zh-cn\explorer.exe.mui
c:\explorer\zh-hk\explorer.exe.mui
c:\explorer\zh-tw\explorer.exe.mui
c:\users\PC\Desktop\ . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-12 do 2015-02-12 )))))))))))))))))))))))))))))))
.
.
2015-02-12 11:32 . 2015-02-12 11:34 -------- d-----w- c:\users\PC\AppData\Local\temp
2015-02-12 11:32 . 2015-02-12 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 10:36 . 2015-02-12 10:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-12 10:36 . 2015-02-12 10:36 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 21:16 . 2015-02-12 10:36 -------- d-----w- c:\programdata\Malwarebytes
2015-02-11 19:48 . 2015-02-11 19:52 -------- d-----w- C:\FRST
2015-02-07 07:58 . 2015-02-03 19:29 714184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-07 07:58 . 2015-02-03 19:29 106440 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 15:55 . 2012-09-26 12:42 1184256 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2015-02-06 15:55 . 2012-10-06 22:02 8855040 ----a-w- c:\windows\system32\twinui.dll
2015-02-06 15:54 . 2012-10-01 19:30 13312 ----a-w- c:\windows\system32\slwga.dll
2015-02-06 15:54 . 2012-09-19 11:43 133287 ----a-w- c:\windows\system32\slmgr.vbs
2015-02-06 15:54 . 2012-07-26 03:20 394752 ----a-w- c:\windows\system32\GenuineCenter.dll
2015-02-06 15:54 . 2012-07-26 03:17 526848 ----a-w- c:\windows\system32\ActionCenterCPL.dll
2015-02-06 15:47 . 2015-02-07 07:37 -------- d-----w- c:\windows\system32\AutoUpdateLicense
2015-02-06 12:02 . 2014-10-09 03:59 52224 ----a-w- c:\windows\system32\vsstrace.dll
2015-02-06 12:02 . 2014-10-09 03:59 1151488 ----a-w- c:\windows\system32\VSSVC.exe
2015-02-06 12:02 . 2014-10-09 03:59 1195520 ----a-w- c:\windows\system32\vssapi.dll
2015-02-06 12:01 . 2015-02-06 12:01 160768 ----a-w- c:\windows\system32\dnsrslvr.dll
2015-02-06 12:00 . 2015-02-06 12:00 987136 ----a-w- c:\windows\system32\srmclient.dll
2015-02-06 12:00 . 2015-02-06 12:00 513536 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2015-02-06 12:00 . 2015-02-06 12:00 487936 ----a-w- c:\windows\system32\srmscan.dll
2015-02-06 12:00 . 2015-02-06 12:00 278528 ----a-w- c:\windows\system32\srm.dll
2015-02-06 12:00 . 2015-02-06 12:00 104448 ----a-w- c:\windows\system32\adrclient.dll
2015-02-06 12:00 . 2015-02-06 12:00 1418752 ----a-w- c:\windows\system32\msxml3.dll
2015-02-06 11:59 . 2015-02-06 11:59 86528 ----a-w- c:\windows\system32\wudriver.dll
2015-02-06 11:59 . 2015-02-06 11:59 630272 ----a-w- c:\windows\system32\wuapi.dll
2015-02-06 11:59 . 2015-02-06 11:59 52632 ----a-w- c:\windows\system32\wuauclt.exe
2015-02-06 11:59 . 2015-02-06 11:59 216576 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2015-02-06 11:59 . 2015-02-06 11:59 1557504 ----a-w- c:\windows\system32\wucltux.dll
2015-02-06 11:59 . 2015-02-06 11:59 2601472 ----a-w- c:\windows\system32\wuaueng.dll
2015-02-06 11:59 . 2015-02-06 11:59 149504 ----a-w- c:\windows\system32\storewuauth.dll
2015-02-06 11:59 . 2015-02-06 11:59 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-02-06 11:59 . 2015-02-06 11:59 128000 ----a-w- c:\windows\system32\wuwebv.dll
2015-02-06 11:58 . 2015-02-06 11:58 334336 ----a-w- c:\windows\system32\services.exe
2015-02-06 11:58 . 2015-02-06 11:58 503808 ----a-w- c:\windows\system32\win32spl.dll
2015-02-06 11:58 . 2015-02-06 11:58 832512 ----a-w- c:\windows\system32\localspl.dll
2015-02-06 11:57 . 2015-02-06 11:57 1168896 ----a-w- c:\windows\system32\user32.dll
