VIRY.CZ

Dobrý den, už si nevím rady. Používám firefox 37.0.1 a najednou mi prohlížeč začal vyhazovat na stránkách reklamy a přesměrovává na jiné stránky a jak je tlačítko o stránku zpět, tak se to tam ten odkaz na stránku skopíruje snad 20 krát. Projel jsem počítač programy jako Malwarebytes Anti-Malwere,adwcleaner a nic. Děkuji za pomoc.
Přidávám log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2015-04-04 11:49:18
Microsoft Windows 8
System drive C: has 353 GB (38%) free of 940 GB
Total RAM: 8073 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:23, on 4. 4. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16688)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files (x86)\sup games\sup_games_notification_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-21-3013665566-3004046289-603150396-1002\..\Run: [T-Mobile CManager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun (User 'postgres')
O4 - Startup: CurseClientStartup.ccip
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: postgresql-x64-9.0 - PostgreSQL Server 9.0 (postgresql-x64-9.0) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 8649 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
atieclxx
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe"
dashost.exe {6654928f-c870-4e22-8bb944e7c97c949e}
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe" runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" -D "C:/Program Files/PostgreSQL/9.0/data"
\??\C:\Windows\system32\conhost.exe 0x4
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forklog" "4604" "4608"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkboot" "4472" "-x3"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkboot" "4476" "-x4"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkavlauncher" "4456"
"C:/Program Files/PostgreSQL/9.0/bin/postgres.exe" "--forkcol" "4448"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe"
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe"
taskhostex.exe
taskeng.exe {17F99A11-301F-41CD-A3AC-8A9DB409FE71}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\sup games\sup_games_notification_service.exe" /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='sup games' /appid='73143' /srcid='2913' /bic='039c11b52a2b37cf7b5e1efcdd1f10df' /verifier='eb8e53a7a0d43b2de1d582a3260feb84' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1428058452' /runfrom='task' /brwtype='notbg' /postponedhours='6'
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
"C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4180.15b57150.839363667 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4180 "\\.\pipe\gecko-crash-server-pipe.4180" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe" --proxy-stub-channel=Flash5024.71CEBE28.25157 --host-broker-channel=Flash5024.71CEBE28.28662 --host-pid=5024 --host-npapi-version=28 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_17_0_0_134.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe" --channel=5056.0067F274.1484906572 --proxy-stub-channel=Flash5024.71CEBE28.25157 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_17_0_0_134.dll" --host-npapi-version=28 --type=renderer

"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Users\Martin\Downloads\RSITx64.exe"
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\SlimDrivers Startup.job - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe -boot
C:\Windows\tasks\sup_games_notification_service.job - C:\Program Files (x86)\sup games\sup_games_notification_service.exe /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='sup games' /appid='73143' /srcid='2913' /bic='039c11b52a2b37cf7b5e1efcdd1f10df' /verifier='eb8e53a7a0d43b2de1d582a3260feb84' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1428058452' /runfrom='task' /brwtype='notbg' /postponedhours='6'

=========Mozilla firefox=========

ProfilePath - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.134 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.134 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-02-28 66688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-05-14 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-05-14 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-05-14 444400]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-04-30 36352]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2000-01-01 7573720]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2000-01-01 1385840]
"WavesSvc"=C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [2000-01-01 562264]
"RtHDVBg_PushButton"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2000-01-01 1385840]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-10-02 1090912]
"T-Mobile CManager"=C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2013-10-31 2166552]
"DAEMON Tools Ultra Agent"=C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [2013-11-14 3192056]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-04-25 4101584]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-05-08 440320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-04-04 11:49:18 ----D---- C:\rsit
2015-04-04 11:49:18 ----D---- C:\Program Files\trend micro
2015-04-04 11:45:34 ----SHD---- C:\$RECYCLE.BIN
2015-04-04 11:43:52 ----D---- C:\Windows\Temp
2015-04-04 11:43:52 ----A---- C:\Windows\zoek-delete.exe
2015-04-04 11:28:20 ----D---- C:\zoek_backup
2015-04-04 11:22:26 ----D---- C:\AdwCleaner
2015-04-04 10:46:39 ----A---- C:\ComboFix.txt
2015-04-04 10:34:25 ----D---- C:\ComboFix
2015-04-04 10:32:20 ----A---- C:\Windows\ntbtlog.txt
2015-04-04 09:29:45 ----A---- C:\Windows\zip.exe
2015-04-04 09:29:45 ----A---- C:\Windows\SWXCACLS.exe
2015-04-04 09:29:45 ----A---- C:\Windows\SWSC.exe
2015-04-04 09:29:45 ----A---- C:\Windows\SWREG.exe
2015-04-04 09:29:45 ----A---- C:\Windows\sed.exe
2015-04-04 09:29:45 ----A---- C:\Windows\PEV.exe
2015-04-04 09:29:45 ----A---- C:\Windows\NIRCMD.exe
2015-04-04 09:29:45 ----A---- C:\Windows\MBR.exe
2015-04-04 09:29:45 ----A---- C:\Windows\grep.exe
2015-04-04 09:29:22 ----D---- C:\Qoobox
2015-04-04 09:29:09 ----D---- C:\Windows\erdnt
2015-04-04 08:37:31 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 08:37:19 ----D---- C:\ProgramData\Malwarebytes
2015-04-04 08:37:19 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 08:37:19 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-04-04 08:37:19 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-04 08:37:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-04-04 08:25:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-03 12:54:11 ----D---- C:\Program Files (x86)\sup games
2015-03-28 01:11:24 ----D---- C:\Users\Martin\AppData\Roaming\11bitstudios
2015-03-27 23:44:06 ----D---- C:\Program Files (x86)\505games
2015-03-26 16:22:28 ----D---- C:\CCProxy
2015-03-26 15:17:25 ----D---- C:\Program Files (x86)\THQ
2015-03-26 14:23:39 ----A---- C:\Windows\system32\drivers\dtscsibus.sys
2015-03-26 14:23:32 ----D---- C:\Users\Martin\AppData\Roaming\DAEMON Tools Ultra
2015-03-26 14:23:28 ----D---- C:\Program Files (x86)\DAEMON Tools Ultra
2015-03-26 14:19:31 ----D---- C:\ProgramData\DAEMON Tools Ultra
2015-03-21 17:15:03 ----SHD---- C:\Windows\ftpcache
2015-03-20 20:50:14 ----D---- C:\Program Files (x86)\Company of Heroes 2 - Ardennes Assault
2015-03-20 19:26:12 ----D---- C:\Program Files (x86)\Hitman Absolution
2015-03-19 11:45:03 ----D---- C:\ProgramData\Orbit
2015-03-13 13:34:24 ----D---- C:\Program Files (x86)\Middle Earth Shadow of Mordor
2015-03-10 17:50:30 ----D---- C:\Program Files\Alan Wake
2015-03-10 14:26:30 ----D---- C:\R.G. Catalyst

