Windows hlásily vyplý antivir (nebyl, byl zaplý) preventivka

Zpráva

tuvok07 · #1 Příspěvek od **tuvok07** » 03 bře 2015 09:13

Logfile of random's system information tool 1.10 (written by random/random)
Run by xx at 2015-03-03 09:11:05
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 67 GB (9%) free of 707 GB
Total RAM: 3579 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:08, on 3.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\Pixart\Pac7302\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Opera\27.0.1689.76\opera.exe
C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
C:\Program Files\Opera\27.0.1689.76\opera.exe
C:\Program Files\Opera\27.0.1689.76\opera.exe
C:\Program Files\Opera\27.0.1689.76\opera.exe
C:\Program Files\Opera\27.0.1689.76\opera.exe
C:\Portable\RSIT.exe
C:\Program Files\trend micro\xx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: Služba Google Update (gupdate1caeab72b9785e1) (gupdate1caeab72b9785e1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7979 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, wrc@avast.com:20110101, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"content_blocker@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
"virtual_keyboard@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
"url_advisor@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
"anti_banner@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
"online_banking@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/content_blocker]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/online_banking]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@kaspersky.com/virtual_keyboard]
"Description"=
"Path"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npyaxmpb.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\searchplugins\
bing-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20 709312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-01-09 1152808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20 480448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20 891072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-12-25 8129056]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [2013-12-06 747264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [2010-02-02 385024]
"Spotify Web Helper"=C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2015-01-17 1676344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-08-09 113024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-25 20:23:06 ----A---- C:\Windows\system32\wdi.dll
2015-02-25 20:23:06 ----A---- C:\Windows\system32\powertracker.dll
2015-02-25 20:23:06 ----A---- C:\Windows\system32\perftrack.dll
2015-02-24 23:53:41 ----D---- C:\Program Files\Mozilla Firefox
2015-02-12 10:04:33 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-12 10:04:33 ----A---- C:\Windows\system32\jscript9.dll
2015-02-12 03:04:49 ----SHD---- C:\Config.Msi
2015-02-11 12:57:35 ----A---- C:\Windows\system32\win32k.sys
2015-02-11 12:57:30 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-11 12:57:30 ----A---- C:\Windows\system32\sspicli.dll
2015-02-11 12:57:30 ----A---- C:\Windows\system32\secur32.dll
2015-02-11 12:57:30 ----A---- C:\Windows\system32\msobjs.dll
2015-02-11 12:57:30 ----A---- C:\Windows\system32\lsass.exe
2015-02-11 12:57:30 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-11 12:57:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 12:57:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-11 12:57:30 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 12:57:30 ----A---- C:\Windows\system32\auditpol.exe
2015-02-11 12:57:30 ----A---- C:\Windows\system32\adtschema.dll
2015-02-11 12:57:29 ----A---- C:\Windows\system32\msaudite.dll
2015-02-11 12:57:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:57:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-02-11 12:57:05 ----A---- C:\Windows\system32\mstscax.dll
2015-02-11 12:57:04 ----A---- C:\Windows\system32\aaclient.dll
2015-02-11 12:57:03 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 12:57:01 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 12:57:01 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 12:57:01 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 12:57:01 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 12:57:01 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-11 12:57:01 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 12:57:00 ----A---- C:\Windows\system32\aepic.dll
2015-02-11 12:57:00 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 12:56:59 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 12:56:59 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-11 12:56:59 ----A---- C:\Windows\system32\kerberos.dll
2015-02-11 12:56:58 ----A---- C:\Windows\system32\wdigest.dll
2015-02-11 12:56:58 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-11 12:56:58 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-11 12:56:58 ----A---- C:\Windows\system32\credssp.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:56:53 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\iernonce.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:56:53 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 12:56:53 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 12:56:52 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 12:56:52 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-11 12:56:52 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 12:56:52 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 12:56:51 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 12:56:51 ----A---- C:\Windows\system32\msrating.dll
2015-02-11 12:56:51 ----A---- C:\Windows\system32\iesetup.dll
2015-02-11 12:56:51 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:56:50 ----A---- C:\Windows\system32\ieui.dll
2015-02-11 12:56:50 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-11 12:56:49 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 12:56:48 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:56:48 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 12:56:48 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:56:48 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 12:56:47 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 12:56:46 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 12:56:28 ----A---- C:\Windows\system32\wintrust.dll
2015-02-11 12:56:28 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-11 12:56:28 ----A---- C:\Windows\system32\crypt32.dll
2015-02-11 12:56:26 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:56:26 ----A---- C:\Windows\system32\scesrv.dll

