malware alebo ina háved??

Zpráva

dodo148 · #1 Příspěvek od **dodo148** » 22 úno 2015 13:39

Dobrý den, posielam log z RSIT,
mohli by ste sa mi na to niekto pozriet. Dakujem

Logfile of random's system information tool 1.10 (written by random/random)
Run by jozef at 2015-02-22 13:35:56
Microsoft Windows 8.1 Pro
System drive C: has 220 GB (72%) free of 305 GB
Total RAM: 3835 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:00, on 22.2.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\jozef.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1424608284
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553512000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @oem11.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8701 bytes

======Listing Processes======

wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {A4C60B55-1A14-418B-882B-5A0664053F52}
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\BtwRSupportService.exe
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
dashost.exe {9da9cf85-ff31-428d-badd7e95d7e11d38}
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_0000056c
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 940
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:529665 /prefetch:2
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:1971473 /prefetch:2
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3797765252-2411825924-2723573438-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3797765252-2411825924-2723573438-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -Embedding
"C:\Users\jozef\AppData\Local\Microsoft\Windows\INetCache\IE\ILSD12FT\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AutoKMS.job - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d033b0cef2f68a.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default\extensions\
abs@avira.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1424608284 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2015-02-04 703280]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-12-31 126712]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-02-22 13:35:56 ----D---- C:\rsit
2015-02-22 13:25:16 ----D---- C:\Windows\AutoKMS
2015-02-22 13:19:04 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-22 13:18:31 ----D---- C:\Windows\PCHEALTH
2015-02-22 13:18:30 ----D---- C:\Program Files (x86)\Microsoft Sync Framework
2015-02-22 13:18:30 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-22 13:15:27 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-22 13:14:17 ----D---- C:\Program Files\Microsoft Office
2015-02-22 13:13:59 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2015-02-22 13:13:22 ----RHD---- C:\MSOCache
2015-02-19 07:50:32 ----A---- C:\DelFix.txt
2015-02-19 02:57:45 ----D---- C:\Program Files\trend micro
2015-02-19 01:29:36 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2015-02-19 01:29:33 ----D---- C:\ProgramData\RogueKiller
2015-02-17 00:36:19 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-17 00:35:58 ----D---- C:\ProgramData\Malwarebytes
2015-02-17 00:35:58 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 00:35:58 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-02-17 00:35:58 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-17 00:35:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-02-16 23:25:06 ----D---- C:\Users\jozef\AppData\Roaming\TeamViewer
2015-02-16 23:05:58 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2015-02-16 23:03:55 ----D---- C:\ProgramData\Package Cache
2015-02-16 23:03:42 ----D---- C:\Users\jozef\AppData\Roaming\Avira
2015-02-16 23:01:36 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2015-02-16 23:01:36 ----A---- C:\Windows\system32\drivers\avipbb.sys
2015-02-16 23:01:36 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2015-02-16 23:01:34 ----D---- C:\ProgramData\Avira
2015-02-16 23:01:33 ----D---- C:\Program Files (x86)\Avira
2015-02-15 13:40:48 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-02-13 17:34:32 ----D---- C:\Windows\Minidump
2015-02-12 00:50:10 ----A---- C:\Windows\system32\jscript9.dll
2015-02-12 00:50:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-11 07:15:37 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 07:15:36 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-11 07:15:35 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 07:15:35 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 07:15:32 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:15:32 ----A---- C:\Windows\system32\ntdll.dll
2015-02-11 07:15:31 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-02-11 07:15:28 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 07:15:28 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:15:23 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 07:15:23 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 07:15:23 ----A---- C:\Windows\system32\certcli.dll
2015-02-11 07:15:22 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-02-11 07:14:51 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-11 07:14:51 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 07:14:46 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 07:14:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 07:14:39 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 07:14:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 07:14:35 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 07:14:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 07:14:34 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 07:14:34 ----A---- C:\Windows\system32\jscript.dll
2015-02-11 07:14:33 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 07:14:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 07:14:31 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 07:14:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-02-11 07:14:30 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 07:14:26 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 07:14:25 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 07:14:24 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 07:14:22 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-11 07:14:22 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 07:14:21 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 07:14:21 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:14:21 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 07:14:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-11 07:14:20 ----A---- C:\Windows\system32\webcheck.dll
2015-02-11 07:14:20 ----A---- C:\Windows\system32\actxprxy.dll