======List of files/folders modified in the last 1 month======

2015-04-04 11:49:18 ----RD---- C:\Program Files
2015-04-04 11:45:02 ----D---- C:\Windows
2015-04-04 11:44:09 ----D---- C:\Windows\Prefetch
2015-04-04 11:38:39 ----D---- C:\ProgramData
2015-04-04 11:32:21 ----D---- C:\Windows\System32
2015-04-04 11:32:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-04 11:30:22 ----RD---- C:\Program Files (x86)
2015-04-04 11:28:21 ----D---- C:\Windows\SysWOW64
2015-04-04 11:24:03 ----D---- C:\Windows\system32\log
2015-04-04 11:03:29 ----D---- C:\Windows\SoftwareDistribution
2015-04-04 10:46:41 ----D---- C:\Windows\system32\Drivers
2015-04-04 10:43:08 ----A---- C:\Windows\system.ini
2015-04-04 10:40:20 ----D---- C:\Windows\SYSWOW64\drivers
2015-04-04 10:40:20 ----D---- C:\Windows\apppatch
2015-04-04 10:40:19 ----D---- C:\Program Files (x86)\Common Files
2015-04-04 09:39:49 ----D---- C:\Windows\system32\Tasks
2015-04-04 09:39:48 ----D---- C:\Windows\Tasks
2015-04-04 09:37:50 ----D---- C:\Windows\system32\drivers\etc
2015-04-04 09:30:15 ----D---- C:\Windows\system32\catroot2
2015-04-04 09:30:10 ----SHD---- C:\System Volume Information
2015-04-04 09:14:42 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 09:14:37 ----D---- C:\Windows\schemas
2015-04-04 09:14:19 ----D---- C:\Users\Martin\AppData\Roaming\uTorrent
2015-04-04 09:00:01 ----D---- C:\Windows\system32\sru
2015-04-04 03:00:15 ----D---- C:\Windows\Microsoft.NET
2015-04-03 20:27:23 ----D---- C:\Windows\Logs
2015-04-01 14:45:57 ----D---- C:\Windows\system32\config
2015-03-28 00:34:56 ----D---- C:\Windows\SYSWOW64\directx
2015-03-27 23:47:54 ----SHD---- C:\Windows\Installer
2015-03-27 23:47:54 ----D---- C:\Config.Msi
2015-03-27 23:47:53 ----D---- C:\Program Files (x86)\Adobe
2015-03-27 23:46:51 ----RSD---- C:\Windows\assembly
2015-03-26 15:15:19 ----D---- C:\Users\Martin\AppData\Roaming\Seznam.cz
2015-03-26 14:20:43 ----D---- C:\Windows\system32\DriverStore
2015-03-26 14:20:43 ----D---- C:\Windows\Inf
2015-03-19 12:56:15 ----D---- C:\Windows\WinSxS
2015-03-19 11:48:06 ----D---- C:\Windows\LiveKernelReports
2015-03-12 14:14:43 ----D---- C:\Program Files (x86)\PokerStars
2015-03-12 14:14:02 ----D---- C:\Program Files (x86)\PokerTracker 4
2015-03-11 13:00:58 ----D---- C:\Games
2015-03-10 16:50:13 ----D---- C:\Program Files (x86)\Dying Light
2015-03-09 15:31:10 ----D---- C:\Users\Martin\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem202.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2013-12-13 36608]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-04-23 677360]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 AthBTPort;@oem185.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-02-28 89168]
R3 athr;@oem53.inf,%ATHR.Service.DispName%;Dell Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-02-21 3765760]
R3 BTATH_A2DP;@oem184.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-02-28 346192]
R3 btath_avdt;@oem184.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-02-28 115280]
R3 BTATH_BUS;@oem181.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-02-28 34384]
R3 BTATH_HCRP;@oem187.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-02-28 179432]
R3 BTATH_LWFLT;@oem189.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-02-28 77464]
R3 BTATH_RCP;@oem191.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-02-28 136424]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-02-28 583760]
R3 BthEnum;@tdibth.inf,%BthEnum.DisplayName%;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-12-03 51712]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-12-03 74752]
R3 DellRbtn;@oem176.inf,%DellRbtn%;Airplane Mode Switch; C:\Windows\System32\drivers\DellRbtn.sys [2013-01-25 10752]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtscsibus.sys [2015-03-26 29696]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\System32\drivers\ew_jubusenum.sys [2011-09-09 87040]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-05-08 4431840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 3956056]
R3 IntcDAud;@oem178.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-05-08 442368]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MEIx64;@oem2.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverx64.sys [2014-09-30 129312]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2013-12-03 156672]
R3 RTL8168;@oem27.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2000-01-01 874712]
R3 RTSUER;@oem8.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\Windows\system32\Drivers\RtsUer.sys [2000-01-01 377560]
R3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-04-16 34544]
R3 SynTP;@oem11.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\System32\drivers\SynTP.sys [2014-04-16 527600]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2012-09-20 210304]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-12-03 1175040]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;@oem13.inf,%busupper.SVCDESC%;huawei_CompositeFilter; C:\Windows\System32\drivers\ew_usbenumfilter.sys [2010-03-20 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 98304]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\System32\drivers\ew_juextctrl.sys [2011-09-09 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 218624]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 64216]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RSUSBVSTOR;@oem5.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys []
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-03-05 28400]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2015-03-19 16152]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2000-01-01 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2013-02-28 227968]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-04-30 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-11 733696]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2012-09-20 29696]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w []
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2000-01-01 290520]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-04-25 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-04-25 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R3 Disc Soft Bus Service;Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-11-14 723192]
S2 DellDigitalDelivery;Dell Digital Delivery Service; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-08-07 199176]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04 268464]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-05-14 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-11 822232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-04 148080]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]