======List of files/folders modified in the last 1 month======

2015-03-03 09:11:08 ----D---- C:\Windows\temp
2015-03-03 09:11:08 ----D---- C:\Program Files\trend micro
2015-03-03 09:10:53 ----D---- C:\Portable
2015-03-03 09:09:31 ----D---- C:\Windows\Prefetch
2015-03-03 09:09:16 ----D---- C:\ProgramData\Kaspersky Lab
2015-03-03 09:04:05 ----D---- C:\Program Files\CCleaner
2015-03-03 08:59:10 ----SHD---- C:\System Volume Information
2015-03-03 08:57:28 ----D---- C:\Windows\system32\config
2015-03-03 00:19:37 ----D---- C:\Users\xx\AppData\Roaming\Skype
2015-03-02 10:51:28 ----D---- C:\Program Files\SpeedFan
2015-03-01 22:42:12 ----SHD---- C:\Windows\Installer
2015-03-01 22:41:13 ----D---- C:\Program Files\Google
2015-02-27 16:06:41 ----D---- C:\Users\xx\AppData\Roaming\Spotify
2015-02-26 09:54:19 ----D---- C:\Windows\winsxs
2015-02-26 09:53:17 ----D---- C:\Windows\tracing
2015-02-26 09:53:17 ----D---- C:\Windows\System32
2015-02-25 10:01:25 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-02-25 10:01:24 ----D---- C:\Program Files
2015-02-25 09:59:10 ----D---- C:\Windows\system32\Tasks
2015-02-25 09:59:10 ----D---- C:\Program Files\Opera
2015-02-13 22:57:30 ----D---- C:\Program Files\Warcraft III
2015-02-13 10:35:41 ----D---- C:\Windows\rescache
2015-02-13 09:03:49 ----D---- C:\Windows\system32\cs-CZ
2015-02-13 09:03:48 ----D---- C:\Windows\system32\drivers
2015-02-13 00:55:19 ----D---- C:\Windows\system32\en-US
2015-02-12 09:58:17 ----D---- C:\Windows\system32\catroot2
2015-02-12 03:17:18 ----SD---- C:\Windows\system32\CompatTel
2015-02-12 03:17:18 ----D---- C:\Windows\system32\appraiser
2015-02-12 03:17:17 ----D---- C:\Program Files\Internet Explorer
2015-02-12 03:16:27 ----D---- C:\Windows\system32\MRT
2015-02-12 03:08:58 ----A---- C:\Windows\system32\MRT.exe
2015-02-12 03:05:54 ----D---- C:\ProgramData\Package Cache
2015-02-12 03:05:26 ----D---- C:\ProgramData\Microsoft Help
2015-02-11 12:56:21 ----D---- C:\Windows\system32\catroot
2015-02-04 20:55:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 14:35:45 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-20 135264]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2012-12-29 24184]
R1 klhk;klhk; C:\Windows\system32\DRIVERS\klhk.sys [2014-04-10 34400]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2015-01-09 644808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2014-02-25 25696]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2014-03-25 45024]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-03-26 145888]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-09 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-09 67664]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 11527680]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-12-06 501248]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2013-09-24 77312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-12-25 2981024]
R3 klflt;Kaspersky Lab Kernel DLL; C:\Windows\system32\DRIVERS\klflt.sys [2015-01-09 112136]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-03-28 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-08-08 25696]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2009-04-28 461824]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-12-06 11527680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-10-18 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-12-06 209408]
R2 AVP15.0.0;Služba Kaspersky Anti-Virus 15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [2014-04-20 233552]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate1caeab72b9785e1;Služba Google Update (gupdate1caeab72b9785e1); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-22 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-24 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 03 bře 2015 20:11

Ahoj,

zadnou skodnou nevidim, ale overime to.