2015-02-06 11:57 . 2015-02-06 11:57 340992 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-02-06 11:57 . 2015-02-06 11:57 162304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-02-06 11:57 . 2015-02-06 11:57 27648 ----a-w- c:\windows\system32\sscore.dll
2015-02-06 11:57 . 2015-02-06 11:57 236544 ----a-w- c:\windows\system32\srvsvc.dll
2015-02-06 11:57 . 2015-02-06 11:57 550912 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-02-06 11:57 . 2015-02-06 11:57 1041920 ----a-w- c:\windows\system32\msdtctm.dll
2015-02-06 11:57 . 2015-02-06 11:57 196608 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-02-06 11:53 . 2015-02-06 11:53 72192 ----a-w- c:\windows\system32\ncryptsslp.dll
2015-02-06 11:53 . 2015-02-06 11:53 318976 ----a-w- c:\windows\system32\schannel.dll
2015-02-06 11:52 . 2015-02-06 11:52 355840 ----a-w- c:\windows\system32\wer.dll
2015-02-06 11:52 . 2015-02-06 11:52 136704 ----a-w- c:\windows\system32\AudioEndpointBuilder.dll
2015-02-06 11:52 . 2015-02-06 11:52 596480 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-06 11:52 . 2015-02-06 11:52 100864 ----a-w- c:\windows\system32\EncDump.dll
2015-02-06 11:52 . 2015-02-06 11:52 332800 ----a-w- c:\windows\system32\Faultrep.dll
2015-02-06 11:52 . 2015-02-06 11:52 23552 ----a-w- c:\windows\system32\WerFaultSecure.exe
2015-02-06 11:51 . 2015-02-06 11:51 1569792 ----a-w- c:\windows\system32\crypt32.dll
2015-02-06 11:46 . 2014-04-16 18:20 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2015-02-06 00:48 . 2015-02-06 00:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-06 00:48 . 2015-02-06 00:48 -------- d-----w- c:\program files\Common Files\Java
2015-01-17 11:57 . 2006-07-12 14:13 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2015-01-17 11:57 . 2015-01-17 11:58 -------- d-----w- C:\NVIDIA
2015-01-14 09:04 . 2014-12-19 04:04 122880 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 09:04 . 2014-11-27 01:28 523264 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 09:04 . 2014-12-12 08:37 5581632 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 09:04 . 2014-12-11 05:07 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 09:03 . 2014-10-29 09:41 368448 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2015-01-14 09:03 . 2014-12-19 05:02 170496 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 09:03 . 2014-12-06 06:09 284160 ----a-w- c:\windows\system32\ncsi.dll
2015-01-14 09:03 . 2014-12-06 06:09 55296 ----a-w- c:\windows\system32\nlaapi.dll
2015-01-14 09:03 . 2014-12-06 06:09 287232 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 09:03 . 2014-12-09 05:47 444664 ----a-w- c:\windows\system32\AutoUpdate.exe
2015-01-14 09:03 . 2014-12-09 05:47 412664 ----a-w- c:\windows\system32\NotificationUI.exe
2015-01-14 09:03 . 2014-10-22 01:08 568832 ----a-w- c:\windows\system32\WSShared.dll
2015-01-14 09:03 . 2014-10-22 01:08 124928 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-14 09:03 . 2014-10-22 01:07 96768 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-01-14 08:27 . 2014-09-26 02:33 27853824 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 11:57 . 2015-02-06 11:57 66048 ----a-w- c:\windows\system32\drivers\cs-CZ\srv2.sys.mui
2015-02-06 11:57 . 2015-02-06 11:57 61440 ----a-w- c:\windows\system32\drivers\cs-CZ\mrxsmb.sys.mui
2015-02-06 11:53 . 2015-02-06 11:53 318976 ----a-w- c:\windows\system32\schannel.dll
