VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Dobry prosim o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=143282

Stránka 1 z 2

Dobry prosim o kontrolu

Napsal: 28 úno 2015 15:09
od Spike12
Zdravim v poslednom case asi tak pred tyzdnom mi zacal blbnut komp dake ikony na ploche ale aj program cez prieskumnika mi zacalo vypisovat nieje platnou aplikaciou win 32 zo my robilo aj ked som to skusil spustat ako spravca plus ked som isiel cez ovladaci panel a ksuisl odinstalovat dake aplikacie tam my pise ze pravdepodobne bola akcia uz spravena tak som si co som tu cital na fore nainstaloval combofix ktory my nesiel nainstalovat v normalnom rezime musel som v nudzovom a tam som ho aj spustil kde my vysiel ten textovy subor urcite veci ako cccleaner uz ide spustit ale ostane stale vypisuju tie veci navyse aj pri spusteny chrome my to dako blbne a vyskakuju kadejake okna chcem sa opytat aky log tu dat ten z combo fix alebo mam cez co spravit log aky program dakujem za odpoved

Tak spravil som log s RSIT nedal sa spustit v normalnom rezime ani ako spravca musel som sit do nudzoveho prikladam log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by uzivatel at 2015-02-28 16:13:40
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 27 GB (26%) free of 104 GB
Total RAM: 4008 MB (86% free)

HijackThis download failed

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
ctfmon.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Users\uzivatel\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\0414cUpdateInfo.job - C:\ProgramData\Avg_Update_0414c\0414c_{C66764B8-7C15-471A-B9ED-2EC6D2235B83}.exe /SETINFO /CMPID=0414c /INFORETRY=3
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d01ac4d4cebf30.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "keyword.URL" - "https://search.yahoo.com/search?fr=gree ... =407453&p="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
websitelogon_toolbar@truesuite.com
webstore@truesuite.com

C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\
staged

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb2b77d-c8ca-44db-af20-a7a4df462a12}]
TrueSuite WebStore - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll [2010-11-12 251712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{157357cc-03a2-4fcd-8485-a2fcd5597ca9}]
DigiCooupoen - C:\Program Files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb2b77d-c8ca-44db-af20-a7a4df462a12}]
TrueSuite WebStore - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Website Log On - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll [2010-11-12 198464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll [2014-08-07 3627032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cccb7428-6c95-4bd1-ad38-f5d4cee9d66b}]
EXstreaCoupon - C:\Program Files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG SafeGuard toolbar - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll [2014-08-07 3627032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-10 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-10 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-10 418328]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-08-11 324096]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-04 2712360]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-01-18 2188904]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-03-04 97064]
"ClientAppLogon"=C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [2010-11-12 420672]
"ClientAppLogon32"=C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [2010-11-12 307520]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-03-13 617120]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-03-13 379552]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-11 11776104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-23 1601536]
"VAWinAgent"=C:\ExpressGateUtil\VAWinAgent.exe [2011-01-13 191304]
"vProt"=C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2014-08-07 2640408]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
""= []
"HPUsageTrackingLEDM"=C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [2009-08-04 30264]
"iTunesHelper"=D:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2014-11-21 54072]

C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
KooBits 4.lnk - D:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-27 385024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-28 16:13:40 ----D---- C:\rsit
2015-02-28 16:13:40 ----D---- C:\Program Files\trend micro
2015-02-26 15:58:37 ----SHD---- C:\$RECYCLE.BIN
2015-02-26 15:58:35 ----D---- C:\Windows\temp
2015-02-26 15:58:34 ----A---- C:\ComboFix.txt
2015-02-25 17:51:21 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 17:50:05 ----D---- C:\ProgramData\Malwarebytes
2015-02-25 17:50:05 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 17:50:05 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-02-25 17:50:05 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-25 17:50:05 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-02-25 17:45:23 ----A---- C:\Windows\zip.exe
2015-02-25 17:45:23 ----A---- C:\Windows\SWSC.exe
2015-02-25 17:45:23 ----A---- C:\Windows\SWREG.exe
2015-02-25 17:45:23 ----A---- C:\Windows\sed.exe
2015-02-25 17:45:23 ----A---- C:\Windows\PEV.exe
2015-02-25 17:45:23 ----A---- C:\Windows\NIRCMD.exe
2015-02-25 17:45:23 ----A---- C:\Windows\MBR.exe
2015-02-25 17:45:23 ----A---- C:\Windows\grep.exe
2015-02-25 17:42:36 ----D---- C:\Qoobox
2015-02-25 17:41:35 ----D---- C:\Windows\erdnt
2015-02-25 17:40:59 ----A---- C:\Windows\ntbtlog.txt
2015-02-24 15:45:14 ----D---- C:\found.003
2015-02-22 17:17:55 ----A---- C:\Program Files (x86)\prefs.js
2015-02-19 08:08:02 ----D---- C:\Program Files (x86)\ReguulArDealS
2015-02-19 08:07:55 ----D---- C:\Program Files (x86)\Find My Bookmarks
2015-02-13 09:49:35 ----D---- C:\Program Files (x86)\SaVeNewAAppz
2015-02-13 09:49:32 ----D---- C:\Program Files (x86)\TAkeTheCoupona
2015-02-13 09:49:25 ----D---- C:\Program Files (x86)\Fun2Saave
2015-02-13 09:48:37 ----D---- C:\Program Files (x86)\Tabman Tabs Manager
2015-02-08 11:40:38 ----D---- C:\Windows\SYSWOW64\NV
2015-02-08 11:40:37 ----D---- C:\Windows\system32\NV
2015-02-08 11:22:26 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-02-08 11:22:26 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-02-08 11:22:26 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-02-08 11:22:26 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-02-08 11:22:26 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\nvoglv64.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\NvIFR64.dll
2015-02-08 11:22:26 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2015-02-08 11:22:26 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-08 11:22:25 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-02-08 11:22:25 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-02-08 11:22:25 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-02-08 11:22:25 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-02-08 11:22:25 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\NvFBC64.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvdispgenco6434725.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvdispco6434725.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-08 11:22:25 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-08 10:47:40 ----D---- C:\found.002
2015-02-07 15:55:35 ----D---- C:\Users\uzivatel\AppData\Roaming\Ulozto File Manager
2015-02-07 15:55:33 ----D---- C:\Program Files (x86)\Ulozto File Manager
2015-01-31 23:03:21 ----D---- C:\Users\uzivatel\AppData\Roaming\koobits.koobits4.com
2015-01-31 23:03:01 ----D---- C:\Program Files (x86)\Adobe