-----------------EOF-----------------

Zdravim

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Martin (administrator) on PC-MARTIN on 04-04-2015 11:54:08
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin & postgres (Available profiles: Martin & postgres & Administrator)
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
(FileProperties_CompanyName) C:\Program Files (x86)\sup games\sup_games_notification_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2000-01-01] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-3013665566-3004046289-603150396-1002\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: [S-1-5-21-3013665566-3004046289-603150396-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3013665566-3004046289-603150396-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3013665566-3004046289-603150396-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-04] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-04] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2000-01-01] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-03] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2015-03-26] (Disc Soft Ltd)
S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [218624 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2000-01-01] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [377560 2000-01-01] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2014-04-16] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-03-19] ()
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 RSUSBVSTOR; \SystemRoot\System32\Drivers\RtsUVStor.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:54 - 2015-04-04 11:54 - 00015295 _____ () C:\Users\Martin\Downloads\FRST.txt
2015-04-04 11:54 - 2015-04-04 11:54 - 00000000 ____D () C:\FRST
2015-04-04 11:53 - 2015-04-04 11:53 - 02095616 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-04-04 11:49 - 2015-04-04 11:49 - 01222144 _____ () C:\Users\Martin\Downloads\RSITx64.exe
2015-04-04 11:49 - 2015-04-04 11:49 - 00000000 ____D () C:\rsit
2015-04-04 11:49 - 2015-04-04 11:49 - 00000000 ____D () C:\Program Files\trend micro
2015-04-04 11:43 - 2015-04-04 11:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-04 11:38 - 2015-04-04 11:42 - 00000000 ____D () C:\Users\Martin\AppData\Local\CrashDumps
2015-04-04 11:29 - 2015-04-04 11:45 - 00019546 _____ () C:\zoek-results.log
2015-04-04 11:28 - 2015-04-04 11:38 - 00000000 ____D () C:\zoek_backup
2015-04-04 11:28 - 2015-04-04 11:28 - 01305600 _____ () C:\Users\Martin\Downloads\zoek.exe
2015-04-04 11:22 - 2015-04-04 11:26 - 00000000 ____D () C:\AdwCleaner
2015-04-04 11:22 - 2015-04-04 11:22 - 02208768 _____ () C:\Users\Martin\Downloads\adwcleaner_4.200.exe
2015-04-04 11:03 - 2015-04-04 11:45 - 00035952 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 11:03 - 2015-04-04 11:45 - 00000866 _____ () C:\Windows\PFRO.log
2015-04-04 10:46 - 2015-04-04 10:46 - 00044239 _____ () C:\ComboFix.txt
2015-04-04 10:34 - 2015-04-04 10:46 - 00000000 ____D () C:\ComboFix
2015-04-04 09:29 - 2015-04-04 10:46 - 00000000 ____D () C:\Qoobox
2015-04-04 09:29 - 2015-04-04 09:38 - 00000000 ____D () C:\Windows\erdnt
2015-04-04 09:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-04 09:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-04 09:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-04 09:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-04 09:28 - 2015-04-04 09:28 - 05617096 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2015-04-04 09:21 - 2015-04-04 09:21 - 00000000 ___RD () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-04 08:37 - 2015-04-04 10:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 08:37 - 2015-04-04 08:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-04 08:37 - 2015-04-04 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-04 08:37 - 2015-04-04 08:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-04 08:37 - 2015-04-04 08:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-04 08:37 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-04 08:37 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-04 08:37 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-04 08:36 - 2015-04-04 08:36 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-04 08:25 - 2015-04-04 08:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 13:54 - 2015-04-04 11:45 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 12:54 - 2015-04-04 11:54 - 00001330 _____ () C:\Windows\Tasks\sup_games_notification_service.job
2015-04-03 12:54 - 2015-04-03 12:54 - 00004332 _____ () C:\Windows\System32\Tasks\sup_games_notification_service
2015-04-03 12:54 - 2015-04-03 12:54 - 00000000 ____D () C:\Program Files (x86)\sup games
2015-03-31 23:50 - 2015-03-31 23:50 - 00513507 _____ () C:\Users\Martin\Downloads\839706732.jpeg
2015-03-28 01:11 - 2015-03-28 01:11 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\11bitstudios
2015-03-27 23:47 - 2015-03-27 23:47 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2015-03-27 23:45 - 2015-03-27 23:45 - 01025369 _____ () C:\Users\Martin\Downloads\Men-of-War--100%-cestina.rar
2015-03-27 23:44 - 2015-03-27 23:44 - 00000000 ____D () C:\Program Files (x86)\505games
2015-03-27 23:35 - 2015-03-27 23:38 - 00000000 ____D () C:\Users\Martin\Downloads\this war of mine
2015-03-26 17:25 - 2015-03-26 17:26 - 00001679 _____ () C:\Users\Martin\Desktop\RelicCOH – zástupce.lnk
2015-03-26 16:22 - 2015-03-26 16:22 - 00000000 ____D () C:\CCProxy
2015-03-26 15:17 - 2015-03-26 15:17 - 00000000 ____D () C:\Program Files (x86)\THQ
2015-03-26 14:27 - 2015-03-26 14:27 - 00000000 ____D () C:\Users\Martin\AppData\Local\Disc_Soft_Ltd
2015-03-26 14:23 - 2015-03-26 14:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\DAEMON Tools Ultra
2015-03-26 14:23 - 2015-03-26 14:32 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Ultra
2015-03-26 14:23 - 2015-03-26 14:23 - 00029696 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtscsibus.sys
2015-03-26 14:23 - 2015-03-26 14:23 - 00001991 _____ () C:\Users\Public\Desktop\DAEMON Tools Ultra.lnk
2015-03-26 14:23 - 2015-03-26 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2015-03-26 14:19 - 2015-03-26 14:27 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra
2015-03-26 14:03 - 2015-03-26 14:13 - 33336327 _____ () C:\Users\Martin\Downloads\EMONoolsltra2100187CZ.rar
2015-03-26 13:25 - 2015-03-26 13:27 - 26240632 _____ () C:\Users\Martin\Downloads\daemon-tools-windows-8.zip
2015-03-21 22:35 - 2015-03-21 22:35 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2015-03-21 17:15 - 2015-03-21 17:15 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-21 12:31 - 2015-03-21 12:31 - 00001767 _____ () C:\Users\Martin\Desktop\RelicCoH2 – zástupce.lnk
2015-03-20 20:50 - 2015-03-20 21:05 - 00000000 ____D () C:\Program Files (x86)\Company of Heroes 2 - Ardennes Assault
2015-03-20 20:50 - 2015-03-20 20:50 - 00001016 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Company of Heroes 2 - Ardennes Assault.lnk
2015-03-20 19:57 - 2015-03-20 19:57 - 00001041 _____ () C:\Users\Public\Desktop\Hitman Absolution.lnk
2015-03-20 19:57 - 2015-03-20 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Absolution
2015-03-20 19:27 - 2015-03-20 19:27 - 01099461 _____ () C:\Users\Martin\Downloads\hitman-absolution-v1.0.446.0-cz.zip
2015-03-20 19:26 - 2015-03-20 20:01 - 00000000 ____D () C:\Program Files (x86)\Hitman Absolution
2015-03-19 11:45 - 2015-03-19 11:45 - 00000000 ____D () C:\Users\Martin\Documents\Assassin's Creed Unity
2015-03-19 11:45 - 2015-03-19 11:45 - 00000000 ____D () C:\ProgramData\Orbit
2015-03-14 22:53 - 2015-03-19 17:37 - 00000000 ____D () C:\Users\Martin\Downloads\Company.of.Heroes.2.Ardennes.Assault-RELOADED
2015-03-13 15:01 - 2015-03-13 15:01 - 00000000 ____D () C:\Users\Martin\Documents\WB Games
2015-03-13 13:56 - 2015-03-13 13:56 - 00001276 _____ () C:\Users\Martin\Desktop\Middle Earth Shadow of Mordor.lnk
2015-03-13 13:56 - 2015-03-13 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2015-03-13 13:34 - 2015-03-13 13:56 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor
2015-03-10 21:38 - 2015-03-10 21:38 - 00000000 ____D () C:\Users\Martin\AppData\Local\FLT
2015-03-10 21:38 - 2015-03-10 21:38 - 00000000 ____D () C:\Users\Martin\AppData\Local\CAPCOM
2015-03-10 17:50 - 2015-03-10 17:50 - 00000000 ____D () C:\Program Files\Alan Wake
2015-03-10 14:26 - 2015-03-10 15:45 - 00000000 ____D () C:\R.G. Catalyst