2014-11-22 04:32 . 2014-11-22 04:32 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 15:32 . 2014-11-21 15:32 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-21 15:26 . 2014-11-21 15:26 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-21 07:17 . 2015-01-08 06:28 1762816 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 07:17 . 2015-01-08 06:28 44032 ----a-w- c:\windows\system32\UXInit.dll
2014-11-21 07:17 . 2015-01-08 06:28 661504 ----a-w- c:\windows\system32\uxtheme.dll
2014-11-21 07:16 . 2015-01-08 06:28 2861568 ----a-w- c:\windows\system32\jscript9.dll
2014-11-21 07:16 . 2015-01-08 06:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-21 07:16 . 2015-01-08 06:28 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-11-21 07:16 . 2015-01-08 06:28 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-21 06:54 . 2015-01-08 06:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-11 19:54 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-09-20 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2013-10-20 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-11 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-11 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-11 91496]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x86.sys [2013-06-21 680664]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-20 07:50]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-18 17:53]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-18 17:53]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 09:22]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 09:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ova.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{EE449D99-6F3F-462E-BBB1-F4214C82CD85}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1759213100-2023195840-2032902974-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,7c,92,e6,4d,48,01,b3,56,c9,76,4b,7b,f5,a2,64,dd,96,9c,59,cd,f5,26,
be,f5,a9,aa,ce,67,07,19,18,fb,c6,54,d4,28,fc,1b,56,c5,e2,da,71,94,b8,33,a3,\
"??"=hex:20,06,e7,37,61,c3,68,c9,a4,4a,25,de,c1,20,5d,49
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\dashost.exe
c:\windows\system32\taskhostex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_0615209b98a94560\TiWorker.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2015-02-12 12:38:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-12 11:38
.
Před spuštěním: 96 735 256 576 bytes free
Po spuštění: 96 186 609 664 bytes free
.
- - End Of File - - 1A72BB16D4C6E5C5F40DB2482464FB09
A36C5E4F47E84449FF07ED3517B43A31

Zabalte mi prosim celou slozku C:\Qoobox do raru/zipu a hodte ji na leteckaposta.cz - link na stazeni do pristiho postu.


Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "CCleaner Monitoring"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "GrooveMonitor"=-
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1759213100-2023195840-2032902974-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Tak ta složka z disku c nejde zkomprimovat a ješte zmizela ikona start z lišty.

tady je log z combofix.

ComboFix 15-02-09.01 - PC . 02. 2015 13:35:17.2.2 - x86
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.2558.1198 [GMT 1:00]
Spuštěný z: c:\users\PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\PC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\Desktop\ . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-12 do 2015-02-12 )))))))))))))))))))))))))))))))
.
.