Ulozte a spustte SecurityCheck http://www.bleepingcomputer.com/download/securitycheck/

pokracujte libovolnou klavesou a cca minutu pockejte
obsah vygenerovaneho logu vlozte do pristi odpovedi

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

tuvok07 · #3 Příspěvek od **tuvok07** » 05 bře 2015 00:41

Upřímně řečeno, já si myslím, že za to může i víc jak 5 let stará instalace Windows

Můj rekord bez reinstalu.
Například widget na počasí co na notebooku v pohodě funguje mi tu zahlásí že služba není dostupná....
Tohle je log z security checku
Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.3003)
CCleaner
JavaFX 2.1.1
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (36.0)
Mozilla Thunderbird (31.4.0)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

tuvok07 · #4 Příspěvek od **tuvok07** » 05 bře 2015 00:48

Adware cleaner krapet zaúřadoval
# AdwCleaner v4.111 - Logfile created 05/03/2015 at 00:45:15
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : xx - XX-PC
# Running from : C:\Users\xx\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v36.0 (x86 cs)

-\\ Google Chrome v40.0.2214.115

-\\ Opera v27.0.1689.76

*************************

AdwCleaner[R0].txt - [1022 bytes] - [05/03/2015 00:43:10]
AdwCleaner[S0].txt - [957 bytes] - [05/03/2015 00:45:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1015 bytes] ##########

tuvok07 · #5 Příspěvek od **tuvok07** » 05 bře 2015 00:50

A teď co mám dělat s tou javou? Ta její aktualizace se mi spouští pravidelně, to je tak blbá že nerozezná verzi systému? Mám 32 bit a řekl bych že když spouštím aktualizaci dvaatřicetibitový verze tak se mi podle logiky musí updatovat tatáž

#6 Příspěvek od **altrok** » 05 bře 2015 08:28

Nefungujici widgety na W7 nevim, jak rozchodit... na osmickach jim staci nekolik restartu

V Pridat nebo odebrat programy bys mel tu starou Javu videt, takze ji jednoduse odinstaluj.

Dej log FRST.txt, priloz i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
V soucasnosti vyosek resi hosting, takze nejde stahnout FRSTLauncher - staci logy ze samotneho FRST.exe.

tuvok07 · #7 Příspěvek od **tuvok07** » 05 bře 2015 10:16

Ok, musím na úřad udělám to až přijdu.