======List of files/folders modified in the last 1 month======

2015-02-28 16:13:40 ----RD---- C:\Program Files
2015-02-28 16:12:20 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-28 14:45:32 ----D---- C:\Windows\system32\Tasks
2015-02-28 14:44:29 ----A---- C:\Windows\system32\acovcnt.exe
2015-02-27 17:12:27 ----D---- C:\Windows\system32\config
2015-02-27 17:11:23 ----D---- C:\Windows\rescache
2015-02-26 16:06:05 ----D---- C:\Windows\system32\LogFiles
2015-02-26 16:04:45 ----D---- C:\Windows
2015-02-26 15:58:35 ----D---- C:\Windows\system32\drivers
2015-02-26 15:57:11 ----D---- C:\Windows\Tasks
2015-02-26 15:56:26 ----A---- C:\Windows\system.ini
2015-02-26 15:56:22 ----D---- C:\Windows\system32\drivers\etc
2015-02-26 15:56:07 ----RD---- C:\Program Files (x86)
2015-02-26 15:56:07 ----D---- C:\ProgramData
2015-02-26 15:54:44 ----D---- C:\Windows\SYSWOW64\drivers
2015-02-26 15:54:44 ----D---- C:\Windows\SysWOW64
2015-02-26 15:54:44 ----D---- C:\Windows\AppPatch
2015-02-26 15:54:44 ----D---- C:\Program Files (x86)\Common Files
2015-02-25 18:14:28 ----D---- C:\Windows\ehome
2015-02-25 18:02:01 ----A---- C:\Windows\system32\ServiceFilter.ini
2015-02-25 17:59:56 ----D---- C:\Program Files (x86)\globalUpdate
2015-02-25 17:48:37 ----D---- C:\Users\uzivatel\AppData\Roaming\DAEMON Tools Lite
2015-02-25 16:41:31 ----SHD---- C:\System Volume Information
2015-02-25 15:43:23 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2015-02-24 15:50:00 ----D---- C:\Windows\system32\catroot2
2015-02-22 17:17:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-02-18 13:32:13 ----SHD---- C:\Windows\Installer
2015-02-18 13:32:13 ----D---- C:\Config.Msi
2015-02-18 13:32:03 ----RD---- C:\Program Files (x86)\Skype
2015-02-18 13:32:00 ----D---- C:\ProgramData\Skype
2015-02-10 17:38:56 ----D---- C:\Windows\System32
2015-02-10 17:38:56 ----D---- C:\Windows\inf
2015-02-10 17:38:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-08 11:40:28 ----D---- C:\ProgramData\NVIDIA
2015-02-08 11:31:16 ----D---- C:\Windows\system32\catroot
2015-02-08 11:30:59 ----D---- C:\Windows\system32\DriverStore
2015-02-06 22:49:07 ----D---- C:\Windows\system32\NDF
2015-02-01 19:41:19 ----RSD---- C:\Windows\assembly
2015-02-01 19:26:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 17:53:02 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-02-01 09:50:22 ----A---- C:\Windows\system32\AutoRunFilter.ini
2015-01-31 23:03:07 ----D---- C:\ProgramData\Adobe
2015-01-31 23:02:43 ----D---- C:\Users\uzivatel\AppData\Roaming\Adobe
2015-01-31 11:05:06 ----D---- C:\Windows\Minidump
2015-01-30 14:30:43 ----D---- C:\Users\uzivatel\AppData\Roaming\mystartsearch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 assd;assd; C:\Windows\system32\drivers\assd.sys [2010-04-28 27264]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2015-01-10 31376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-08-07 50976]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-08-31 283064]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-04 1413168]
S1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
S2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
S2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-07-08 2228736]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver; C:\Windows\system32\DRIVERS\ATSwpWDF.sys [2010-11-11 893728]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cleanhlp;cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys []
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2007-07-16 20504]
S3 HPFXFAX;HPFXFAX; C:\Windows\system32\drivers\hpfx64fax.sys [2007-07-16 23064]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-27 12273408]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-11 2739176]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-02-28 129752]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 63704]
S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 2e2c67c9;SegmentSystem; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2010-09-30 377264]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-10-07 60744]
S2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2014-03-18 5217168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 FPLService;TrueSuiteService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [2010-11-12 290112]
S2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 107912]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
S2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-10 935056]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 VideAceWindowsService;VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [2011-01-12 91464]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-18 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-10-15 643880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-18 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 16:42
od altrok
Zdravim :bye:

:arrow: Protoze jste pri spusteni ComboFixu souhlasil s podminkami uziti, jen se ujistim, ze jste osoba pro praci s nim vyskolena nebo Vam alespon osoba zkusena asistovala. Poprosim Vas o obsah logu z CF. CF mimochodem castecne smazal stopy po haveti, takze ted je log z RSIT/FRST krapet k nicemu.