2015-02-12 12:46 . 2015-02-12 12:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 11:38 . 2015-02-12 12:48 -------- d-----w- c:\users\PC\AppData\Local\temp
2015-02-12 10:36 . 2015-02-12 10:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-12 10:36 . 2015-02-12 10:36 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 21:16 . 2015-02-12 10:36 -------- d-----w- c:\programdata\Malwarebytes
2015-02-11 19:48 . 2015-02-11 19:52 -------- d-----w- C:\FRST
2015-02-07 07:58 . 2015-02-03 19:29 714184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-07 07:58 . 2015-02-03 19:29 106440 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 15:55 . 2012-09-26 12:42 1184256 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2015-02-06 15:55 . 2012-10-06 22:02 8855040 ----a-w- c:\windows\system32\twinui.dll
2015-02-06 15:54 . 2012-10-01 19:30 13312 ----a-w- c:\windows\system32\slwga.dll
2015-02-06 15:54 . 2012-09-19 11:43 133287 ----a-w- c:\windows\system32\slmgr.vbs
2015-02-06 15:54 . 2012-07-26 03:20 394752 ----a-w- c:\windows\system32\GenuineCenter.dll
2015-02-06 15:54 . 2012-07-26 03:17 526848 ----a-w- c:\windows\system32\ActionCenterCPL.dll
2015-02-06 15:47 . 2015-02-07 07:37 -------- d-----w- c:\windows\system32\AutoUpdateLicense
2015-02-06 12:02 . 2014-10-09 03:59 52224 ----a-w- c:\windows\system32\vsstrace.dll
2015-02-06 12:02 . 2014-10-09 03:59 1151488 ----a-w- c:\windows\system32\VSSVC.exe
2015-02-06 12:02 . 2014-10-09 03:59 1195520 ----a-w- c:\windows\system32\vssapi.dll
2015-02-06 12:01 . 2015-02-06 12:01 160768 ----a-w- c:\windows\system32\dnsrslvr.dll
2015-02-06 12:00 . 2015-02-06 12:00 987136 ----a-w- c:\windows\system32\srmclient.dll
2015-02-06 12:00 . 2015-02-06 12:00 513536 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2015-02-06 12:00 . 2015-02-06 12:00 487936 ----a-w- c:\windows\system32\srmscan.dll
2015-02-06 12:00 . 2015-02-06 12:00 278528 ----a-w- c:\windows\system32\srm.dll
2015-02-06 12:00 . 2015-02-06 12:00 104448 ----a-w- c:\windows\system32\adrclient.dll
2015-02-06 12:00 . 2015-02-06 12:00 1418752 ----a-w- c:\windows\system32\msxml3.dll
2015-02-06 11:59 . 2015-02-06 11:59 86528 ----a-w- c:\windows\system32\wudriver.dll
2015-02-06 11:59 . 2015-02-06 11:59 630272 ----a-w- c:\windows\system32\wuapi.dll
2015-02-06 11:59 . 2015-02-06 11:59 52632 ----a-w- c:\windows\system32\wuauclt.exe
2015-02-06 11:59 . 2015-02-06 11:59 216576 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2015-02-06 11:59 . 2015-02-06 11:59 1557504 ----a-w- c:\windows\system32\wucltux.dll
2015-02-06 11:59 . 2015-02-06 11:59 2601472 ----a-w- c:\windows\system32\wuaueng.dll
2015-02-06 11:59 . 2015-02-06 11:59 149504 ----a-w- c:\windows\system32\storewuauth.dll
2015-02-06 11:59 . 2015-02-06 11:59 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-02-06 11:59 . 2015-02-06 11:59 128000 ----a-w- c:\windows\system32\wuwebv.dll
2015-02-06 11:58 . 2015-02-06 11:58 334336 ----a-w- c:\windows\system32\services.exe
2015-02-06 11:58 . 2015-02-06 11:58 503808 ----a-w- c:\windows\system32\win32spl.dll
2015-02-06 11:58 . 2015-02-06 11:58 832512 ----a-w- c:\windows\system32\localspl.dll
2015-02-06 11:57 . 2015-02-06 11:57 1168896 ----a-w- c:\windows\system32\user32.dll
2015-02-06 11:57 . 2015-02-06 11:57 340992 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-02-06 11:57 . 2015-02-06 11:57 162304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-02-06 11:57 . 2015-02-06 11:57 27648 ----a-w- c:\windows\system32\sscore.dll
2015-02-06 11:57 . 2015-02-06 11:57 236544 ----a-w- c:\windows\system32\srvsvc.dll
2015-02-06 11:57 . 2015-02-06 11:57 550912 ----a-w- c:\windows\system32\drivers\srv2.sys
2015-02-06 11:57 . 2015-02-06 11:57 1041920 ----a-w- c:\windows\system32\msdtctm.dll
2015-02-06 11:57 . 2015-02-06 11:57 196608 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-02-06 11:53 . 2015-02-06 11:53 72192 ----a-w- c:\windows\system32\ncryptsslp.dll
2015-02-06 11:53 . 2015-02-06 11:53 318976 ----a-w- c:\windows\system32\schannel.dll
2015-02-06 11:52 . 2015-02-06 11:52 355840 ----a-w- c:\windows\system32\wer.dll
2015-02-06 11:52 . 2015-02-06 11:52 136704 ----a-w- c:\windows\system32\AudioEndpointBuilder.dll
2015-02-06 11:52 . 2015-02-06 11:52 596480 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-06 11:52 . 2015-02-06 11:52 100864 ----a-w- c:\windows\system32\EncDump.dll
2015-02-06 11:52 . 2015-02-06 11:52 332800 ----a-w- c:\windows\system32\Faultrep.dll
2015-02-06 11:52 . 2015-02-06 11:52 23552 ----a-w- c:\windows\system32\WerFaultSecure.exe