2015-02-11 07:14:19 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-02-11 07:14:19 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 07:14:18 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 07:14:15 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-02-11 07:14:15 ----A---- C:\Windows\system32\inetcomm.dll
2015-02-11 07:14:14 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-02-11 07:14:13 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 07:14:12 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-11 07:13:35 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 07:13:35 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 07:13:34 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 07:13:34 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 07:13:34 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 07:13:28 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 07:13:19 ----A---- C:\Windows\system32\sppobjs.dll
2015-02-11 07:12:45 ----A---- C:\Windows\system32\win32k.sys
2015-02-02 02:22:48 ----N---- C:\Windows\system32\MpSigStub.exe
2015-02-02 01:59:52 ----D---- C:\Program Files (x86)\UMPlayer
2015-02-02 01:43:42 ----D---- C:\Users\jozef\AppData\Roaming\NCH Software
2015-02-02 01:43:42 ----D---- C:\ProgramData\NCH Software
2015-02-02 01:43:38 ----D---- C:\Program Files (x86)\NCH Software
2015-02-02 01:31:24 ----D---- C:\Users\jozef\AppData\Roaming\BANDISOFT
2015-02-02 01:30:57 ----D---- C:\Program Files (x86)\Bandicam
2015-02-02 01:30:55 ----D---- C:\Program Files (x86)\BandiMPEG1
2015-01-23 23:45:13 ----A---- C:\Windows\system32\aspnet_counters.dll
2015-01-23 23:45:10 ----A---- C:\Windows\SYSWOW64\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2015-02-22 13:35:57 ----D---- C:\Windows\Temp
2015-02-22 13:33:43 ----D---- C:\Windows\Prefetch
2015-02-22 13:28:46 ----D---- C:\Windows
2015-02-22 13:25:17 ----D---- C:\Windows\system32\Tasks
2015-02-22 13:25:16 ----D---- C:\Windows\Tasks
2015-02-22 13:23:35 ----D---- C:\Windows\system32\config
2015-02-22 13:22:35 ----SHD---- C:\Windows\Installer
2015-02-22 13:22:30 ----D---- C:\Windows\Microsoft.NET
2015-02-22 13:22:29 ----D---- C:\ProgramData\Microsoft Help
2015-02-22 13:22:21 ----RSD---- C:\Windows\assembly
2015-02-22 13:20:13 ----D---- C:\Windows\SysWOW64
2015-02-22 13:20:10 ----RSD---- C:\Windows\Fonts
2015-02-22 13:19:58 ----D---- C:\Program Files (x86)\Common Files
2015-02-22 13:19:46 ----D---- C:\Program Files (x86)\MSBuild
2015-02-22 13:19:04 ----RD---- C:\Program Files (x86)
2015-02-22 13:19:04 ----D---- C:\Windows\ShellNew
2015-02-22 13:18:32 ----D---- C:\Program Files (x86)\Microsoft Office
2015-02-22 13:18:31 ----SD---- C:\ProgramData\Microsoft
2015-02-22 13:18:30 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-02-22 13:18:11 ----D---- C:\Windows\system32\sru
2015-02-22 13:16:52 ----D---- C:\Windows\system32\wbem
2015-02-22 13:16:51 ----D---- C:\Program Files\Common Files\microsoft shared
2015-02-22 13:14:17 ----RD---- C:\Program Files
2015-02-22 13:14:13 ----A---- C:\Windows\win.ini
2015-02-22 13:00:47 ----D---- C:\Users\jozef\AppData\Roaming\Skype
2015-02-22 13:00:32 ----SHD---- C:\System Volume Information
2015-02-22 08:40:01 ----D---- C:\Windows\SoftwareDistribution
2015-02-22 06:19:25 ----D---- C:\Windows\debug
2015-02-21 21:49:42 ----D---- C:\Users\jozef\AppData\Roaming\.purple
2015-02-21 18:28:03 ----D---- C:\Windows\WinSxS
2015-02-20 12:33:29 ----D---- C:\Windows\AppReadiness
2015-02-20 10:46:44 ----D---- C:\Windows\Inf
2015-02-19 07:20:50 ----D---- C:\Windows\system32\drivers
2015-02-19 01:29:33 ----HD---- C:\ProgramData
2015-02-18 23:35:05 ----RD---- C:\Windows\System32
2015-02-17 01:43:20 ----RD---- C:\Windows\ImmersiveControlPanel
2015-02-17 00:50:41 ----D---- C:\Windows\system32\DriverStore
2015-02-16 10:35:48 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-16 00:42:04 ----D---- C:\Windows\system32\catroot2
2015-02-13 17:50:03 ----D---- C:\Windows\rescache
2015-02-13 14:40:05 ----RD---- C:\Users
2015-02-12 15:22:46 ----HD---- C:\Program Files\WindowsApps
2015-02-12 14:45:05 ----D---- C:\Windows\CbsTemp
2015-02-11 07:35:12 ----SD---- C:\Windows\system32\CompatTel
2015-02-11 07:35:12 ----D---- C:\Windows\system32\appraiser
2015-02-11 07:34:56 ----D---- C:\Windows\system32\MRT
2015-02-11 07:27:21 ----A---- C:\Windows\system32\MRT.exe
2015-02-06 02:26:08 ----D---- C:\Windows\system32\NDF
2015-02-03 20:31:19 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-02-02 02:31:17 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\EEK\BIN\a2ddax64.sys [2014-11-18 26176]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-02-04 132120]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2015-02-04 28600]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-02-04 128536]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-06-19 11926016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-06-19 360448]
R3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl63a.sys [2013-07-01 8536752]
R3 k57nd60a;@netk57a.inf,%SvcDispName%;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2013-06-18 425984]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys []
S3 bcbtums;@oem11.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2014-10-29 53248]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2014-07-24 118272]
S3 BTHPORT;@Bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 BTHUSB;@Bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
S3 btwampfl;@oem11.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 cleanhlp;cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [2014-11-18 57024]
S3 ESETCleanersDriver;ESET Cleaner Service; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [2014-12-06 170280]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 64216]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2014-01-27 167424]
S3 TrueSight;TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [2015-02-19 35064]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-12-13 121088]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\System32\drivers\usbscan.sys [2014-10-29 44544]
S3 WinDivert1.1;WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [2014-11-14 35376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2015-02-04 432888]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2015-02-04 432888]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-12-31 178424]
R2 BcmBtRSupport;@oem11.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-19 107912]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-19 107912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-15 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