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 11:52 - 2012-07-26 12:01 - 02104112 _____ () C:\Windows\system32\perfh005.dat
2015-04-04 11:52 - 2012-07-26 12:01 - 00590712 _____ () C:\Windows\system32\perfc005.dat
2015-04-04 11:52 - 2012-07-26 09:28 - 00005640 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-04 11:45 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 11:24 - 2015-01-28 01:03 - 00000000 ____D () C:\Windows\system32\log
2015-04-04 10:46 - 2014-11-12 21:13 - 00000000 ____D () C:\Users\Martin\AppData\Local\Apps\2.0
2015-04-04 10:43 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2015-04-04 09:20 - 2014-11-12 20:03 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 09:18 - 2014-11-12 20:03 - 00003804 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-04 09:18 - 2014-11-12 20:02 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2015-04-04 09:14 - 2014-11-12 19:57 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\uTorrent
2015-04-04 09:14 - 2014-11-12 18:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 09:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\schemas
2015-04-04 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-04-04 08:26 - 2015-01-28 00:56 - 00000000 ____D () C:\Users\Martin\Desktop\Původní data aplikace Firefox
2015-04-04 04:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-03 20:21 - 2015-02-27 10:45 - 00000000 ____D () C:\Users\Martin\AppData\Local\The Witcher
2015-03-28 11:04 - 2014-11-12 18:35 - 00000000 ____D () C:\Users\Martin\AppData\Local\VirtualStore
2015-03-28 11:03 - 2014-11-14 22:04 - 00000000 ____D () C:\Users\Martin\Desktop\Nová složka
2015-03-28 09:11 - 2014-11-12 18:49 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3013665566-3004046289-603150396-1001
2015-03-28 00:36 - 2014-09-01 20:30 - 00000000 ____D () C:\Users\Martin\Documents\My Games
2015-03-28 00:34 - 2015-02-26 22:21 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-27 23:47 - 2014-11-12 20:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-26 15:15 - 2014-11-12 20:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Seznam.cz
2015-03-23 00:33 - 2015-02-27 21:47 - 00000000 ____D () C:\Users\Martin\Downloads\Hitman.Absolution-SKIDROW
2015-03-20 20:02 - 2015-02-27 17:41 - 00000000 ____D () C:\Users\Martin\AppData\Local\SKIDROW
2015-03-20 10:04 - 2014-11-12 22:22 - 00000432 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-03-20 08:11 - 2015-02-28 15:59 - 00000000 ____D () C:\Users\Martin\Downloads\Resident.Evil.6-RELOADED
2015-03-19 20:36 - 2015-02-27 21:32 - 00000000 ____D () C:\Users\Martin\Downloads\Sniper.Elite.3-RELOADED
2015-03-19 12:43 - 2014-11-12 21:15 - 00003076 _____ () C:\Windows\System32\Tasks\Game_Booster_Startup
2015-03-19 12:40 - 2014-11-12 22:22 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-03-19 11:48 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-13 07:13 - 2015-02-27 21:28 - 00000000 ____D () C:\Users\Martin\Downloads\Middle.Earth.Shadow.of.Mordor-CODEX
2015-03-12 17:13 - 2015-02-03 19:23 - 00000000 ____D () C:\Users\Martin\AppData\Local\PokerStars.EU
2015-03-12 14:14 - 2014-11-12 21:39 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2015-03-12 14:14 - 2014-11-12 19:24 - 00000000 ____D () C:\Users\Martin\AppData\Local\PokerTracker 4
2015-03-12 14:14 - 2014-11-12 19:23 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2015-03-12 14:13 - 2014-11-12 19:24 - 00001076 _____ () C:\Users\postgres\Desktop\PokerTracker 4.lnk
2015-03-12 14:13 - 2014-11-12 19:24 - 00001076 _____ () C:\Users\Martin\Desktop\PokerTracker 4.lnk
2015-03-12 14:13 - 2014-11-12 19:24 - 00001076 _____ () C:\Users\Administrator\Desktop\PokerTracker 4.lnk
2015-03-11 13:00 - 2015-02-28 10:30 - 00000000 ____D () C:\Games
2015-03-11 12:56 - 2015-03-04 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
2015-03-10 16:50 - 2015-01-28 14:25 - 00000000 ____D () C:\Program Files (x86)\Dying Light
2015-03-10 16:23 - 2014-11-12 21:13 - 00000000 ____D () C:\Users\Martin\AppData\Local\Deployment
2015-03-09 15:31 - 2014-11-12 20:31 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\vlc
2015-03-05 14:05 - 2015-02-27 21:27 - 00000000 ____D () C:\Users\Martin\Downloads\Resident_Evil_Revelations-FLT