:arrow: Jak jste se dostal k licenci W7 Enterprise?

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 16:52
od Spike12
tak dat ten stary log s combo fix alebo to spravit este raz v nudzovom rezime licencia je original
tu je log z combofix
ComboFix 15-02-16.01 - uzivatel . 02. 2015 15:52:48.1.4 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1051.18.4008.3281 [GMT 1:00]
Running from: c:\users\uzivatel\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DigiCooupoen
c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.dat
c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.dll
c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.tlb
c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.x64.dll
c:\program files (x86)\EXstreaCoupon
c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.dat
c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.dll
c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.tlb
c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.x64.dll
c:\programdata\6058297420555423418
c:\programdata\6058297420555423418\23a9763700316e4a421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\2a0b23fa8d6e74d4421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\465f8e59c1c2d774421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\508d37f1a64d63af421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\769e86b727e42adb421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\8c84dcdc46445dd6421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\a7739f6d0875f7b0421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\a99a93cd45c8f6c1421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\cd5b15e575e1c3d0421ee70ad00eeb0e.ini
c:\programdata\6058297420555423418\ff9a431c66096748421ee70ad00eeb0e.ini
c:\users\uzivatel\AppData\Local\TempFullTiltPokerEuSetup.exe
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\0I@Xy3grq4g.edu
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\0I@Xy3grq4g.edu\bootstrap.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\0I@Xy3grq4g.edu\content\bg.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\0I@Xy3grq4g.edu\chrome.manifest
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\0I@Xy3grq4g.edu\install.rdf
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\K74ZMaHs@o.net
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\K74ZMaHs@o.net\bootstrap.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\K74ZMaHs@o.net\content\bg.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\K74ZMaHs@o.net\chrome.manifest
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\K74ZMaHs@o.net\install.rdf
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\qEVE2Rr@9pLw.edu
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\qEVE2Rr@9pLw.edu\bootstrap.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\qEVE2Rr@9pLw.edu\content\bg.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\qEVE2Rr@9pLw.edu\chrome.manifest
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\qEVE2Rr@9pLw.edu\install.rdf
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\staged\vp@yJsrleUK.net
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\staged\vp@yJsrleUK.net\bootstrap.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\staged\vp@yJsrleUK.net\content\bg.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\staged\vp@yJsrleUK.net\chrome.manifest
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\staged\vp@yJsrleUK.net\install.rdf
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\UM6@P.edu
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\UM6@P.edu\bootstrap.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\UM6@P.edu\content\bg.js
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\UM6@P.edu\chrome.manifest
c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\extensions\UM6@P.edu\install.rdf
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Created from 2015-01-26 to 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 14:56 . 2015-02-26 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-25 16:51 . 2015-02-26 14:21 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-25 16:50 . 2015-02-25 16:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:50 . 2015-02-25 16:50 -------- d-----w- c:\programdata\Malwarebytes
2015-02-25 16:50 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-25 16:50 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-25 16:50 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-25 15:57 . 2015-02-25 15:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A9D3F5F-E701-44C9-B64F-C36379DC0E5B}\offreg.dll
2015-02-24 14:45 . 2015-02-24 14:45 -------- d-----w- C:\found.003
2015-02-22 16:17 . 2015-02-22 16:17 79 ----a-w- c:\program files (x86)\prefs.js
2015-02-22 16:17 . 2015-02-22 16:17 1422848 ----a-w- c:\program files (x86)\Mozilla Firefox\dbghelp.dll
2015-02-19 07:08 . 2015-02-25 15:41 -------- d-----w- c:\program files (x86)\ReguulArDealS
2015-02-19 07:07 . 2015-02-25 15:41 -------- d-----w- c:\program files (x86)\Find My Bookmarks
2015-02-18 11:39 . 2015-02-18 11:42 -------- d-----w- c:\users\uzivatel\AppData\Local\FullTiltPoker.eu
2015-02-13 08:49 . 2015-02-13 08:58 -------- d-----w- c:\program files (x86)\SaVeNewAAppz
2015-02-13 08:49 . 2015-02-13 08:58 -------- d-----w- c:\program files (x86)\TAkeTheCoupona
2015-02-13 08:49 . 2015-02-13 08:58 -------- d-----w- c:\program files (x86)\Fun2Saave
2015-02-13 08:48 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A9D3F5F-E701-44C9-B64F-C36379DC0E5B}\mpengine.dll