tuvok07 · #8 Příspěvek od **tuvok07** » 05 bře 2015 16:56

První texťák
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by xx (administrator) on XX-PC on 05-03-2015 16:49:48
Running from C:\Users\xx\Desktop
Loaded Profiles: xx (Available profiles: xx)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Spotify Ltd) C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe
(Sysinternals - www.sysinternals.com) C:\Portable\ProcessExplorer\procexp.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
() C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files\Opera\27.0.1689.76\opera.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8129056 2009-12-25] (Realtek Semiconductor)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-02-02] (AMD)
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\Run: [Spotify Web Helper] => C:\Users\xx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-17] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-09] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2503734218-1681691102-840008259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\xx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\searchplugins\bing-avast.xml
FF Extension: DownloadHelper - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Adblock Plus - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Greasemonkey - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\lynva8w7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-12]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-01-09]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-01-09]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-01-09]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-01-09]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-01-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Last.fm free music player) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2012-05-20]
CHR Extension: (YouTube) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Kaspersky Protection) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-02-21]
CHR Extension: (Last.fm Scrobbler) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2012-04-06]
CHR Extension: (scroblr) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2012-04-12]
CHR Extension: (Google Wallet) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Gmail) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/deta ... ojhbllhbho [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-10-18] (SUPERAntiSpyware.com) [File not signed]
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 gupdate1caeab72b9785e1; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-01-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-01-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 16:49 - 2015-03-05 16:50 - 00017965 _____ () C:\Users\xx\Desktop\FRST.txt
2015-03-05 16:48 - 2015-03-05 16:49 - 00000000 ____D () C:\FRST
2015-03-05 16:47 - 2015-03-05 16:47 - 01132544 _____ (Farbar) C:\Users\xx\Desktop\FRST.exe
2015-03-05 00:43 - 2015-03-05 00:45 - 00000000 ____D () C:\AdwCleaner
2015-03-05 00:30 - 2015-03-05 00:31 - 02126848 _____ () C:\Users\xx\Desktop\AdwCleaner.exe
2015-03-05 00:30 - 2015-03-05 00:30 - 00852604 _____ () C:\Users\xx\Desktop\SecurityCheck.exe
2015-02-26 01:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 20:23 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 20:23 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 20:23 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-24 23:53 - 2015-02-24 23:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-12 10:04 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 10:04 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 12:57 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 12:57 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 12:57 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 12:57 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 12:57 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 12:57 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 12:57 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 12:57 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 12:57 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 12:57 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 12:57 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 12:57 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 12:57 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 12:57 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 12:57 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 12:57 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 12:57 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 12:57 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 12:57 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 12:57 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 12:57 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 12:57 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 12:57 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:57 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 12:57 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 12:57 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-11 12:56 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 12:56 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 12:56 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 12:56 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 12:56 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 12:56 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 12:56 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 12:56 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 12:56 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 12:56 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 12:56 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 12:56 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 12:56 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 12:56 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 12:56 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 12:56 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 12:56 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 12:56 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 12:56 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 12:56 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 12:56 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 12:56 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 12:56 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 12:56 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 12:56 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 12:56 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 12:56 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 12:56 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 12:56 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 12:56 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 12:56 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 12:56 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 12:56 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 12:56 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-04 14:35 - 2015-03-05 16:40 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 14:35 - 2015-03-05 14:40 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 16:07 - 2010-10-07 11:53 - 00000000 ____D () C:\Program Files\SpeedFan
2015-03-05 15:58 - 2015-01-09 17:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-05 15:55 - 2014-04-13 16:22 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 15:29 - 2010-05-03 12:36 - 01380738 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 09:47 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 09:47 - 2009-07-14 05:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 09:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 09:40 - 2009-07-14 05:39 - 00159544 _____ () C:\Windows\setupact.log
2015-03-03 09:11 - 2015-01-12 15:21 - 00000000 ____D () C:\Program Files\trend micro
2015-03-03 09:10 - 2010-10-06 18:05 - 00000000 ____D () C:\Portable
2015-03-03 09:04 - 2011-03-10 12:39 - 00000000 ____D () C:\Users\Public\Documents\zalohy_reg
2015-03-03 09:04 - 2011-03-10 12:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-03 00:19 - 2010-10-14 12:37 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Skype
2015-03-02 16:52 - 2014-08-08 11:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 10:22 - 2010-05-04 05:08 - 00652996 _____ () C:\Windows\PFRO.log
2015-03-01 22:41 - 2010-05-03 12:51 - 00000000 ____D () C:\Program Files\Google
2015-03-01 16:47 - 2013-10-23 19:24 - 00001063 _____ () C:\Users\xx\Desktop\Herai.txt
2015-02-27 16:06 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Spotify
2015-02-27 16:06 - 2014-06-20 17:00 - 00000000 ____D () C:\Users\xx\AppData\Local\Spotify
2015-02-26 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-25 10:01 - 2012-05-09 20:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-25 09:59 - 2010-10-14 11:31 - 00000000 ____D () C:\Program Files\Opera
2015-02-19 12:23 - 2011-03-13 20:39 - 00000000 ____D () C:\Users\xx\.FBReader
2015-02-15 20:54 - 2014-12-01 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-02-13 22:57 - 2010-10-06 19:08 - 00000000 ____D () C:\Program Files\Warcraft III
2015-02-13 10:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 09:54 - 2009-07-14 05:33 - 00412552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:17 - 2014-12-12 10:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:17 - 2014-05-06 23:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:16 - 2013-08-16 01:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:08 - 2010-10-01 12:16 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 03:05 - 2014-04-02 21:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:05 - 2010-05-03 12:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 20:55 - 2014-04-13 16:22 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 20:55 - 2014-04-13 16:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 11:11 - 2010-05-03 12:45 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 09:10 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2012-10-28 19:09 - 2012-10-28 19:18 - 0003584 _____ () C:\Users\xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-07 12:14 - 2015-01-07 12:14 - 0029696 _____ () C:\Users\xx\AppData\Local\MSGBOX.EXE
2010-10-06 16:43 - 2015-01-10 22:25 - 0007597 _____ () C:\Users\xx\AppData\Local\Resmon.ResmonCfg
2014-09-26 19:31 - 2014-09-26 19:31 - 0000198 _____ () C:\ProgramData\defraggler_list.txt
2010-10-14 12:38 - 2010-10-14 12:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\xx\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\xx\AppData\Local\temp\Quarantine.exe
C:\Users\xx\AppData\Local\temp\sfamcc00001.dll
C:\Users\xx\AppData\Local\temp\sfamcc00002.dll
C:\Users\xx\AppData\Local\temp\sfareca00001.dll
C:\Users\xx\AppData\Local\temp\sfareca00002.dll
C:\Users\xx\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-05 10:53