-----------------EOF-----------------

dodo148 · #2 Příspěvek od **dodo148** » 22 úno 2015 13:53

pokračovanie

info.txt logfile of random's system information tool 1.10 2015-02-22 13:36:04

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AC08C923C000080BE132C07FEFFFF00F80A0000E8372500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 16 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira-->"C:\ProgramData\Package Cache\{2c18809c-4097-4b51-a4d0-3deade730ef3}\Avira.OE.Setup.Bundle.exe" /uninstall
Avira-->MsiExec.exe /I{791476BB-6A8F-4392-AE69-88B9C28B9522}
Bandicam-->"C:\Program Files (x86)\Bandicam\uninstall.exe"
Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Debut Video Capture Software-->"C:\Program Files (x86)\NCH Software\Debut\debut.exe" -uninstall
EA Download Manager UI-->msiexec /qb /x {E17141A6-211D-5854-61D9-69827A430D82}
EA Download Manager UI-->MsiExec.exe /I{E17141A6-211D-5854-61D9-69827A430D82}
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADownloadManager\EADMUninstall.exe
Golden Videos VHS to DVD Converter-->"C:\Program Files (x86)\NCH Software\GoldenVideos\goldenvideos.exe" -uninstall
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Deskjet 1050 J410 series Basic Device Software-->MsiExec.exe /I{F294770E-F869-400F-81C3-614B5F13CA54}
KMSpico v9.1.3-->"C:\Program Files\KMSpico\unins000.exe"
Malwarebytes Anti-Malware verzia 2.0.4.1028-->"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2010-->MsiExec.exe /X{90140000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}
Mozilla Firefox 35.0.1 (x86 sk)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Nero 9 Lite-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Online Upgrade-->MsiExec.exe /X{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Pidgin-->C:\Program Files (x86)\Pidgin\pidgin-uninst.exe
pidgin-otr 4.0.1-->C:\Program Files (x86)\pidgin-otr\pidgin-otr-uninst.exe
R for Windows 3.1.2-->"C:\Program Files\R\R-3.1.2\unins000.exe"
Skype Click to Call-->MsiExec.exe /X{6D1221A9-17BF-4EC0-81F2-27D30EC30701}
Skype™ 6.21-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
UMPlayer 0.98 [Athlon]-->C:\Program Files (x86)\UMPlayer\uninst.exe
WinRAR 5.11 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe

======System event log======

Computer Name: Till
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 112
Source Name: k57nd60a
Time Written: 20141114162748.224953-000
Event Type: Warning
User:

Computer Name: windows-mrt14b2
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 45
Source Name: k57nd60a
Time Written: 20141114162612.676893-000
Event Type: Warning
User:

Computer Name: windows-mrt14b2
Event Code: 7023
Message: Služba Network List Service bola ukončená s nasledujúcou chybou:
Zariadenie nie je pripravené.
Record Number: 40
Source Name: Service Control Manager
Time Written: 20141114162611.524014-000
Event Type: Error
User:

Computer Name: windows-mrt14b2
Event Code: 7023
Message: Služba IP Helper bola ukončená s nasledujúcou chybou:
Služba sa nedá spustiť, pretože je vypnutá, alebo nemá priradené žiadne zapnuté zariadenia.
Record Number: 32
Source Name: Service Control Manager
Time Written: 20141114162601.722000-000
Event Type: Error
User:

Computer Name: windows-mrt14b2
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 14
Source Name: volmgr
Time Written: 20141114162505.189770-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Tillko
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Record Number: 13396
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141219135848.000000-000
Event Type: Error
User:

Computer Name: Tillko
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=9
Record Number: 13391
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141219135830.000000-000
Event Type: Error
User:

Computer Name: Tillko
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Record Number: 13330
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141219104953.000000-000
Event Type: Error
User:

Computer Name: Tillko
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=8
Record Number: 13325
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141219104936.000000-000
Event Type: Error
User:

Computer Name: Tillko
Event Code: 8198
Message: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Record Number: 13291
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20141219090202.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Tillko
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: TILLKO$
Account Domain: BLOK
Logon ID: 0x3E7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 5E4-54DE4CD845534976-NodSSL
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f6d1c16ee5d12988b2f200a14ac315f_addcd1df-1642-4d60-939d-f7b0eafe1324
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 748704
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150213191329.208354-000
Event Type: Audit Success
User:

Computer Name: Tillko
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: TILLKO$
Account Domain: BLOK
Logon ID: 0x3E7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 5E4-54DE4CD845534973-NodSSL
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 748703
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150213191329.205353-000
Event Type: Audit Success
User:

Computer Name: Tillko
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: TILLKO$
Account Domain: BLOK
Logon ID: 0x3E7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 5E4-54DE4CD845534973-NodSSL
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c60111bf724438810a67b2ac7f69164f_addcd1df-1642-4d60-939d-f7b0eafe1324
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 748702
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150213191329.204353-000
Event Type: Audit Success
User:

Computer Name: Tillko
Event Code: 5061
Message: Cryptographic operation.