==================== Files in the root of some directories =======

2014-11-13 00:28 - 2014-11-13 00:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-12 19:24 - 2014-11-12 19:24 - 0004913 _____ () C:\ProgramData\flwjycbm.bab
2014-11-12 19:19 - 2014-11-12 19:19 - 0000032 _____ () C:\ProgramData\Temp.log
2013-12-03 10:08 - 2013-12-03 10:08 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-12-03 10:03 - 2013-12-03 10:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-12-03 10:05 - 2013-12-03 10:06 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-12-03 10:03 - 2013-12-03 10:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-12-03 10:06 - 2013-12-03 10:08 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 21:04

==================== End Of Log ============================

Achjo Tady si nekdo hral na doktora


Muzete mi rict, proc jste spoustel ComboFix? Umite s nim zachazet?

Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy a ja ted muzu tak akorat varit z vody, jak se rika
Zkusim se na to podivat, ale pokud se to bude opakovat, bude pomoc odmitnuta.
A taky upozornuji, ze se to mozna protahne a vysledek vubec neni jisty



Odinstalujte Spybota, je zastaraly a k nicemu.

Log z FRST jste sice dal, ale podle navodu to rozhodne nebylo. Ale jelikoz po pouziti CF je stejne neprukazny, je to celkem jedno.