2015-02-06 11:51 . 2015-02-06 11:51 1569792 ----a-w- c:\windows\system32\crypt32.dll
2015-02-06 11:46 . 2014-04-16 18:20 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2015-02-06 00:48 . 2015-02-06 00:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-06 00:48 . 2015-02-06 00:48 -------- d-----w- c:\program files\Common Files\Java
2015-01-17 11:57 . 2006-07-12 14:13 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2015-01-17 11:57 . 2015-01-17 11:58 -------- d-----w- C:\NVIDIA
2015-01-14 09:04 . 2014-12-19 04:04 122880 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 09:04 . 2014-11-27 01:28 523264 ----a-w- c:\windows\system32\vbscript.dll
2015-01-14 09:04 . 2014-12-12 08:37 5581632 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 09:04 . 2014-12-11 05:07 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 09:03 . 2014-10-29 09:41 368448 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2015-01-14 09:03 . 2014-12-19 05:02 170496 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 09:03 . 2014-12-06 06:09 284160 ----a-w- c:\windows\system32\ncsi.dll
2015-01-14 09:03 . 2014-12-06 06:09 55296 ----a-w- c:\windows\system32\nlaapi.dll
2015-01-14 09:03 . 2014-12-06 06:09 287232 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 09:03 . 2014-12-09 05:47 444664 ----a-w- c:\windows\system32\AutoUpdate.exe
2015-01-14 09:03 . 2014-12-09 05:47 412664 ----a-w- c:\windows\system32\NotificationUI.exe
2015-01-14 09:03 . 2014-10-22 01:08 568832 ----a-w- c:\windows\system32\WSShared.dll
2015-01-14 09:03 . 2014-10-22 01:08 124928 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-14 09:03 . 2014-10-22 01:07 96768 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-01-14 08:27 . 2014-09-26 02:33 27853824 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 11:57 . 2015-02-06 11:57 66048 ----a-w- c:\windows\system32\drivers\cs-CZ\srv2.sys.mui
2015-02-06 11:57 . 2015-02-06 11:57 61440 ----a-w- c:\windows\system32\drivers\cs-CZ\mrxsmb.sys.mui
2015-02-06 11:53 . 2015-02-06 11:53 318976 ----a-w- c:\windows\system32\schannel.dll
2014-11-22 04:32 . 2014-11-22 04:32 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 15:32 . 2014-11-21 15:32 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-21 15:26 . 2014-11-21 15:26 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-21 07:17 . 2015-01-08 06:28 1762816 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 07:17 . 2015-01-08 06:28 44032 ----a-w- c:\windows\system32\UXInit.dll
2014-11-21 07:17 . 2015-01-08 06:28 661504 ----a-w- c:\windows\system32\uxtheme.dll
2014-11-21 07:16 . 2015-01-08 06:28 2861568 ----a-w- c:\windows\system32\jscript9.dll
2014-11-21 07:16 . 2015-01-08 06:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-21 07:16 . 2015-01-08 06:28 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-11-21 07:16 . 2015-01-08 06:28 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-21 06:54 . 2015-01-08 06:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-11 19:54 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe [2012-09-20 23040]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys [2013-10-20 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-11 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-11 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-11 91496]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x86.sys [2013-06-21 680664]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-20 07:50]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-18 17:53]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-18 17:53]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 09:22]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-20 09:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ova.net/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{EE449D99-6F3F-462E-BBB1-F4214C82CD85}: DhcpNameServer = 213.46.172.37 213.46.172.36
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1759213100-2023195840-2032902974-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,7c,92,e6,4d,48,01,b3,56,c9,76,4b,7b,f5,a2,64,dd,96,9c,59,cd,f5,26,
be,f5,a9,aa,ce,67,07,19,18,fb,c6,54,d4,28,fc,1b,56,c5,e2,da,71,94,b8,33,a3,\
"??"=hex:20,06,e7,37,61,c3,68,c9,a4,4a,25,de,c1,20,5d,49
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\dashost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhostex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2015-02-12 13:52:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-12 12:52
ComboFix2.txt 2015-02-12 11:38
.