Subject:
Security ID: S-1-5-18
Account Name: TILLKO$
Account Domain: BLOK
Logon ID: 0x3E7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 5E4-54DE4CD84553496E-NodSSL
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 748701
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150213191329.183354-000
Event Type: Audit Success
User:

Computer Name: Tillko
Event Code: 5058
Message: Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: TILLKO$
Account Domain: BLOK
Logon ID: 0x3E7

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: 5E4-54DE4CD84553496E-NodSSL
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\352901cb5100d4c386f3074041449978_addcd1df-1642-4d60-939d-f7b0eafe1324
Operation: Read persisted key from file.
Return Code: 0x0
Record Number: 748700
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150213191329.182353-000
Event Type: Audit Success
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0603

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 22 úno 2015 14:01

Zdravim

Poprosim o tento log C:\DelFix.txt

dodo148 · #4 Příspěvek od **dodo148** » 22 úno 2015 14:22

nech sa páči.
# DelFix v10.8 - Logfile created 19/02/2015 at 07:50:32
# Updated 29/07/2014 by Xplode
# Username : jozef - TILLKO
# Operating System : Windows 8.1 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.44_19.02.2015_07.20.23_log.txt
Deleted : C:\Users\jozef\Downloads\adwcleaner_4.111 (1).exe
Deleted : C:\Users\jozef\Downloads\adwcleaner_4.111.exe
Deleted : C:\Users\jozef\Downloads\OTL (1).exe
Deleted : C:\Users\jozef\Downloads\OTL.exe
Deleted : C:\Users\jozef\Downloads\RogueKiller.exe
Deleted : C:\Users\jozef\Downloads\RSITx64 (1).exe
Deleted : C:\Users\jozef\Downloads\RSITx64.exe
Deleted : C:\Users\jozef\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

#5 Příspěvek od **vyosek** » 22 úno 2015 15:21

A jaky mate problem s PC???

dodo148 · #6 Příspěvek od **dodo148** » 22 úno 2015 15:58

Dlhé spustenie OS, po určitom času začne blbnú prehliadač, nejaky error so SSL neviem čo

, načitavanie stránok, a niečo s certifikátmi a politikou - to neviem ani čo je. A celkovo pomalšie reaguje

#7 Příspěvek od **vyosek** » 22 úno 2015 16:47

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

dodo148 · #8 Příspěvek od **dodo148** » 22 úno 2015 18:31

urobil som, nech sa páči tu je log

Zoek.exe v5.0.0.0 Updated 22-February-2015
Tool run by jozef on ne 22.02.2015 at 17:45:48,16.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jozef\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.2.2015 17:50:31 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\Users\jozef\AppData\Local\CrashDumps deleted successfully
C:\Users\jozef\AppData\Local\PackageStaging deleted successfully
C:\Users\jozef\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default\prefs.js:

Added to C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default\extensions\abs@avira.com deleted
"C:\PROGRA~2\Windows Multimedia Platform" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jozef\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jozef\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\jozef\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\jozef\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\jozef\AppData\Local\Mozilla\Firefox\Profiles\yt202180.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=131 folders=36 7688330 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jozef\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jozef\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 22.02.2015 at 18:28:27,43 ======================

#9 Příspěvek od **vyosek** » 22 úno 2015 18:35

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101

dodo148 · #10 Příspěvek od **dodo148** » 22 úno 2015 18:52

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by jozef (administrator) on TILLKO on 22-02-2015 18:47:25
Running from C:\Users\jozef\Desktop
Loaded Profiles: jozef (Available profiles: jozef)
Platform: Windows 8.1 Pro (X64) OS Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\RunOnce: [Adobe Speed Launcher] => 1424626147
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\MountPoints2: {db9398cb-6cfe-11e4-8258-705ab6f7d9d9} - "D:\SETUP.EXE"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3797765252-2411825924-2723573438-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553512000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 213.151.222.34 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jozef\AppData\Roaming\Mozilla\Firefox\Profiles\yt202180.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-15]