Dejte mi sem log z ComboFixu, je zde C:\ComboFix.txt

Se moc omlouvám, je pravda, že jsem se to snažil vyřešit sám a vůbec se mi to nepovedlo.
ComboFix 15-04-01.01 - Martin . 04. 2015 10:36:03.2.4 - x64 MINIMAL
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8073.6884 [GMT 2:00]
Spuštěný z: c:\users\Martin\Downloads\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-04 do 2015-04-04 )))))))))))))))))))))))))))))))
.
.
2015-04-04 08:43 . 2015-04-04 08:43 -------- d-----w- c:\users\postgres\AppData\Local\temp
2015-04-04 08:43 . 2015-04-04 08:43 -------- d-----w- c:\users\Martin\AppData\Local\temp
2015-04-04 08:43 . 2015-04-04 08:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-04 08:43 . 2015-04-04 08:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-04-04 06:37 . 2015-04-04 08:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-04 06:37 . 2015-04-04 06:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-04 06:37 . 2015-04-04 06:37 -------- d-----w- c:\programdata\Malwarebytes
2015-04-04 06:37 . 2015-03-17 04:15 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-04 06:37 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-04 06:37 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 10:54 . 2015-04-03 10:54 -------- d-----w- c:\program files (x86)\sup games
2015-03-27 23:11 . 2015-03-27 23:11 -------- d-----w- c:\users\Martin\AppData\Roaming\11bitstudios
2015-03-27 22:32 . 2015-03-28 12:12 -------- d-----w- c:\program files (x86)\1C Company
2015-03-27 21:47 . 2015-03-27 21:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-03-27 21:44 . 2015-03-27 21:44 -------- d-----w- c:\program files (x86)\505games
2015-03-26 14:22 . 2015-03-26 14:22 -------- d-----w- C:\CCProxy
2015-03-26 13:17 . 2015-03-26 13:17 -------- d-----w- c:\program files (x86)\THQ
2015-03-26 12:27 . 2015-03-26 12:27 -------- d-----w- c:\users\Martin\AppData\Roaming\DAEMON Tools Ult
2015-03-26 12:27 . 2015-03-26 12:27 -------- d-----w- c:\users\Martin\AppData\Local\Disc_Soft_Ltd
2015-03-26 12:23 . 2015-03-26 12:23 29696 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2015-03-26 12:23 . 2015-03-26 12:32 -------- d-----w- c:\program files (x86)\DAEMON Tools Ultra
2015-03-26 12:19 . 2015-03-26 12:27 -------- d-----w- c:\programdata\DAEMON Tools Ultra
2015-03-21 21:02 . 2015-03-26 11:41 -------- d-----w- c:\users\Martin\AppData\Roaming\PowerISO
2015-03-21 15:15 . 2015-03-21 15:15 -------- d-sh--w- c:\windows\ftpcache
2015-03-20 18:50 . 2015-03-20 19:05 -------- d-----w- c:\program files (x86)\Company of Heroes 2 - Ardennes Assault
2015-03-20 17:26 . 2015-03-20 18:01 -------- d-----w- c:\program files (x86)\Hitman Absolution
2015-03-19 12:01 . 2015-03-19 12:01 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-03-19 09:45 . 2015-03-19 09:45 -------- d-----w- c:\programdata\Orbit
2015-03-13 11:34 . 2015-03-13 11:56 -------- d-----w- c:\program files (x86)\Middle Earth Shadow of Mordor
2015-03-10 19:38 . 2015-03-10 19:38 -------- d-----w- c:\users\Martin\AppData\Local\FLT
2015-03-10 19:38 . 2015-03-10 19:38 -------- d-----w- c:\users\Martin\AppData\Local\CAPCOM
2015-03-10 15:50 . 2015-03-10 15:50 -------- d-----w- c:\program files\Alan Wake
2015-03-10 12:26 . 2015-03-10 13:45 -------- d-----w- C:\R.G. Catalyst
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-19 10:40 . 2014-11-12 20:22 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-03-02 15:00 . 2015-03-02 15:00 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
"T-Mobile CManager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-10-31 2166552]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2013-11-14 3192056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-11-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 xusb22;Služba ovladače bezdrátového přijímače Xbox 360, 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys;c:\windows\SYSNATIVE\Drivers\RtsUer.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 07:17]
.
2015-03-20 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 11:49]
.
2015-04-04 c:\windows\Tasks\sup_games_notification_service.job
- c:\program files (x86)\sup games\sup_games_notification_service.exe [2015-04-03 10:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-14 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-14 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-14 444400]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7573720]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1385840]
"WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2000-01-01 562264]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1385840]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MBAMSwissArmy
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,63,02,ad,7e,53,6d,2d,82,36,c4,cf,2d,5a,19,64,2d,2a,41,96,85,8a,7f,
b2,9a,7b,27,85,53,3d,4c,ae,89,68,a1,a4,39,ae,32,2e,2b,93,85,70,f3,01,84,8c,\
"??"=hex:8f,21,bd,21,ba,51,55,1c,c2,90,d3,31,13,2b,a0,38
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:dd,b5,c6,83,9b,5d,e9,72,e7,61,ca,b6,02,04,cd,e0,fb,27,22,aa,fa,
21,cf,88,ad,56,cf,5c,47,28,7f,a1,f4,5b,79,3a,d6,89,6e,80,03,0f,84,62,c6,aa,\
"rkeysecu"=hex:40,d5,6b,55,86,52,44,1f,6b,22,9a,07,35,7e,97,1e
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,63,02,ad,7e,53,6d,2d,82,36,c4,cf,2d,5a,19,64,2d,2a,41,96,85,8a,7f,
b2,9a,7b,27,85,53,3d,4c,ae,89,68,a1,a4,39,ae,32,2e,2b,93,85,70,f3,01,84,8c,\
"??"=hex:8f,21,bd,21,ba,51,55,1c,c2,90,d3,31,13,2b,a0,38
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:dd,b5,c6,83,9b,5d,e9,72,e7,61,ca,b6,02,04,cd,e0,fb,27,22,aa,fa,
21,cf,88,ad,56,cf,5c,47,28,7f,a1,f4,5b,79,3a,d6,89,6e,80,03,0f,84,62,c6,aa,\
"rkeysecu"=hex:40,d5,6b,55,86,52,44,1f,6b,22,9a,07,35,7e,97,1e
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:df,da,32,a0,00,f0,ce,01
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gStHXX/QBpI="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="a+CTzOSXgNk="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="5XkQRP4rzyM="