==================== End Of Log ============================

tuvok07 · #9 Příspěvek od **tuvok07** » 05 bře 2015 16:57

Addition
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by xx at 2015-03-05 16:50:39
Running from C:\Users\xx\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Story 3.5 (HKLM\...\4StoryCZ_is1) (Version: - )
50 FREE MP3s +1 Free Audiobook! (HKLM\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_PROPLUS_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_PROPLUS_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_PROPLUS_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Catalyst Install Manager (HKLM\...\{C2796CF4-6517-00C1-9F70-6A9C50680D29}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ArcSoft MediaImpression (HKLM\...\{18472E28-FCA0-421F-BDAC-AC65012E29F2}) (Version: 1.2.19.456 - ArcSoft)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Assassin's Creed (HKLM\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
ATI AVIVO Codecs (Version: 10.12.0.00202 - ATI Technologies Inc.) Hidden
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.5.645 - DsNET Corp)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
cdrLabel 7.1 (HKLM\...\{279FC9F9-1872-4927-AB0E-A93154F7D339}) (Version: 7.1.584.0 - ZipLabel.com)
Celestia 1.6.1 (HKLM\...\Celestia_is1) (Version: - Shatters Software)
CrystalDiskInfo 6.1.9a (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
DU Meter (HKLM\...\dumeter3_is1) (Version: - Hagel Technologies)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HeavyLoad V3.0 (HKLM\...\HeavyLoad_is1) (Version: 3.0 - JAM Software)
HydraVision (Version: 4.2.142.0 - ATI Technologies Inc.) Hidden
iTraffic Monitor v1.0 (HKLM\...\itrafficmonitor_is1) (Version: 1.0 - )
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.0.463 - Kaspersky Lab) Hidden
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.36 (HKLM\...\MediaInfo) (Version: 0.7.36 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 cs) (HKLM\...\Mozilla Firefox 36.0 (x86 cs)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 cs) (HKLM\...\Mozilla Thunderbird 31.4.0 (x86 cs)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Raptr (HKLM\...\Raptr) (Version: - )
RarmaRadio 2.68.3 (HKLM\...\RarmaRadio_is1) (Version: - RaimerSoft)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6013 - Realtek Semiconductor Corp.)
Secunia PSI (2.0.0.3003) (HKLM\...\Secunia PSI) (Version: - )
Sigil 0.6.0 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Streamripper (Remove only) (HKLM\...\Streamripper) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
Unity Web Player (HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VGA USB Camera (HKLM\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.2.0.0 - )
Warcraft III (HKLM\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\Warcraft III) (Version: - )
Winamp (HKLM\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2503734218-1681691102-840008259-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.0.2 (HKLM\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)
Worms World Party (HKLM\...\InstallShield_{0F6E17CB-0565-44A7-8C36-941EA56B215E}) (Version: 1.00.000 - Název společnosti:)
Worms World Party (Version: 1.00.000 - Název společnosti:) Hidden
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)
Zoner Photo Studio 12 (HKLM\...\ZonerPhotoStudio12_CZ_is1) (Version: 12.0.1.2 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\xx\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{76D0CB12-7604-4048-B83C-1005C7DDC503}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{7FEBAF7C-18CF-11D2-993F-00A0C91F3880}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 12\Program\SHELLEXT.DLL (ZONER software)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{F46316E4-FB1B-46EB-AEDF-9520BFBB916A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{F8383852-FCD3-11D1-A6B9-006097DF5BD4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> C:\Windows\system32\ieframe.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2503734218-1681691102-840008259-1000_Classes\CLSID\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A}\InprocServer32 -> No File Path