Chrome:
=======
CHR Profile: C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-19]
CHR Extension: (Google Docs) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-19]
CHR Extension: (Google Drive) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-19]
CHR Extension: (YouTube) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-19]
CHR Extension: (Google Search) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-19]
CHR Extension: (High Contrast) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2015-01-29]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-01-31]
CHR Extension: (Google Sheets) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-19]
CHR Extension: (Avira Browser Safety) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-16]
CHR Extension: (Google Wallet) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-19]
CHR Extension: (Gmail) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-11-18] (Emsisoft GmbH)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-11-18] (Emsisoft GmbH)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2014-12-06] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-11-14] (Basil Projects)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:47 - 2015-02-22 18:48 - 00014526 _____ () C:\Users\jozef\Desktop\FRST.txt
2015-02-22 18:45 - 2015-02-22 18:45 - 02087424 _____ (Farbar) C:\Users\jozef\Desktop\FRST64.exe
2015-02-22 18:44 - 2015-02-22 18:47 - 00000000 ____D () C:\FRST
2015-02-22 18:44 - 2015-02-22 18:44 - 00112640 _____ (forum.viry.cz) C:\Users\jozef\Desktop\FRSTLauncher.exe
2015-02-22 18:39 - 2015-02-22 18:39 - 00000000 ____D () C:\Users\jozef\AppData\Local\VirtualStore
2015-02-22 18:30 - 2015-02-22 18:30 - 00000000 ____D () C:\Users\jozef\AppData\Local\CrashDumps
2015-02-22 18:25 - 2015-02-22 17:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-22 17:50 - 2015-02-22 18:28 - 00006560 _____ () C:\zoek-results.log
2015-02-22 17:45 - 2015-02-22 18:27 - 00000000 ____D () C:\zoek_backup
2015-02-22 17:44 - 2015-02-22 17:44 - 01304576 _____ () C:\Users\jozef\Desktop\zoek.exe
2015-02-22 13:35 - 2015-02-22 13:36 - 00000000 ____D () C:\rsit
2015-02-22 13:28 - 2015-02-22 13:28 - 00002952 _____ () C:\Windows\PFRO.log
2015-02-22 13:25 - 2015-02-22 18:27 - 00000278 _____ () C:\Windows\Tasks\AutoKMS.job
2015-02-22 13:25 - 2015-02-22 13:30 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-22 13:25 - 2015-02-22 13:25 - 00002888 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-22 13:20 - 2015-02-22 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-02-22 13:20 - 2015-02-22 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-22 13:19 - 2015-02-22 13:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-22 13:18 - 2015-02-22 13:18 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-22 13:18 - 2015-02-22 13:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-02-22 13:18 - 2015-02-22 13:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-22 13:15 - 2015-02-22 13:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-22 13:14 - 2015-02-22 13:14 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-22 13:13 - 2015-02-22 13:13 - 00000000 __RHD () C:\MSOCache
2015-02-22 13:13 - 2015-02-22 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-22 12:55 - 2015-02-22 17:43 - 00000000 ____D () C:\Users\jozef\Desktop\zelkaa
2015-02-22 08:40 - 2015-02-22 18:27 - 00001624 _____ () C:\Windows\setupact.log
2015-02-22 08:40 - 2015-02-22 08:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 22:03 - 2015-02-19 22:03 - 01672704 _____ () C:\Users\jozef\Downloads\FA-2013-vzor.xls
2015-02-19 11:46 - 2015-02-19 11:46 - 00000000 ____D () C:\Users\jozef\Downloads\majo
2015-02-19 07:50 - 2015-02-19 07:50 - 00000881 _____ () C:\DelFix.txt
2015-02-19 07:48 - 2015-02-19 07:48 - 00709564 _____ () C:\Users\jozef\Downloads\delfix_10.8.exe
2015-02-19 04:36 - 2015-02-19 04:37 - 00018231 _____ () C:\Users\jozef\Downloads\Desktop.zip
2015-02-19 02:57 - 2015-02-22 13:36 - 00000000 ____D () C:\Program Files\trend micro
2015-02-19 01:29 - 2015-02-19 01:29 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 01:29 - 2015-02-19 01:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 00:15 - 2012-01-08 18:23 - 00000000 ____D () C:\Users\jozef\Downloads\Hans Joachim Störig - Malé dějiny filozofie
2015-02-19 00:05 - 2015-02-19 00:14 - 179626679 _____ () C:\Users\jozef\Downloads\Hans-Joachim-Störig---Malé-dějiny-filozofie.rar
2015-02-18 23:51 - 2015-02-18 23:51 - 00000069 _____ () C:\Users\jozef\Desktop\Nový textový dokument.txt
2015-02-17 21:04 - 2015-02-17 21:23 - 170781221 _____ () C:\Users\jozef\Downloads\Vybrané-kapitoly-z-dějin-filozofie.rar
2015-02-17 20:50 - 2015-02-17 20:50 - 00000000 ____D () C:\Users\jozef\Downloads\Dejiny-anticke-a-stredoveke-filozofie-Sousedik
2015-02-17 20:29 - 2015-02-17 20:49 - 201093265 _____ () C:\Users\jozef\Downloads\Dejiny-anticke-a-stredoveke-filozofie-Sousedik.rar
2015-02-17 14:06 - 2015-02-17 14:08 - 26829371 _____ () C:\Users\jozef\Downloads\Popelova-Hodnoty-a-dejiny.zip
2015-02-17 11:31 - 2015-02-22 08:25 - 00000000 ____D () C:\Users\jozef\Desktop\zvolensky
2015-02-17 02:19 - 2015-02-17 01:47 - 00007395 _____ () C:\Users\jozef\Desktop\beznazvu.txt
2015-02-17 00:59 - 2015-02-17 00:59 - 01188194 _____ () C:\Users\jozef\Downloads\ProcessExplorer (1).zip