Před spuštěním: 96 128 749 568 bytes free
Po spuštění: 95 851 880 448 bytes free
.
- - End Of File - - B45F326BFC399C0080049CFDAECA5E47
A36C5E4F47E84449FF07ED3517B43A31

Tady je ta složka,ale není celá.Chybí tam backenv.

http://leteckaposta.cz/698597660

Se Startem jsme nic nedelali a prinejhorsim ji pak pridame. Zkuste PC restartovat (uz jsem zazil, ze se podobny problem sam vyresil po 3. restartu).

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Ok. Tady je log frst.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by PC (administrator) on GIGABYTE on 12-02-2015 19:06:56
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available profiles: PC)
Platform: Microsoft Windows 8 Pro (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\PC\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_0615209b98a94560\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1759213100-2023195840-2032902974-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://ova.net/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1759213100-2023195840-2032902974-1001: @tools.google.com/Google Update;version=3 -> C:\Users\PC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1759213100-2023195840-2032902974-1001: @tools.google.com/Google Update;version=9 -> C:\Users\PC\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-20]

Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Vyhledávání Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Tabulky Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Avast Online Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-11]
CHR Extension: (Peněženka Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-11] (AVAST Software)
S2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-11] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [243128 2013-10-20] (Disc Soft Ltd)
S3 k750bus; C:\Windows\System32\drivers\k750bus.sys [55216 2005-02-11] (MCCI)
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80576 2004-10-07] (Protection Technology) [File not signed]
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115744 2004-10-07] (Protection Technology) [File not signed]
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\PC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 16:49 - 2015-02-12 16:49 - 03440830 _____ () C:\Users\PC\Desktop\Qoobox.rar
2015-02-12 13:52 - 2015-02-12 13:52 - 00014118 _____ () C:\ComboFix.txt
2015-02-12 12:45 - 2014-12-09 00:13 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-12 12:33 - 2015-02-12 19:05 - 00482664 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 12:18 - 2015-02-12 13:52 - 00000000 ____D () C:\Qoobox
2015-02-12 12:18 - 2015-02-12 12:36 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 12:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 12:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 12:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 12:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 12:15 - 2015-02-12 12:16 - 00002334 _____ () C:\Users\PC\Desktop\Rkill.txt
2015-02-12 12:14 - 2015-02-12 12:12 - 05611930 ____R (Swearware) C:\Users\PC\Desktop\ComboFix.exe
2015-02-12 12:14 - 2015-02-12 12:11 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\PC\Desktop\rkill.exe
2015-02-12 12:07 - 2015-02-12 12:07 - 00000731 _____ () C:\Users\PC\Desktop\DATA – zástupce.lnk
2015-02-12 12:05 - 2015-02-12 12:05 - 00000876 _____ () C:\Users\PC\Desktop\The Longest Journey – zástupce.lnk
2015-02-12 12:04 - 2015-02-12 12:04 - 00000808 _____ () C:\Users\PC\Desktop\Nová složka – zástupce.lnk
2015-02-12 12:04 - 2015-02-12 12:04 - 00000751 _____ () C:\Users\PC\Desktop\OTHERS – zástupce.lnk
2015-02-12 12:03 - 2015-02-12 12:03 - 00000736 _____ () C:\Users\PC\Desktop\Hudba – zástupce.lnk
2015-02-12 12:01 - 2015-02-12 12:01 - 00000736 _____ () C:\Users\PC\Desktop\Filmy – zástupce.lnk
2015-02-12 11:48 - 2015-02-12 13:47 - 00001468 _____ () C:\Windows\PFRO.log
2015-02-12 11:36 - 2015-02-12 11:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 11:36 - 2015-02-12 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 11:34 - 2015-02-12 11:47 - 00000000 ____D () C:\Users\PC\Desktop\mbar
2015-02-12 11:33 - 2015-02-12 11:33 - 16466552 _____ (Malwarebytes Corp.) C:\Users\PC\Desktop\mbar-1.08.3.1004.exe
2015-02-12 06:47 - 2015-02-12 06:47 - 00001113 _____ () C:\Users\PC\Desktop\mbma.txt
2015-02-11 22:16 - 2015-02-12 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 22:09 - 2015-02-11 22:09 - 01502747 _____ () C:\Users\PC\Desktop\gljfynhdgadraf.txt