2015-02-13 08:48 . 2015-02-13 08:58 -------- d-----w- c:\program files (x86)\Tabman Tabs Manager
2015-02-12 19:46 . 2015-02-25 14:43 20 ----a-w- c:\users\uzivatel\AppData\Roaming\appdataFr3.bin
2015-02-08 10:40 . 2015-02-08 10:40 -------- d-----w- c:\windows\SysWow64\NV
2015-02-08 10:40 . 2015-02-08 10:40 -------- d-----w- c:\windows\system32\NV
2015-02-08 09:47 . 2015-02-08 09:47 -------- d-----w- C:\found.002
2015-02-07 14:55 . 2015-02-07 16:13 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Ulozto File Manager
2015-02-07 14:55 . 2015-02-07 14:55 -------- d-----w- c:\program files (x86)\Ulozto File Manager
2015-02-02 10:07 . 2015-02-02 10:07 -------- d-----w- c:\users\uzivatel\AppData\Local\Daedalic Entertainment GmbH
2015-01-31 22:03 . 2015-01-31 22:03 -------- d-----w- c:\users\uzivatel\KooBits4
2015-01-31 22:03 . 2015-01-31 22:03 -------- d-----w- c:\users\uzivatel\AppData\Roaming\koobits.koobits4.com
2015-01-31 22:03 . 2015-01-31 22:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-01-27 16:40 . 2015-01-30 13:30 -------- d-----w- c:\users\uzivatel\AppData\Roaming\mystartsearch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-01 16:53 . 2013-10-15 18:10 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-01-10 08:07 . 2014-05-22 07:18 877488 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-01-10 08:07 . 2014-05-22 07:18 14115944 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-01-10 08:07 . 2011-09-19 17:02 994712 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-01-10 08:07 . 2011-09-19 17:02 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-01-10 08:07 . 2011-09-19 17:02 164568 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-01-10 08:07 . 2011-09-19 17:02 3298816 ----a-w- c:\windows\system32\nvapi64.dll
2015-01-09 23:30 . 2011-03-06 04:44 6860432 ----a-w- c:\windows\system32\nvcpl.dll
2015-01-09 23:30 . 2011-03-06 04:44 3517256 ----a-w- c:\windows\system32\nvsvc64.dll
2015-01-09 23:29 . 2011-03-06 04:45 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-01-09 23:29 . 2011-03-06 04:45 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-01-09 23:29 . 2011-03-06 04:45 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-01-09 23:29 . 2011-03-06 04:45 385352 ----a-w- c:\windows\system32\nvmctray.dll
2015-01-09 23:29 . 2011-03-06 04:45 75080 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-01-09 23:29 . 2011-03-06 04:45 1097872 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-01-09 19:47 . 2011-03-06 04:45 4173527 ----a-w- c:\windows\system32\nvcoproc.bin
2015-01-08 10:25 . 2014-05-27 05:50 4441216 ----a-w- c:\windows\system32\MetaViewer64.dll
2014-12-22 23:41 . 2011-09-19 11:50 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 00:12 . 2014-08-19 04:32 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-05-22 07:21 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-08-19 04:32 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-05-22 07:21 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-07 13:47 3627032 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.786\AVG SafeGuard toolbar_toolbar.dll" [2014-08-07 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-08-07 2640408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-11-21 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R2 2e2c67c9;SegmentSystem;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
R2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 assd;assd; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-01 c:\windows\Tasks\0414cUpdateInfo.job
- c:\programdata\Avg_Update_0414c\0414c_{C66764B8-7C15-471A-B9ED-2EC6D2235B83}.exe [2014-05-26 20:02]
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 20:35]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 13:16]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d01ac4d4cebf30.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 13:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-11-11 23:03 297792 ----a-w- c:\program files\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-11-11 420672]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-11-11 307520]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\aout094o.default\
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{157357cc-03a2-4fcd-8485-a2fcd5597ca9} - c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.dll
BHO-{cccb7428-6c95-4bd1-ad38-f5d4cee9d66b} - c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.dll
Wow6432Node-HKLM-Run-StopDefragment - Install\StopDefragment.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-30014854.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
BHO-{157357cc-03a2-4fcd-8485-a2fcd5597ca9} - c:\program files (x86)\DigiCooupoen\RR5t4Kb8eKILUL.x64.dll
BHO-{cccb7428-6c95-4bd1-ad38-f5d4cee9d66b} - c:\program files (x86)\EXstreaCoupon\WYCBOLpcj7gFvU.x64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-TheGoPhoto.it V10 - c:\program files (x86)\TheGoPhoto.it V10\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-26 15:58:33
ComboFix-quarantined-files.txt 2015-02-26 14:58
.
Pre-Run: 29 590 892 544 bytes free
Post-Run: 29 236 969 472 bytes free
.
- - End Of File - - 52933370CEAA065CE4ED1D165224C1C4

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 17:02
od altrok
Pouzivate ESET Smart Security 4.2 (aktualne je verze 8)? A licenci W7 Enterprise, ktera je urcena jen pro firemni klientelu? Jak se k ni bezny uzivatel, ktery ma PC na domaci pouzivani, dostane?