2015-02-17 00:36 - 2015-02-22 16:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 00:36 - 2015-02-17 00:36 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 00:36 - 2015-02-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 00:35 - 2015-02-17 00:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 00:35 - 2015-02-17 00:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jozef\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 00:35 - 2015-02-17 00:35 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jozef\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-17 00:35 - 2015-02-17 00:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-17 00:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 00:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 00:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 00:07 - 2015-02-17 00:07 - 01188194 _____ () C:\Users\jozef\Downloads\ProcessExplorer.zip
2015-02-16 23:25 - 2015-02-16 23:25 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\TeamViewer
2015-02-16 23:24 - 2015-02-16 23:25 - 05035344 _____ (TeamViewer) C:\Users\jozef\Downloads\TeamViewerQS_en-ids26951162_tdcBD7LAlANJ.exe
2015-02-16 23:05 - 2015-02-16 23:04 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-16 23:04 - 2015-02-16 23:07 - 00001149 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-16 23:03 - 2015-02-16 23:03 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\Avira
2015-02-16 23:02 - 2015-02-16 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-16 23:02 - 2015-02-16 23:02 - 00002086 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-02-16 23:01 - 2015-02-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-16 23:01 - 2015-02-16 23:04 - 00000000 ____D () C:\ProgramData\Avira
2015-02-16 23:01 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-16 23:01 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-16 23:01 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-15 13:40 - 2015-02-15 13:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-14 13:56 - 2015-02-14 14:34 - 683829985 _____ () C:\Users\jozef\Downloads\Patras.zip
2015-02-14 00:25 - 2015-02-21 01:17 - 00000000 ____D () C:\Users\jozef\Desktop\petra
2015-02-14 00:25 - 2015-02-14 00:25 - 00000000 ____D () C:\Users\jozef\Desktop\Nový priečinok
2015-02-13 22:44 - 2015-02-13 22:44 - 00000280 _____ () C:\Users\jozef\Downloads\Petra_Brozmanova.vcf
2015-02-13 20:48 - 2015-02-13 20:59 - 190188049 _____ () C:\Users\jozef\Downloads\Gaisler_Zoologia-obratlovcu.rar
2015-02-13 17:34 - 2015-02-17 20:28 - 00000000 ____D () C:\Windows\Minidump
2015-02-13 07:28 - 2015-02-13 07:28 - 00000000 ____D () C:\Users\jozef\Downloads\hendl
2015-02-13 06:59 - 2014-06-06 15:08 - 00000000 ____D () C:\Users\jozef\Downloads\Statistické zpracování dat
2015-02-13 06:28 - 2015-02-13 06:56 - 501679738 _____ () C:\Users\jozef\Downloads\Statistické-zpracování-dat.rar
2015-02-12 00:50 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 00:50 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 07:15 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:15 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:15 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 07:15 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 07:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 07:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 07:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:15 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 07:15 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:14 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:14 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:14 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:14 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 07:14 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:14 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:14 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 07:14 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 07:14 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 07:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:14 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:14 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:14 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 07:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 07:14 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 07:14 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:14 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 07:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:14 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:14 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:14 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:14 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:14 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:14 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 07:13 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 07:13 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 07:13 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 07:13 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 07:13 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 07:13 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 07:13 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 07:12 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:07 - 2015-02-15 22:51 - 00000000 ____D () C:\Users\jozef\Desktop\katka
2015-02-07 23:29 - 2015-02-08 00:27 - 952541088 _____ () C:\Users\jozef\Downloads\Všemocný-2011-CZ-dabing.avi
2015-02-06 03:24 - 2015-02-06 03:25 - 00266373 _____ () C:\Users\jozef\Downloads\zaverecne-stanovisko-zaver-e.zip
2015-02-03 20:36 - 2015-02-22 18:43 - 01693602 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 02:22 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-02 02:01 - 2015-02-02 02:01 - 00000000 ____D () C:\Users\jozef\AppData\Local\MPlayer
2015-02-02 01:59 - 2015-02-02 19:27 - 00000000 ____D () C:\Users\jozef\.umplayer
2015-02-02 01:59 - 2015-02-02 02:00 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2015-02-02 01:59 - 2015-02-02 01:59 - 00001023 _____ () C:\Users\Public\Desktop\UMPlayer.lnk