==================== Restore Points =========================

07-01-2015 13:06:27 Bod po vymazu
09-01-2015 16:59:41 avast! antivirus system restore point
15-01-2015 01:14:11 Windows Update
20-01-2015 14:07:07 Windows Update
31-01-2015 10:28:32 Windows Update
06-02-2015 09:52:04 Windows Update
10-02-2015 15:59:07 Windows Update
12-02-2015 03:00:55 Windows Update
13-02-2015 00:54:50 Windows Update
17-02-2015 09:07:52 Windows Update
24-02-2015 09:29:35 Windows Update
26-02-2015 01:49:34 Windows Update
03-03-2015 08:58:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2011-03-03 13:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D6BE0AC-E26F-4657-A8E0-EC5EBBD7AF52} - System32\Tasks\{75BB131B-006F-46E5-8723-9E9D107B2613} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: {1663D21E-766E-4C91-919A-8A4F85DE62D3} - System32\Tasks\{87BBAE62-840E-4118-958B-051FE8A33B73} => C:\Portable\Release\Powder-RScience-2.2.1.exe
Task: {2A166D47-86A5-454F-A117-B19EDE149073} - System32\Tasks\Opera scheduled Autoupdate 1421265847 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {377A2293-D8C2-4872-85C6-C5A63F582D28} - System32\Tasks\{4A58B6A2-2CA7-420F-A12B-124895C00580} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: {4FDB0F13-E4F8-4CE6-A3FD-C4B7135C1ED0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5E423790-5941-49C8-9D73-3FB7DED078B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6BF85A80-3A1C-4407-8B5A-104F09E1A42D} - System32\Tasks\{D541E083-9470-4923-9B6A-E3EAAC5F8E90} => C:\Hry\Worms\wwp.exe [2010-06-11] (Levo)
Task: {9F193BC5-3D44-4E84-9789-2C5C967D0876} - System32\Tasks\{E3575629-4125-4966-A9C3-6E09915A1EC4} => c:\program files\opera\opera.exe [2014-04-22] (Opera Software)
Task: {AE308EC3-1BAD-4E2D-9C67-794CEBEB2AA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D54B1F38-417E-4AF8-89FE-FBE1053F0A0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {E00A7D60-2387-4A96-93CE-7AE6AA8AC833} - System32\Tasks\{CAD2C50C-3AA9-4B6E-BC81-5D9B30CFFF8E} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {E5064D9E-3E04-4273-B244-60C1AC27A6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2010-02-02 22:23 - 2010-02-02 22:23 - 00090112 _____ () C:\Program Files\ATI Technologies\HydraVision\HydraCsy.dll
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-02-25 13:39 - 2015-03-05 16:07 - 00158720 _____ () C:\Users\xx\AppData\Local\Temp\sfareca00001.dll
2015-01-07 21:06 - 2015-03-05 16:07 - 00192512 _____ () C:\Users\xx\AppData\Local\Temp\sfamcc00001.dll
2015-02-25 09:59 - 2015-02-25 09:59 - 00552056 _____ () C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
2015-02-25 09:59 - 2015-02-25 09:59 - 01408632 _____ () C:\Program Files\Opera\27.0.1689.76\libglesv2.dll
2015-02-25 09:59 - 2015-02-25 09:59 - 00219256 _____ () C:\Program Files\Opera\27.0.1689.76\libegl.dll
2015-02-25 09:59 - 2015-02-25 09:59 - 09510520 _____ () C:\Program Files\Opera\27.0.1689.76\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Classes\.exe: exefile => <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\xx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2503734218-1681691102-840008259-500 - Administrator - Disabled)
Guest (S-1-5-21-2503734218-1681691102-840008259-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2503734218-1681691102-840008259-1008 - Limited - Enabled)
xx (S-1-5-21-2503734218-1681691102-840008259-1000 - Administrator - Enabled) => C:\Users\xx