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 17:08
od Spike12
tak nerad by som to tu na vlakno mozem do spravy ale ako kukam neda sa mi odoslat sukromnasprava

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 17:16
od Spike12
jedna se teda o firemni notas jednej univerzity praca na doma cize odtial je ten windows treba tu poslat daky registracny kod alebo daco take aby ste si nemysleli ze je to daco nelegalne popripade nazov

Re: Dobry prosim o kontrolu

Napsal: 28 úno 2015 17:22
od altrok
http://forum.viry.cz/viewtopic.php?f=12&t=5601
pravidla fora píše:3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád či nějaký rádoby odborný web. Naše fórum je jediné z CZ\SK antivirových fór, které má právo luštit logy z ComboFixu a máme též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmout. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu pouze domácím uživatelům.
Mail, na kterem muzeme soukrome komunikovat, mam v podpisu. Dneska mizim, pokud vubec budeme pokracovat, tak zitra kolem obeda.

Re: Dobry prosim o kontrolu

Napsal: 01 bře 2015 13:02
od Spike12
V poriadku napisal som vam mail ale nevim ci dosel ale chapem no pravidla su pravidla notas prejde do osobneho vlastnictva s tym ze ten wintam ostane ale dakujem aj tak za odpovede v pripade ze nieje mozna dalsia komunikacia prosim o zmazanie vlakna teda

Re: Dobry prosim o kontrolu

Napsal: 01 bře 2015 19:43
od altrok
:arrow: Nestiham... byl jsem na soustredeni, od ctvrtka 3-fazove treninky... neni cas.

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Re: Dobry prosim o kontrolu

Napsal: 02 bře 2015 09:12
od Spike12
Tu je spominany log este vcera som to pocistil ccclenerom a presiel malewarebytes takze tam asi toho nebude moc ale stale mi vyskakuje to ze nieje platna aplikacia win 32 aj tento ADW Cleaner som musel spustat v nudzovom rezime v normalnom my to vyskakovalo ze nieje platna aplikacia win32
a v podstate co teraz stiahnem daky program z netu tak v normalnom rezime mi to ked to chcem instalovat vypisuje furt nieje platna aplikacia aj ked to dam ako spravca ale v nudzovom rezime to uz ide

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 09:02:41
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : uzivatel - ASUS_P41S_03
# Running from : C:\Users\uzivatel\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R4].txt - [1020 bytes] - [02/03/2015 08:59:23]
AdwCleaner[S3].txt - [953 bytes] - [02/03/2015 09:02:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1011 bytes] ##########

Re: Dobry prosim o kontrolu

Napsal: 02 bře 2015 15:05
od altrok
:arrow: Otestujte na virustotal.com c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A9D3F5F-E701-44C9-B64F-C36379DC0E5B}\mpengine.dll - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.


:arrow: Pokud jeste nemate, presunte ComboFix na plochu.
  • Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
  • zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

    Kód: Vybrat vše

    KillAll::

Driver::
2e2c67c9

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
    Obrázek
  • Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Dobry prosim o kontrolu

Napsal: 02 bře 2015 23:23
od Spike12
Tak tu je link na ten subor https://www.virustotal.com/sk/file/7fbc ... 425334875/

Re: Dobry prosim o kontrolu

Napsal: 03 bře 2015 00:37
od Spike12
a log z Comba
ComboFix 15-03-01.01 - uzivatel . 03. 2015 23:52:31.2.4 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1051.18.4008.3024 [GMT 1:00]
Running from: c:\users\uzivatel\Desktop\ComboFix.exe
Command switches used :: c:\users\uzivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
d:\program files (x86)\KooBits 4.0\KooBits 4.0.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-02-02 to 2015-03-02 )))))))))))))))))))))))))))))))
.
.
2015-03-01 14:31 . 2015-03-02 23:28 -------- d-----w- c:\users\uzivatel\AppData\Local\Temp
2015-03-01 14:31 . 2015-03-01 14:22 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-01 14:22 . 2015-03-01 14:30 -------- d-----w- C:\zoek_backup
2015-03-01 14:12 . 2015-03-01 14:12 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-01 14:12 . 2015-03-01 14:12 -------- d-----w- c:\programdata\RogueKiller
2015-03-01 09:24 . 2015-03-02 23:22 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-01 09:24 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-01 09:24 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-01 09:24 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-28 23:14 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5C1C47-E34B-4B8B-8E1F-7C2BC081058C}\mpengine.dll
2015-02-28 16:54 . 2015-03-02 08:02 -------- d-----w- C:\AdwCleaner
2015-02-28 15:13 . 2015-02-28 15:13 -------- d-----w- C:\rsit
2015-02-25 16:50 . 2015-03-01 09:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:50 . 2015-02-25 16:50 -------- d-----w- c:\programdata\Malwarebytes
2015-02-18 11:39 . 2015-02-18 11:42 -------- d-----w- c:\users\uzivatel\AppData\Local\FullTiltPoker.eu
2015-02-07 14:55 . 2015-02-28 23:11 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Ulozto File Manager
2015-02-02 10:07 . 2015-02-02 10:07 -------- d-----w- c:\users\uzivatel\AppData\Local\Daedalic Entertainment GmbH
2015-02-01 18:24 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2015-02-01 18:24 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2015-02-01 18:24 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2015-02-01 18:24 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2015-02-01 18:24 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2015-02-01 18:24 . 2015-02-01 18:24 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2015-02-01 18:24 . 2015-02-01 18:24 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-02 23:14 . 2011-09-19 14:12 45056 ----a-w- c:\windows\system32\acovcnt.exe
2015-02-01 16:53 . 2013-10-15 18:10 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-01-08 10:25 . 2014-05-27 05:50 4441216 ----a-w- c:\windows\system32\MetaViewer64.dll
2015-01-08 08:55 . 2011-09-19 11:50 298120 ----a-w- c:\windows\system32\MpSigStub.exe
2014-12-13 00:12 . 2014-08-19 04:32 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-05-22 07:21 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-08-19 04:32 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-05-22 07:21 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-13 191304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - c:\program files (x86)\Common Files\Lingea Shared\luc.exe [2011-9-19 275736]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-9-19 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
R2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 assd;assd; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-01 14:46 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 20:35]
.
2014-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 13:16]
.
2015-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d01ac4d4cebf30.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 13:16]
.
2015-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18 13:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-11-11 23:03 297792 ----a-w- c:\program files\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-11-11 420672]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-11-11 307520]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk - d:\program files (x86)\KooBits 4.0\KooBits 4.0.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-03-03 00:32:04 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-02 23:32
.
Pre-Run: 44 352 630 784 bytes free
Post-Run: 44 399 210 496 bytes free
.
- - End Of File - - 545B60FBAF386829B7F5D96B6DC975E5