2015-02-02 01:59 - 2015-02-02 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
2015-02-02 01:55 - 2015-02-02 01:55 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-02-02 01:55 - 2015-02-02 01:55 - 00001130 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2015-02-02 01:43 - 2015-02-02 02:03 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-02 01:43 - 2015-02-02 01:55 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\NCH Software
2015-02-02 01:43 - 2015-02-02 01:55 - 00000000 ____D () C:\ProgramData\NCH Software
2015-02-02 01:43 - 2015-02-02 01:55 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-02-02 01:43 - 2015-02-02 01:43 - 04130384 _____ (NCH Software) C:\Users\jozef\Downloads\gvsetup.exe
2015-02-02 01:43 - 2015-02-02 01:43 - 00001362 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2015-02-02 01:43 - 2015-02-02 01:43 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Videos VHS to DVD Converter.lnk
2015-02-02 01:43 - 2015-02-02 01:43 - 00001220 _____ () C:\Users\Public\Desktop\Golden Videos VHS to DVD Converter.lnk
2015-02-02 01:31 - 2015-02-02 12:42 - 00000000 ____D () C:\Users\jozef\Documents\Bandicam
2015-02-02 01:31 - 2015-02-02 01:31 - 00001004 _____ () C:\Users\jozef\Desktop\Bandicam.lnk
2015-02-02 01:31 - 2015-02-02 01:31 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\BANDISOFT
2015-02-02 01:31 - 2015-02-02 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-02-02 01:30 - 2015-02-02 01:31 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-02-02 01:30 - 2015-02-02 01:30 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-01-29 03:42 - 2015-01-29 03:43 - 00577821 _____ () C:\Users\jozef\Downloads\text-zameru-e.zip
2015-01-24 22:22 - 2015-01-24 22:25 - 00000000 ___RD () C:\Users\jozef\Desktop\
2015-01-23 23:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-23 23:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-22 18:39 - 2014-11-14 20:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 18:32 - 2014-11-14 17:36 - 00000000 ____D () C:\Users\jozef\AppData\Local\Packages
2015-02-22 18:30 - 2014-11-14 17:38 - 00000000 ___DO () C:\Users\jozef\SkyDrive
2015-02-22 18:27 - 2014-11-22 15:49 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-22 18:27 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-22 18:26 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-22 18:21 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-22 18:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 18:00 - 2015-01-19 07:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d033b0cef2f68a.job
2015-02-22 17:46 - 2014-11-15 13:47 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\Skype
2015-02-22 16:36 - 2014-11-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-22 16:35 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2015-02-22 16:32 - 2014-11-14 17:42 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3797765252-2411825924-2723573438-1001
2015-02-22 13:29 - 2013-08-22 15:44 - 00482008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-22 13:19 - 2014-11-14 17:52 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-22 13:19 - 2013-08-22 20:11 - 00000000 ____D () C:\Windows\ShellNew
2015-02-22 13:18 - 2014-12-15 19:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-22 13:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-21 21:49 - 2014-11-16 16:43 - 00000000 ____D () C:\Users\jozef\AppData\Roaming\.purple
2015-02-20 23:37 - 2015-01-19 07:26 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 12:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-18 20:08 - 2014-11-15 18:59 - 00939008 ___SH () C:\Users\jozef\Desktop\Thumbs.db
2015-02-18 13:53 - 2015-01-12 18:21 - 00000000 ____D () C:\Users\jozef\Desktop\TOMIAS
2015-02-17 14:13 - 2014-04-11 09:53 - 00000000 ____D () C:\Users\jozef\Downloads\Popelova Hodnoty a dejiny
2015-02-17 01:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-16 10:35 - 2014-11-14 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-15 13:55 - 2014-11-14 18:38 - 00000000 ____D () C:\Users\jozef\Documents\halaj
2015-02-13 19:47 - 2014-11-14 17:32 - 00000000 ____D () C:\Users\jozef
2015-02-13 17:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 07:27 - 2015-01-22 21:10 - 00162304 ___SH () C:\Users\jozef\Downloads\Thumbs.db
2015-02-12 14:45 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 07:35 - 2014-12-11 01:49 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 07:35 - 2014-11-15 18:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 07:34 - 2014-11-15 01:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 07:27 - 2014-11-15 01:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 15:45 - 2014-12-05 22:06 - 00173056 ___SH () C:\Users\jozef\Documents\Thumbs.db
2015-02-06 02:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 16:55 - 2015-01-19 07:26 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d033b0cef2f68a
2015-02-05 16:55 - 2015-01-19 07:26 - 00003684 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 16:55 - 2015-01-19 07:26 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 19:40 - 2014-11-14 20:29 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-11 01:55 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-11 01:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 12:45 - 2014-12-15 18:58 - 00000000 ____D () C:\Users\jozef\Desktop\Microsoft word 2010- 32 bit + Crack
2015-02-02 02:31 - 2014-11-14 17:35 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 02:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-25 22:07 - 2014-11-19 21:13 - 00000000 ___RD () C:\Users\jozef\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App