"ProgId"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FeezC9m7iSM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="4DToUjW2Qso="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="cJZsVJwr6sY="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="h00m85Qfa3Y="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6iMS1trhnD4="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="2/1J2o9e1l0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dHjWwD1NtOQ="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="yz0ixA4PsRA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="m8fzzgf48B0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="u6UY9LRvPbE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kt9ieLEqEbo="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3138AioaLEo="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bWB8mK7aVzA="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="X9yUNyf5KEg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="pBXp3kOw99g="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bf5ipGA+Qzg="
"ProgId"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="KUXh/IrkV8Q="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dqaImBP8jo8="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="03OR9bwdLVY="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9oGBNvIhDKk="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="rDdHF7dkZPs="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tlBGMD3xONo="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tOuozr5udd8="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bhCQboph59o="
"ProgId"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="x6Gy7woudjA="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="iHx3VO/bv8g="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Q8/ktLyrjm4="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="oZtNDQEnxjU="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SAuCCSukOA0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kffAdbwRR/8="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Brk7E+E9XPQ="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="OWh2vLN6B5U="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SSIaAlUqWkQ="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="LGfxPjKttac="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nMIyNMIIfsw="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3o8cWHmzKsc="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dhFnGNJ9Fho="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="7sOfD/mpa0Y="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:df,da,32,a0,00,f0,ce,01
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gStHXX/QBpI="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="a+CTzOSXgNk="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="5XkQRP4rzyM="
"ProgId"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FeezC9m7iSM="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="4DToUjW2Qso="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="cJZsVJwr6sY="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="h00m85Qfa3Y="
"ProgId"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6iMS1trhnD4="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="2/1J2o9e1l0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dHjWwD1NtOQ="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="yz0ixA4PsRA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="m8fzzgf48B0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="u6UY9LRvPbE="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kt9ieLEqEbo="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3138AioaLEo="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bWB8mK7aVzA="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="X9yUNyf5KEg="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="pBXp3kOw99g="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bf5ipGA+Qzg="
"ProgId"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="KUXh/IrkV8Q="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dqaImBP8jo8="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="03OR9bwdLVY="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9oGBNvIhDKk="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="rDdHF7dkZPs="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tlBGMD3xONo="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tOuozr5udd8="
"ProgId"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="bhCQboph59o="
"ProgId"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="x6Gy7woudjA="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="iHx3VO/bv8g="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Q8/ktLyrjm4="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="oZtNDQEnxjU="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SAuCCSukOA0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kffAdbwRR/8="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Brk7E+E9XPQ="
"ProgId"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="OWh2vLN6B5U="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="SSIaAlUqWkQ="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="LGfxPjKttac="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nMIyNMIIfsw="
"ProgId"="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3o8cWHmzKsc="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dhFnGNJ9Fho="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3013665566-3004046289-603150396-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="7sOfD/mpa0Y="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2015-04-04 10:46:38
ComboFix-quarantined-files.txt 2015-04-04 08:46
ComboFix2.txt 2015-04-04 07:40
.
Před spuštěním: 370 366 164 992 bytes free
Po spuštění: 369 997 840 384 bytes free
.
- - End Of File - - 1577D2E48BDEFE6630F377E9514FBB1B
5FB38429D5D77768867C76DCBDB35194