2015-02-11 21:46 - 2015-02-11 21:46 - 00000000 ____D () C:\Users\PC\Desktop\PCHunter_free
2015-02-11 21:45 - 2015-02-11 21:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\PC\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-11 20:51 - 2015-02-12 19:07 - 00011412 _____ () C:\Users\PC\Desktop\FRST.txt
2015-02-11 20:48 - 2015-02-12 19:06 - 00000000 ____D () C:\FRST
2015-02-11 20:42 - 2015-02-11 20:42 - 01125376 _____ (Farbar) C:\Users\PC\Desktop\FRST.exe
2015-02-09 19:17 - 2015-02-09 19:17 - 00000935 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-07 08:58 - 2015-02-03 20:29 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-07 08:58 - 2015-02-03 20:29 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-07 08:57 - 2015-02-12 19:02 - 00000968 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001UA.job
2015-02-07 08:57 - 2015-02-12 09:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1759213100-2023195840-2032902974-1001Core.job
2015-02-06 16:55 - 2015-02-06 16:56 - 00424320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 16:55 - 2012-10-06 23:02 - 08855040 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-02-06 16:55 - 2012-09-26 13:42 - 01184256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-02-06 16:54 - 2012-10-01 20:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-02-06 16:54 - 2012-09-19 12:43 - 00133287 _____ () C:\Windows\system32\slmgr.vbs
2015-02-06 16:54 - 2012-09-19 05:39 - 17558016 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-06 16:54 - 2012-07-26 04:20 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2015-02-06 16:54 - 2012-07-26 04:17 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2015-02-06 16:47 - 2015-02-07 08:37 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2015-02-06 13:02 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-02-06 13:02 - 2014-10-09 04:59 - 01151488 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-02-06 13:02 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-02-06 13:01 - 2015-02-06 13:01 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-02-06 13:01 - 2015-02-06 13:01 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 01418752 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2015-02-06 13:00 - 2015-02-06 13:00 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 02601472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-06 12:59 - 2015-02-06 12:59 - 00052632 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-06 12:59 - 2015-02-06 12:59 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-06 12:58 - 2015-02-06 12:58 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-06 12:58 - 2015-02-06 12:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-06 12:58 - 2015-02-06 12:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-02-06 12:57 - 2015-02-06 12:57 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 01041920 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2015-02-06 12:57 - 2015-02-06 12:57 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-06 12:57 - 2015-02-06 12:57 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 02032640 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01474520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01220608 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 01166320 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-02-06 12:55 - 2015-02-06 12:55 - 01064048 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-02-06 12:55 - 2015-02-06 12:55 - 00478352 _____ () C:\Windows\system32\locale.nls
2015-02-06 12:55 - 2015-02-06 12:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00175616 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2015-02-06 12:55 - 2015-02-06 12:55 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-02-06 12:55 - 2015-02-06 12:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-06 12:55 - 2015-02-06 12:55 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-06 12:53 - 2015-02-06 12:53 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-06 12:53 - 2015-02-06 12:53 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-06 12:52 - 2015-02-06 12:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-06 12:51 - 2015-02-06 12:51 - 01569792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-06 12:46 - 2014-04-16 19:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-06 01:48 - 2015-02-06 01:48 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-06 01:48 - 2015-02-06 01:48 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-06 01:48 - 2015-02-06 01:48 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-06 01:48 - 2015-02-06 01:48 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-05 20:31 - 2015-02-12 19:04 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 20:31 - 2015-02-12 18:36 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 06:41 - 2015-02-09 19:17 - 00000000 ____D () C:\Windows\Minidump