Re: Dobry prosim o kontrolu

Napsal: 03 bře 2015 00:40
od altrok
:arrow: Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Dobry prosim o kontrolu

Napsal: 03 bře 2015 09:01
od Spike12
Tu je log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by uzivatel (administrator) on ASUS_P41S_03 on 03-03-2015 08:47:01
Running from C:\Users\uzivatel\Desktop
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [420672 2010-11-12] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [307520 2010-11-12] (AuthenTec, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2046514427-3509041855-1997376595-1002\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2046514427-3509041855-1997376595-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2046514427-3509041855-1997376595-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-11-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea)
Startup: C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [TSFPLOlayIcon] -> {F4DD9208-8229-492D-BCBF-2955F7AC38F4} => C:\Program Files\TrueSuite\TrueSuite.FPLOlayIcon.dll (AuthenTec, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2046514427-3509041855-1997376595-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2046514427-3509041855-1997376595-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2046514427-3509041855-1997376595-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2046514427-3509041855-1997376595-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\uzivatel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2046514427-3509041855-1997376595-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2014-12-18]
FF Extension: TrueSuite WebStore - C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com [2014-12-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-09-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmghomonnhljmlfemmifjblglkacfhg [2015-01-11]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]
CHR Extension: (No Name) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkdblcdkgeeeiegonlgdiifmjnkejhh [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR Extension: (Website Logon) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo [2014-12-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [oiokdoppleiafjmfmggefbkghfblaplo] - C:\Program Files\TrueSuite\x86\tschrome.crx [2010-10-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] () [File not signed]
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5217168 2014-03-18] (CANON INC.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
S2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [290112 2010-11-12] (AuthenTec, Inc)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-07] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-31] (Disc Soft Ltd)
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-01] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 08:47 - 2015-03-03 08:47 - 00017974 _____ () C:\Users\uzivatel\Desktop\FRST.txt
2015-03-03 08:45 - 2015-03-03 08:47 - 00000000 ____D () C:\FRST
2015-03-03 08:42 - 2015-03-03 08:42 - 00000000 ___RD () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-03 08:40 - 2015-03-03 08:40 - 02092544 _____ (Farbar) C:\Users\uzivatel\Desktop\FRST64.exe
2015-03-03 00:32 - 2015-03-03 00:32 - 00018614 _____ () C:\ComboFix.txt
2015-03-02 23:51 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-02 23:51 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-02 23:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 23:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 23:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 23:51 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-02 23:51 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-02 23:51 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-02 23:27 - 2015-03-03 00:32 - 00000000 ____D () C:\Qoobox
2015-03-02 23:27 - 2015-03-03 00:30 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 23:24 - 2015-03-02 23:24 - 05612482 ____R (Swearware) C:\Users\uzivatel\Desktop\ComboFix.exe
2015-03-02 11:46 - 2015-03-02 11:51 - 313692438 _____ () C:\Users\uzivatel\Downloads\FL-Studio-11.0.2-+-Crack--+-Blocks.rar
2015-03-01 15:40 - 2015-03-02 22:46 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-01 15:40 - 2015-03-01 15:40 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-01 15:40 - 2015-03-01 15:40 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d01ac4d4cebf30
2015-03-01 15:31 - 2015-03-01 15:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-01 15:23 - 2015-03-02 08:58 - 00010048 _____ () C:\zoek-results.log
2015-03-01 15:22 - 2015-03-01 15:30 - 00000000 ____D () C:\zoek_backup
2015-03-01 15:21 - 2015-03-01 15:21 - 01304576 _____ () C:\Users\uzivatel\Desktop\zoek.exe
2015-03-01 15:12 - 2015-03-01 15:12 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-01 15:12 - 2015-03-01 15:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-01 15:10 - 2015-03-01 15:10 - 00000845 _____ () C:\Users\uzivatel\Desktop\JRT.txt
2015-03-01 14:49 - 2015-03-01 14:50 - 18687064 _____ () C:\Users\uzivatel\Desktop\RogueKillerX64.exe
2015-03-01 14:49 - 2015-03-01 14:49 - 01388274 _____ (Thisisu) C:\Users\uzivatel\Desktop\JRT.exe
2015-03-01 14:20 - 2015-03-01 14:20 - 02126848 _____ () C:\Users\uzivatel\Desktop\AdwCleaner.exe
2015-03-01 14:20 - 2015-03-01 14:20 - 00448512 _____ (OldTimer Tools) C:\Users\uzivatel\Downloads\TFC.exe