Premistete FRST primo na plochu, jinak to nebude fungovat!


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.



Stahnete novy AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.



Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Martin at 2015-04-04 13:39:25 Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin & postgres (Available profiles: Martin & postgres & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
URLSearchHook: [S-1-5-21-3013665566-3004046289-603150396-1002] ATTENTION ==> Default URLSearchHook is missing.

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\sup_games_notification_service.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => value deleted successfully.
HKU\S-1-5-21-3013665566-3004046289-603150396-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Ultra Agent => value deleted successfully.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3013665566-3004046289-603150396-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
Error setting Default URLSearchHook.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully.
SDScannerService => Service not found.
SDUpdateService => Service not found.
SDWSCService => Service not found.
EsgScanner => Service deleted successfully.
sbapifs => Service deleted successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\tasks\sup_games_notification_service.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 256.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:40:19 ====



# AdwCleaner v4.200 - Log vytvooen 04/04/2015 v 13:46:40
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 8 (x64)
# Uživatelské jméno : Martin - PC-MARTIN
# Spuštino z : C:\Users\Martin\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeee ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v37.0.1 (x86 cs)


*************************

AdwCleaner[R0].txt - [3822 bytu] - [04/04/2015 11:23:12]
AdwCleaner[R1].txt - [858 bytu] - [04/04/2015 11:26:01]
AdwCleaner[R2].txt - [913 bytu] - [04/04/2015 13:45:46]
AdwCleaner[S0].txt - [3703 bytu] - [04/04/2015 11:24:02]
AdwCleaner[S1].txt - [839 bytu] - [04/04/2015 13:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [896 bytu] ##########



Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4. 4. 2015
Čas skenování: 13:53:00
Protokol: 1.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.04.03
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: Martin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 628285
Uplynulý čas: 1 hod, 45 min, 6 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
VirTool.Obfuscator, C:\Program Files (x86)\Outlast\Binaries\Win32\steam_api.dll, , [2f6488e0eb9f112577a11b3318e908f8],
PUP.Optional.ClientConnect, C:\Qoobox\Quarantine\C\ProgramData\Tbccint\IE\CT3329621\UninstallerUI.exe.vir, , [e8abbcac1b6fc5714380ac22f70a8e72],
PUP.Optional.ClientConnect, C:\Qoobox\Quarantine\C\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe.vir, , [5f34adbbc5c5e25480433f8f10f135cb],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Nalezy MBAM hodte do karanteny, pak muzete MBAM odinstalovat.


Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8 x64
Ran by Martin on so 04. 04. 2015 at 16:49:08,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 04. 04. 2015 at 16:51:42,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by Martin on so 04. 04. 2015 at 16:53:37,99.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-04-094529.log 19546 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425\prefs.js:

Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425
43583AB4DFD406F4C188342F41B1F91C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUUHW8TY will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\z714zg6s.default-1428128810425\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=15 14108997 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Users\postgres\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUUHW8TY" not found

==== EOF on so 04. 04. 2015 at 17:06:10,34 ======================

Reklamy stale vyskakuji? Pokud ano, dela to ve vsech prohlizecich, nebo jen v te mozille?

Mám mozillu a IE a zobrazuje se mi to jenom v te mozille.

Zkuste firefox preinstalovat (zalozky muzete zazalohujte pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ ). Musite ho odinstalovat komplet, vcetne nastaveni a profilu. Ze zalohy pak vratit jen ty zalozky, pokud je pouzivate.


Napiste, zda to zabralo a podle toho budeme pokracovat.

Tak zatím se nic neukázalo. Prvně jsem to odinstaloval přes odebrat programy a nainstaloval a dělalo to znova, tak jsem to odinstaloval znovu přes Revo uninstaller, tam to vymazlo i nějaké registry a zatím se to neobjevilo. Děkuji mnohokrát za Váš čas a rady a ještě jednou díky moc za pomoc.

Uvidime, jestli se to nevrati. Nemate zac!

Mezitim uklidime


Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to vypada.




1.5. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975