==================== Files in the root of some directories =======

2014-12-07 06:55 - 2014-12-07 06:55 - 0000017 _____ () C:\Users\jozef\AppData\Local\resmon.resmoncfg
2014-11-19 14:02 - 2014-11-19 14:02 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\jozef\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-20 18:36

==================== End Of Log ============================

dodo148 · #11 Příspěvek od **dodo148** » 22 úno 2015 18:53

je tam aj priloha? lebo mi ju nechcelo zobrazit, ale pridaval som ju

#12 Příspěvek od **vyosek** » 23 úno 2015 07:52

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\RunOnce: [Adobe Speed Launcher] => 1424626147
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\MountPoints2: {db9398cb-6cfe-11e4-8258-705ab6f7d9d9} - "D:\SETUP.EXE" 

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-15]

CHR Extension: (Avira Browser Safety) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

C:\Program Files (x86)\Skype\Toolbars
2015-02-22 18:47 - 2015-02-22 18:48 - 00014526 _____ () C:\Users\jozef\Desktop\FRST.txt
2015-02-22 18:44 - 2015-02-22 18:44 - 00112640 _____ (forum.viry.cz) C:\Users\jozef\Desktop\FRSTLauncher.exe
2015-02-22 18:25 - 2015-02-22 17:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-22 17:50 - 2015-02-22 18:28 - 00006560 _____ () C:\zoek-results.log
2015-02-22 17:45 - 2015-02-22 18:27 - 00000000 ____D () C:\zoek_backup
2015-02-22 17:44 - 2015-02-22 17:44 - 01304576 _____ () C:\Users\jozef\Desktop\zoek.exe
2015-02-22 13:35 - 2015-02-22 13:36 - 00000000 ____D () C:\rsit
2015-02-22 13:28 - 2015-02-22 13:28 - 00002952 _____ () C:\Windows\PFRO.log
2015-02-22 13:25 - 2015-02-22 18:27 - 00000278 _____ () C:\Windows\Tasks\AutoKMS.job
2015-02-22 13:25 - 2015-02-22 13:30 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-22 13:25 - 2015-02-22 13:25 - 00002888 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-22 08:40 - 2015-02-22 18:27 - 00001624 _____ () C:\Windows\setupact.log
2015-02-22 08:40 - 2015-02-22 08:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 07:50 - 2015-02-19 07:50 - 00000881 _____ () C:\DelFix.txt
2015-02-19 07:48 - 2015-02-19 07:48 - 00709564 _____ () C:\Users\jozef\Downloads\delfix_10.8.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

dodo148 · #13 Příspěvek od **dodo148** » 24 úno 2015 11:26

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by jozef at 2015-02-24 11:20:17 Run:1
Running from C:\Users\jozef\Desktop
Loaded Profiles: jozef (Available profiles: jozef)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\RunOnce: [Adobe Speed Launcher] => 1424626147
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\...\MountPoints2: {db9398cb-6cfe-11e4-8258-705ab6f7d9d9} - "D:\SETUP.EXE"

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-15]

CHR Extension: (Avira Browser Safety) - C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

C:\Program Files (x86)\Skype\Toolbars
2015-02-22 18:47 - 2015-02-22 18:48 - 00014526 _____ () C:\Users\jozef\Desktop\FRST.txt
2015-02-22 18:44 - 2015-02-22 18:44 - 00112640 _____ (forum.viry.cz) C:\Users\jozef\Desktop\FRSTLauncher.exe
2015-02-22 18:25 - 2015-02-22 17:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-22 17:50 - 2015-02-22 18:28 - 00006560 _____ () C:\zoek-results.log
2015-02-22 17:45 - 2015-02-22 18:27 - 00000000 ____D () C:\zoek_backup
2015-02-22 17:44 - 2015-02-22 17:44 - 01304576 _____ () C:\Users\jozef\Desktop\zoek.exe
2015-02-22 13:35 - 2015-02-22 13:36 - 00000000 ____D () C:\rsit
2015-02-22 13:28 - 2015-02-22 13:28 - 00002952 _____ () C:\Windows\PFRO.log
2015-02-22 13:25 - 2015-02-22 18:27 - 00000278 _____ () C:\Windows\Tasks\AutoKMS.job
2015-02-22 13:25 - 2015-02-22 13:30 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-22 13:25 - 2015-02-22 13:25 - 00002888 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-22 08:40 - 2015-02-22 18:27 - 00001624 _____ () C:\Windows\setupact.log
2015-02-22 08:40 - 2015-02-22 08:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 07:50 - 2015-02-19 07:50 - 00000881 _____ () C:\DelFix.txt
2015-02-19 07:48 - 2015-02-19 07:48 - 00709564 _____ () C:\Users\jozef\Downloads\delfix_10.8.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
"HKU\S-1-5-21-3797765252-2411825924-2723573438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db9398cb-6cfe-11e4-8258-705ab6f7d9d9}" => Key deleted successfully.
HKCR\CLSID\{db9398cb-6cfe-11e4-8258-705ab6f7d9d9} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
C:\Users\jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\jozef\Desktop\FRST.txt => Moved successfully.
C:\Users\jozef\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\jozef\Desktop\zoek.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\DelFix.txt => Moved successfully.
C:\Users\jozef\Downloads\delfix_10.8.exe => Moved successfully.
Could not reset Hosts.
EmptyTemp: => Removed 251.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog 11:22:08 ====

#14 Příspěvek od **vyosek** » 24 úno 2015 21:34

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remote disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

dodo148 · #15 Příspěvek od **dodo148** » 25 úno 2015 01:17

Už by to malo byť v poriadku?
Super dakujem vam za pomoc.

VIRY.CZ

malware alebo ina háved??

malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??

Re: malware alebo ina háved??