2015-03-01 14:19 - 2015-03-01 14:19 - 00050688 _____ (Atribune.org) C:\Users\uzivatel\Downloads\ATF-Cleaner.exe
2015-03-01 10:24 - 2015-03-03 08:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 10:24 - 2015-03-01 10:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-01 10:24 - 2015-03-01 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-01 10:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-01 10:24 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-01 10:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-28 20:01 - 2015-02-28 20:09 - 00095124 _____ () C:\Users\uzivatel\Downloads\aswclnr.log
2015-02-28 20:00 - 2015-02-28 20:00 - 00407680 _____ (ALWIL Software) C:\Users\uzivatel\Downloads\aswclnr.exe
2015-02-28 19:08 - 2015-02-28 19:08 - 02347384 _____ (ESET) C:\Users\uzivatel\Downloads\esetsmartinstaller_sky.exe
2015-02-28 18:03 - 2015-02-28 18:03 - 00001402 _____ () C:\Users\uzivatel\Downloads\Undelivered-Message (1).rfc822
2015-02-28 17:55 - 2015-02-28 17:55 - 00001402 _____ () C:\Users\uzivatel\Downloads\Undelivered-Message.rfc822
2015-02-28 17:54 - 2015-03-02 09:02 - 00000000 ____D () C:\AdwCleaner
2015-02-28 16:13 - 2015-02-28 16:13 - 00000000 ____D () C:\rsit
2015-02-26 16:16 - 2015-02-26 16:16 - 00011401 _____ () C:\Users\uzivatel\Downloads\hijackthis.log
2015-02-26 15:08 - 2015-03-01 00:11 - 00000000 ____D () C:\Users\uzivatel\Downloads\backups
2015-02-25 17:50 - 2015-03-01 10:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 17:50 - 2015-02-25 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 18:50 - 2015-02-24 18:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\uzivatel\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-23 21:29 - 2015-02-23 21:29 - 01175199 _____ () C:\Users\uzivatel\Documents\Meč pravdy 04 - Kámen slz 2.txt
2015-02-21 19:47 - 2015-02-21 19:47 - 01492801 _____ () C:\Users\uzivatel\Documents\Goodkind Terry - MP 2 - Kámen slz 1 - Armáda démonů.txt
2015-02-19 11:48 - 2015-02-19 11:48 - 01123456 _____ () C:\Users\uzivatel\Documents\Goodkind Terry - MP 1 - První čarodějovo pravidlo 2 - Tři schránky Ordenu.txt
2015-02-18 12:39 - 2015-02-18 12:42 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\FullTiltPoker.eu
2015-02-14 09:43 - 2015-02-14 09:43 - 01111363 _____ () C:\Users\uzivatel\Documents\Goodkind Terry - MP 1 - První čarodějovo pravidlo 1 - Zlověstný mág.txt
2015-02-07 20:42 - 2015-02-07 20:42 - 00000000 ____D () C:\Users\uzivatel\Documents\DyingLight
2015-02-07 15:55 - 2015-03-01 00:11 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Ulozto File Manager
2015-02-04 10:32 - 2015-02-04 10:37 - 920384302 _____ () C:\Users\uzivatel\Downloads\Jak-vycvicit-draka-2-cz.avi
2015-02-02 11:07 - 2015-02-02 11:07 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Daedalic Entertainment GmbH
2015-02-01 19:38 - 2015-02-01 19:38 - 00000526 _____ () C:\Windows\KB893803v2.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 08:43 - 2014-12-17 19:38 - 00422064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-03 08:42 - 2014-12-17 19:38 - 00048711 _____ () C:\Windows\setupact.log
2015-03-03 08:42 - 2013-04-12 12:25 - 00000000 ____D () C:\Users\uzivatel\Documents\Bluetooth Folder
2015-03-03 08:42 - 2011-09-19 15:12 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-03-03 08:41 - 2014-12-18 14:16 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d01ac4d4cebf30.job
2015-03-03 08:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 08:40 - 2014-08-31 20:16 - 01749935 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 08:32 - 2009-07-14 05:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 08:32 - 2009-07-14 05:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 08:30 - 2013-09-03 05:51 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Skype
2015-03-03 00:32 - 2014-09-23 20:49 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Apps\2.0
2015-03-03 00:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-02 23:56 - 2014-12-18 04:54 - 00733634 _____ () C:\Windows\PFRO.log
2015-03-01 15:48 - 2014-12-18 14:17 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-01 15:30 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-01 13:44 - 2014-08-11 10:54 - 00000000 ____D () C:\Windows\Minidump
2015-03-01 10:33 - 2011-09-19 18:22 - 00001866 _____ () C:\Windows\system32\ServiceFilter.ini
2015-03-01 10:33 - 2009-07-14 09:41 - 00000000 ____D () C:\Windows\RemotePackages
2015-03-01 00:19 - 2009-07-14 06:13 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 00:13 - 2011-10-07 12:07 - 00000000 ____D () C:\Users\uzivatel
2015-03-01 00:12 - 2014-12-13 16:53 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-03-01 00:12 - 2014-02-04 08:38 - 00000000 ____D () C:\Xerox
2015-03-01 00:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-01 00:11 - 2015-01-31 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KooBits
2015-03-01 00:11 - 2015-01-17 20:37 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-03-01 00:11 - 2015-01-17 20:36 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2015-03-01 00:11 - 2014-12-18 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-01 00:11 - 2014-12-18 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-01 00:11 - 2014-12-17 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2015-03-01 00:11 - 2014-12-17 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 00:11 - 2014-12-13 16:53 - 00000000 ____D () C:\Windows\system32\NV