2015-01-17 12:57 - 2015-01-17 12:58 - 00000000 ____D () C:\NVIDIA
2015-01-17 12:57 - 2006-07-12 15:13 - 00208896 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2015-01-14 17:59 - 2015-01-14 18:05 - 00063488 _____ () C:\Users\PC\Desktop\Zápis vyhledaných VZ.xls
2015-01-14 10:04 - 2014-12-19 05:04 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 10:04 - 2014-12-12 09:37 - 05581632 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 10:04 - 2014-12-11 06:07 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 10:04 - 2014-11-27 02:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 10:03 - 2014-12-19 06:02 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 10:03 - 2014-12-09 06:47 - 00444664 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-01-14 10:03 - 2014-12-09 06:47 - 00412664 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-01-14 10:03 - 2014-12-06 07:09 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 10:03 - 2014-12-06 07:09 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 10:03 - 2014-12-06 07:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 10:03 - 2014-10-29 10:41 - 00368448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-14 10:03 - 2014-10-22 02:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-01-14 10:03 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-01-14 10:03 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-14 10:03 - 2014-10-22 02:07 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 19:03 - 2012-07-26 07:04 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 19:02 - 2012-07-26 07:43 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 19:00 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\system32\sru
2015-02-12 18:50 - 2013-10-20 11:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 13:52 - 2013-10-16 14:35 - 00004122 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 13:48 - 2012-07-26 05:17 - 00000215 _____ () C:\Windows\system.ini
2015-02-12 13:28 - 2013-10-16 15:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 13:22 - 2013-10-16 15:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 13:20 - 2013-10-20 10:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 12:38 - 2012-07-26 05:43 - 00000000 __RHD () C:\Users\Default
2015-02-12 12:38 - 2012-07-26 05:43 - 00000000 ___RD () C:\Users\Public
2015-02-12 07:02 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-11 20:37 - 2013-10-20 11:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 19:18 - 2015-01-07 12:26 - 00000000 ____D () C:\Users\PC\AppData\Roaming\uTorrent
2015-02-09 19:18 - 2013-10-27 12:07 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Media Player Classic
2015-02-09 19:18 - 2013-10-20 10:43 - 00000000 ____D () C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
2015-02-09 19:17 - 2013-10-20 11:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-06 17:32 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\rescache
2015-02-06 16:47 - 2012-07-26 07:53 - 00000000 ___RD () C:\Windows\ToastData
2015-02-06 16:47 - 2012-07-26 07:53 - 00000000 ____D () C:\Windows\WinStore
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-06 16:46 - 2012-07-26 07:53 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-06 01:49 - 2013-10-20 11:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-06 01:48 - 2013-10-20 11:10 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-06 01:48 - 2013-10-20 11:09 - 00000000 ____D () C:\Program Files\Java

==================== Files in the root of some directories =======

2013-12-31 17:45 - 2014-01-02 15:56 - 0000028 _____ () C:\Users\PC\AppData\Roaming\msqplkte.dat
2014-01-01 08:12 - 2014-01-02 07:55 - 0001625 _____ () C:\Users\PC\AppData\Roaming\mswenmc.dat
2014-07-31 21:46 - 2014-07-31 21:46 - 0000000 _____ () C:\Users\PC\AppData\Local\{2E35F07B-4245-4704-A540-8D52BB35C077}
2014-08-13 16:18 - 2014-08-13 16:18 - 0000000 _____ () C:\Users\PC\AppData\Local\{9DD5A1BE-ED7B-4AEC-8D1F-B46162A00E64}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-05 08:23

==================== End Of Log ============================