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2015 10:55:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/05/2015 10:55:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/05/2015 10:55:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/05/2015 10:55:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/04/2015 10:11:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/04/2015 10:11:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/04/2015 10:11:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/04/2015 10:11:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/03/2015 05:04:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program opera.exe verze 12.17.1863.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: fc

Čas spuštění: 01d055ba7ebdef09

Čas ukončení: 2

Cesta k aplikaci: C:\Program Files\Opera\opera.exe

ID hlášení: d0e7166f-c1be-11e4-a5ed-6cf0497a4ccf

Error: (03/03/2015 10:27:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

System errors:
=============
Error: (02/13/2015 11:29:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 70. Stav interní chyby: 105

Error: (02/12/2015 03:16:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/12/2015 03:11:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0902): Aktualizace zabezpečení systému Windows 7 (KB3023562).

Error: (02/04/2015 00:06:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 70. Stav interní chyby: 105

Error: (01/31/2015 05:57:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Error: (01/31/2015 05:57:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Error: (01/31/2015 05:56:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Error: (01/31/2015 05:56:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Error: (01/31/2015 05:56:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Error: (01/31/2015 05:56:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Byla vygenerována následující výstraha o závažné chybě: 43. Stav interní chyby: 252

Microsoft Office Sessions:
=========================
Error: (10/22/2014 05:09:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2015-02-13 09:18:47.830
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 09:18:47.760
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 09:12:33.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-13 09:12:33.357
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-07-06 18:24:17.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-07-06 16:19:00.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-07-06 10:23:09.467
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-07-06 01:33:08.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-07-05 22:39:53.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-07-05 18:39:21.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 36%
Total physical RAM: 3579.49 MB
Available physical RAM: 2290.55 MB
Total Pagefile: 7157.28 MB
Available Pagefile: 5412 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.79 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:690.82 GB) (Free:63.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: FD54F1B2)
Partition 1: (Active) - (Size=690.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.8 GB) - (Type=27)

==================== End Of Log ============================

#10 Příspěvek od **altrok** » 05 bře 2015 18:49

Malware nevidno... mozna to byla kolize s Windows Defenderem, proto jej trvale vypni http://windows.microsoft.com/cs-cz/wind ... =windows-7

A doporucuju vycistit tempy napr. pomoci CCleaneru... vypada to, zes je delsi dobu nemazal. A vycisti s jeho pomoci i registry (udelej zalohu, kterou Ti nabidne).

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-03-05 00:43 - 2015-03-05 00:45 - 00000000 ____D () C:\AdwCleaner
2015-03-05 00:30 - 2015-03-05 00:31 - 02126848 _____ () C:\Users\xx\Desktop\AdwCleaner.exe
2015-03-05 00:30 - 2015-03-05 00:30 - 00852604 _____ () C:\Users\xx\Desktop\SecurityCheck.exe
2015-03-03 09:11 - 2015-01-12 15:21 - 00000000 ____D () C:\Program Files\trend micro
2015-01-07 12:14 - 2015-01-07 12:14 - 0029696 _____ () C:\Users\xx\AppData\Local\MSGBOX.EXE
2010-10-14 12:38 - 2010-10-14 12:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Task: {0D6BE0AC-E26F-4657-A8E0-EC5EBBD7AF52} - System32\Tasks\{75BB131B-006F-46E5-8723-9E9D107B2613} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: {377A2293-D8C2-4872-85C6-C5A63F582D28} - System32\Tasks\{4A58B6A2-2CA7-420F-A12B-124895C00580} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
End

tuvok07 · #11 Příspěvek od **tuvok07** » 05 bře 2015 19:30

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by xx at 2015-03-05 19:24:10 Run:1
Running from C:\Users\xx\Desktop
Loaded Profiles: xx (Available profiles: xx)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-03-05 00:43 - 2015-03-05 00:45 - 00000000 ____D () C:\AdwCleaner
2015-03-05 00:30 - 2015-03-05 00:31 - 02126848 _____ () C:\Users\xx\Desktop\AdwCleaner.exe
2015-03-05 00:30 - 2015-03-05 00:30 - 00852604 _____ () C:\Users\xx\Desktop\SecurityCheck.exe
2015-03-03 09:11 - 2015-01-12 15:21 - 00000000 ____D () C:\Program Files\trend micro
2015-01-07 12:14 - 2015-01-07 12:14 - 0029696 _____ () C:\Users\xx\AppData\Local\MSGBOX.EXE
2010-10-14 12:38 - 2010-10-14 12:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Task: {0D6BE0AC-E26F-4657-A8E0-EC5EBBD7AF52} - System32\Tasks\{75BB131B-006F-46E5-8723-9E9D107B2613} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: {377A2293-D8C2-4872-85C6-C5A63F582D28} - System32\Tasks\{4A58B6A2-2CA7-420F-A12B-124895C00580} => C:\Program Files\Team17\Worms World Party\wwp.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\xx\Desktop\AdwCleaner.exe => Moved successfully.
C:\Users\xx\Desktop\SecurityCheck.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\xx\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D6BE0AC-E26F-4657-A8E0-EC5EBBD7AF52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D6BE0AC-E26F-4657-A8E0-EC5EBBD7AF52}" => Key deleted successfully.
C:\Windows\System32\Tasks\{75BB131B-006F-46E5-8723-9E9D107B2613} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75BB131B-006F-46E5-8723-9E9D107B2613}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{377A2293-D8C2-4872-85C6-C5A63F582D28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377A2293-D8C2-4872-85C6-C5A63F582D28}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4A58B6A2-2CA7-420F-A12B-124895C00580} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A58B6A2-2CA7-420F-A12B-124895C00580}" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"HKU\S-1-5-21-2503734218-1681691102-840008259-1000\Software\Classes\.exe" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog 19:24:13 ====

#12 Příspěvek od **altrok** » 05 bře 2015 21:46

Jeste tam pust preventivne MBAR.

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

Spuste dvojklikem a extrahujte na plochu
kliknete na Next
Aktualizujte virovou databazi klikem na Update a pokracujte na Next
Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
kliknete na Cleanup a souhlaste s restartem - Yes
obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

tuvok07 · #13 Příspěvek od **tuvok07** » 08 bře 2015 17:20

Sorry v pátek jsem neměl čas se sem podívat a na víkend jsem byl pryč, jdu na to.

tuvok07 · #14 Příspěvek od **tuvok07** » 08 bře 2015 17:25

Verze z odkazu byla stará, přesměrovalo mě to na stránky Malvarebytes pak

tuvok07 · #15 Příspěvek od **tuvok07** » 08 bře 2015 17:43

Hlásím, že nic nenašel
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.08.04
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17633
xx :: XX-PC [administrator]

8.3.2015 17:25:25
mbar-log-2015-03-08 (17-25-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 336066
Time elapsed: 14 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

VIRY.CZ

Windows hlásily vyplý antivir (nebyl, byl zaplý) preventivka

Windows hlásily vyplý antivir (nebyl, byl zaplý) preventivka

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent

Re: Windows hlásily vyplý antivir (nebyl, byl zaplý) prevent