2015-03-01 00:11 - 2014-11-14 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-01 00:11 - 2014-10-31 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
2015-03-01 00:11 - 2014-10-30 13:59 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GENERALI Kalkulačka
2015-03-01 00:11 - 2014-10-30 13:30 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AXA životní pojišťovna a.s
2015-03-01 00:11 - 2014-10-20 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-01 00:11 - 2014-08-31 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-01 00:11 - 2014-08-31 20:24 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-03-01 00:11 - 2014-08-30 19:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-01 00:11 - 2014-05-27 07:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Varengold MetaTrader
2015-03-01 00:11 - 2014-05-22 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-01 00:11 - 2014-04-24 21:31 - 00000000 ____D () C:\Users\uzivatel\Documents\FIFA MANAGER 13
2015-03-01 00:11 - 2014-03-28 23:00 - 00000000 ____D () C:\Users\uzivatel\Documents\BioWare
2015-03-01 00:11 - 2014-03-15 18:36 - 00000000 ____D () C:\Users\uzivatel\Documents\Witcher 2
2015-03-01 00:11 - 2014-02-04 08:31 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Xerox
2015-03-01 00:11 - 2014-02-04 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-01 00:11 - 2014-02-04 08:03 - 00000000 ____D () C:\LJP1100_P1560_P1600_Full_Solution
2015-03-01 00:11 - 2013-11-19 20:48 - 00000000 ____D () C:\Users\uzivatel\Documents\Lexicon
2015-03-01 00:11 - 2013-11-02 19:38 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-01 00:11 - 2013-11-02 19:18 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-03-01 00:11 - 2013-11-01 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-01 00:11 - 2013-09-03 10:43 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\IrfanView
2015-03-01 00:11 - 2013-04-09 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-01 00:11 - 2011-10-07 12:07 - 00000000 ___RD () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 00:11 - 2011-10-07 12:07 - 00000000 ___RD () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 00:11 - 2011-10-07 12:07 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\VirtualStore
2015-03-01 00:11 - 2011-10-07 06:45 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-01 00:11 - 2011-10-07 06:44 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\GHISLER
2015-03-01 00:11 - 2011-09-19 18:29 - 00000000 ____D () C:\ExpressGateUtil
2015-03-01 00:11 - 2011-09-19 18:22 - 00000000 ____D () C:\ProgramData\P4G
2015-03-01 00:11 - 2011-09-19 18:07 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 00:11 - 2011-09-19 18:07 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 00:11 - 2011-09-19 18:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-01 00:11 - 2011-09-19 17:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-01 00:11 - 2011-09-19 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-01 00:11 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-01 00:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-01 00:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-01 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-01 00:01 - 2014-12-16 20:51 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Dropbox
2015-03-01 00:01 - 2013-11-02 19:19 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\DAEMON Tools Lite
2015-03-01 00:00 - 2014-12-17 20:24 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Mozilla
2015-02-28 23:59 - 2014-12-16 22:29 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-28 23:59 - 2013-09-03 05:51 - 00000000 ____D () C:\ProgramData\Skype
2015-02-28 23:55 - 2014-05-22 08:15 - 00000000 ____D () C:\NVIDIA
2015-02-28 23:54 - 2014-10-30 13:59 - 00000000 ____D () C:\Generali
2015-02-28 23:54 - 2011-09-19 18:23 - 00000000 ____D () C:\eSupport
2015-02-28 23:02 - 2014-09-21 16:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-25 15:48 - 2014-09-23 20:49 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Deployment
2015-02-24 20:06 - 2015-01-06 16:26 - 00011954 _____ () C:\Users\uzivatel\Desktop\call party.xlsx
2015-02-18 12:28 - 2014-10-31 23:04 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\FullTiltPoker
2015-02-08 11:10 - 2014-05-27 11:09 - 00007597 _____ () C:\Users\uzivatel\AppData\Local\resmon.resmoncfg
2015-02-01 19:38 - 2014-12-20 19:40 - 00015258 _____ () C:\Windows\DirectX.log
2015-02-01 19:26 - 2011-09-19 18:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-01 17:53 - 2013-10-15 19:10 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-02-01 09:50 - 2011-09-19 18:22 - 00002194 _____ () C:\Windows\system32\AutoRunFilter.ini

==================== Files in the root of some directories =======

2013-09-03 12:45 - 2014-06-04 07:53 - 0003738 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-27 11:09 - 2015-02-08 11:10 - 0007597 _____ () C:\Users\uzivatel\AppData\Local\resmon.resmoncfg
2011-11-18 07:48 - 2011-11-18 08:34 - 0001112 _____ () C:\ProgramData\hpzinstall.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\gcapi_dll.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-26 19:12

==================== End Of Log ============================
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz