Dobrý den,
před pár dny najednou můj nb začal být pomalejší (myš, větrák...), takže jsem s Malwarebytes Anti-Malware hledal viry, skoro všechny asi úspěšně programem odstranil, jen se mi pořád obnovuje složka "C:\Users\Ondra\AppData\Local\Temp\iswizard05" a "dwm.exe" a "iswizard.7z" v ní. Nevím jestli zpomalení je kvůli tomu, každopádně je ale chci odstranit. Malwarebytes Anti-Malware je ale vždy najde znova, a složka tam opravdu pořád je. Takže jak se toho prosím zbavit? Díky
Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondra at 2014-02-01 15:00:46
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 200 GB (54%) free of 373 GB
Total RAM: 8055 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:49, on 1.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Ondra.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [GMouse] "C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3323841661-1481063226-1255461800-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3323841661-1481063226-1255461800-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Hesla JB (jednou denně).lnk = C:\Program Files (x86)\Hesla JB\Heslaw.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll prio32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13168 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 27945632
\??\C:\Windows\system32\conhost.exe "-982275617-1738416288-5139047181071328082800128557-17353583991421391430956847975
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2872
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe"
"C:\Program Files (x86)\USB Camera2\VM332_STI.EXE"
"C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\igfxsrvc.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe -poolip=176.34.128.129 -poolport=1337 -pooluser=ALrZxq5uTqwvfo9AgRgdY9BWn7jReX3z9e -poolpassword=x -genproclimit=8
\??\C:\Windows\system32\conhost.exe "-1710472517-431254482-128696453-2074669897-1173653509-1919464316-1041017989116859331
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {5EA1963C-40C6-4C28-B611-91F6B762A62F}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default
prefs.js - "browser.startup.homepage" - "http://www.mozilla.cz/zpravicky/category/doplnky/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.43 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@caminova.com/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.43 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@caminova.com/DjVuPlugin]
"Description"=Document Express DjVu Plug-in
"Path"=C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\extensions\
isreaditlater@ideashower.com
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{99e34760-2754-11e0-91fa-0800200c9a66}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-02 551840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-02 209824]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-30 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-22 587104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-30 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-01-31 12446824]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 1156712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-11-10 2847016]
"SynLenovoGestureMgr"=C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [2011-11-10 408872]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2013-01-19 789856]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2013-01-27 8071680]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2013-01-27 6193152]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-27 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-27 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-27 440600]
"XMouseButtonControl"=C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [2013-10-06 1171088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"tsiVideo"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server]
C:\Program Files (x86)\Simpo PDF Creator Pro\SpcProSrv.exe [2010-12-11 101376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
C:\Users\Ondra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2013-09-26 257136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-21 20549280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-02 802136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE [2013-05-22 1089888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk]
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe [2008-08-06 275736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk]
C:\Program20(x86)\SANotify\SANotify.jar []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MIF5BA~1\Office12\ONENOTEM.EXE [2009-02-26 97680]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-27 291608]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-29 284440]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
"MuteSync"=C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [2012-02-03 343040]
"332BigDog"=C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2011-12-09 548864]
"CAPOSD"=C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe [2012-02-09 1876992]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-09-25 2629632]
"GMouse"=C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE /hide []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Hesla JB (jednou denně).lnk - C:\Program Files (x86)\Hesla JB\Heslaw.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll prio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-19 430080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.l3acm"=l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"VIDC.LAGS"=lagarith.dll
"msacm.l3codecp"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-02-01 14:34:17 ----D---- C:\rsit
2014-02-01 14:34:17 ----D---- C:\Program Files\trend micro
2014-01-30 11:24:58 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-01-30 11:24:54 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-01-30 11:24:54 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-01-30 11:24:54 ----A---- C:\Windows\SYSWOW64\java.exe
2014-01-30 08:49:51 ----D---- C:\Users\Ondra\AppData\Roaming\Malwarebytes
2014-01-30 08:49:28 ----D---- C:\ProgramData\Malwarebytes
2014-01-30 08:49:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 08:49:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-01-25 11:22:30 ----D---- C:\Program Files (x86)\Simpo PDF Creator Pro
2014-01-25 11:12:24 ----A---- C:\Windows\PreConvertPro.dll
2014-01-25 11:12:20 ----A---- C:\Windows\SpcPro_PDFLib.dll
2014-01-25 11:03:53 ----D---- C:\Users\Ondra\AppData\Roaming\Oxy
2014-01-25 10:57:24 ----D---- C:\Program Files (x86)\Mobogenie
2014-01-25 10:24:03 ----D---- C:\Users\Ondra\AppData\Roaming\PDF Architect
2014-01-15 23:18:13 ----D---- C:\Program Files (x86)\Cheat Engine 6.3
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-15 08:41:53 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-01-15 08:41:26 ----A---- C:\Windows\system32\win32k.sys
2014-01-15 08:40:58 ----A---- C:\Windows\system32\drivers\netio.sys
======List of files/folders modified in the last 1 month======
2014-02-01 14:34:17 ----RD---- C:\Program Files
2014-02-01 14:10:43 ----D---- C:\Windows\system32\config
2014-02-01 14:08:48 ----D---- C:\Windows\Temp
2014-02-01 14:08:46 ----D---- C:\Windows\Microsoft.NET
2014-02-01 13:58:36 ----A---- C:\Windows\SYSWOW64\log.txt
2014-02-01 13:55:15 ----D---- C:\Program Files (x86)\Steam
2014-02-01 13:55:04 ----D---- C:\Users\Ondra\AppData\Roaming\uTorrent
2014-02-01 13:31:12 ----D---- C:\Windows\System32
2014-02-01 13:31:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-01 09:14:31 ----D---- C:\Windows\system32\drivers
2014-02-01 09:02:03 ----D---- C:\Windows\Prefetch
2014-02-01 00:14:32 ----SHD---- C:\Windows\Installer
2014-02-01 00:05:16 ----SHD---- C:\System Volume Information
2014-01-30 11:31:16 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-01-30 11:31:16 ----D---- C:\Windows\system32\cs-CZ
2014-01-30 11:30:09 ----RSD---- C:\Windows\assembly
2014-01-30 11:27:36 ----D---- C:\Windows\SysWOW64
2014-01-30 11:27:24 ----D---- C:\Windows\SYSWOW64\en-US
2014-01-30 11:27:24 ----D---- C:\Windows\system32\en-US
2014-01-30 11:27:18 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-01-30 11:25:16 ----D---- C:\Program Files (x86)\Common Files
2014-01-30 11:25:06 ----D---- C:\ProgramData\Oracle
2014-01-30 11:24:44 ----D---- C:\Program Files (x86)\Java
2014-01-30 11:23:32 ----D---- C:\Windows\system32\catroot2
2014-01-30 09:49:26 ----D---- C:\Windows\Logs
2014-01-30 09:44:42 ----SD---- C:\ProgramData\Microsoft
2014-01-30 09:44:42 ----D---- C:\Windows
2014-01-30 09:12:57 ----D---- C:\Windows\debug
2014-01-30 08:49:28 ----HD---- C:\ProgramData
2014-01-30 08:49:26 ----RD---- C:\Program Files (x86)
2014-01-30 00:45:14 ----D---- C:\Users\Ondra\AppData\Roaming\GameCompanion
2014-01-29 21:16:15 ----D---- C:\Windows\inf
2014-01-29 20:11:58 ----D---- C:\Users\Ondra\AppData\Roaming\Media Player Classic
2014-01-28 22:34:55 ----D---- C:\Windows\Minidump
2014-01-28 10:15:34 ----D---- C:\Users\Ondra\AppData\Roaming\Foxit Software
2014-01-26 12:29:17 ----D---- C:\Windows\pss
2014-01-26 09:58:27 ----D---- C:\Windows\system32\Tasks
2014-01-26 09:58:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-01-26 09:58:14 ----D---- C:\Program Files (x86)\Futuremark
2014-01-25 11:04:44 ----D---- C:\Windows\Tasks
2014-01-24 08:45:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-23 18:09:25 ----D---- C:\ProgramData\Ashampoo
2014-01-19 08:33:29 ----N---- C:\Windows\system32\MpSigStub.exe
2014-01-15 18:38:00 ----D---- C:\Windows\winsxs
2014-01-15 18:35:26 ----D---- C:\Windows\system32\DriverStore
2014-01-15 10:06:13 ----D---- C:\ProgramData\Microsoft Help
2014-01-15 10:05:22 ----D---- C:\Windows\system32\MRT
2014-01-15 10:00:42 ----A---- C:\Windows\system32\MRT.exe
2014-01-15 08:40:11 ----D---- C:\Windows\system32\catroot
2014-01-02 22:08:31 ----D---- C:\Users\Ondra\AppData\Roaming\calibre
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2013-01-27 39008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-09-12 32032]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-31 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-03-02 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-02-12 43680]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2013-01-19 30816]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2013-01-19 4746304]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-19 14658688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-01-31 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-11-10 401456]
R3 vm332avs;Lenovo Camera2; C:\Windows\System32\Drivers\vm332avs.sys [2011-12-15 958800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 ampa;ampa; \??\C:\Windows\system32\ampa.sys [2011-12-26 15288]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-02 211496]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2011-10-24 313960]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S4 RAMDiskVE;RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-02-01 945440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-08 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-08 277784]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-09-12 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-23 2458984]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 116648]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 257928]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-01-27 276248]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-11-11 18360]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-01-27 571816]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2013-09-17 22888]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-19 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vracející se iswizard05
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vracející se iswizard05
Zdravim 
Tohle znate C:\Program Files (x86)\Hesla JB 
Vidim nainstalovany MBAM, delal jste uplny sken? Nasel neco?
Tohle znate C:\Program Files (x86)\Hesla JB Vidim nainstalovany MBAM, delal jste uplny sken? Nasel neco?"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Ano, "C:\Program Files (x86)\Hesla JB" je rozhodně v pořádku, MBAM jsem kontrolu dělal, vždy najde jen iswizard05 a ten se vrací.
jestli to pomůže:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2014.01.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ondra :: KOKOBUK [administrátor]
Ochrana: Zakázána
1.2.2014 16:40:45
MBAM-log-2014-02-01 (16-43-49).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 231917
Uplynulý čas: 2 minut, 51 sekund
Nalezené procesy v paměti: 1
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> 4604 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
(konec)
jestli to pomůže:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2014.01.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ondra :: KOKOBUK [administrátor]
Ochrana: Zakázána
1.2.2014 16:40:45
MBAM-log-2014-02-01 (16-43-49).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 231917
Uplynulý čas: 2 minut, 51 sekund
Nalezené procesy v paměti: 1
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> 4604 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
(konec)
Re: Vracející se iswizard05
Ciste ze zvedavosti, k cemu ten Hesla JB je? Samozrejme pokud to neni tajne 
MBAMem jste delal jen rychlou kontrolu. Udelejte prosim uplnou\kompletni"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Hesla JB = Hesla Jednoty Bratrské , neškodnější program snad už nemůže být.
Úplnou kontrolu udělám, ale bude to asi chvíli trvat, teď jak to je zpomalené...
, neškodnější program snad už nemůže být.Úplnou kontrolu udělám, ale bude to asi chvíli trvat, teď jak to je zpomalené...
Re: Vracející se iswizard05
V pohode, pockam si na uplny MBAM a pak uvidime co dale
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2014.01.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ondra :: KOKOBUK [administrátor]
Ochrana: Zakázána
1.2.2014 16:57:55
MBAM-log-2014-02-01 (18-16-47).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 455592
Uplynulý čas: 1 hodin, 18 minut, 42 sekund
Nalezené procesy v paměti: 1
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> 4604 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
(konec)
www.malwarebytes.org
Verze: v2014.01.30.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ondra :: KOKOBUK [administrátor]
Ochrana: Zakázána
1.2.2014 16:57:55
MBAM-log-2014-02-01 (18-16-47).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 455592
Uplynulý čas: 1 hodin, 18 minut, 42 sekund
Nalezené procesy v paměti: 1
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> 4604 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z (PUP.Optional.Primeminer) -> Nebyla provedena žádná instrukce.
(konec)
Re: Vracející se iswizard05
Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 a uz to pomazem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Ondra (administrator) on KOKOBUK on 02-02-2014 09:05:25
Running from C:\Users\Ondra\Desktop
Windows 7 Professional N Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2013-01-19] (Lenovo)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2013-01-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2013-01-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [XMouseButtonControl] - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] - C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [CAPOSD] - C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GMouse] - "C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE" /hide
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs: prio.dll => File Not Found
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: prio32.dll => File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hesla JB (jednou denně).lnk
ShortcutTarget: Hesla JB (jednou denně).lnk -> C:\Program Files (x86)\Hesla JB\Heslaw.exe ()
==================== Internet (Whitelisted) ====================
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100
FireFox:
========
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default
FF Homepage: hxxp://www.mozilla.cz/zpravicky/category/doplnky/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Pocket - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\isreaditlater@ideashower.com [2013-11-12]
FF Extension: Flashblock - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-01]
FF Extension: FT GraphiteGlow - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2014-01-07]
FF Extension: Customizable Shortcuts - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2013-11-01]
FF Extension: FireGestures - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\firegestures@xuldev.org.xpi [2013-11-01]
FF Extension: Google/Yandex search link fix - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2013-11-01]
FF Extension: InstantFox - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\searchy@searchy.xpi [2013-11-01]
FF Extension: Text Link - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2013-11-23]
FF Extension: Quick Translator - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-11-01]
FF Extension: Fasterfox - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-01]
FF Extension: Tab Mix Plus - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-23]
FF Extension: DownThemAll! - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-12]
FF Extension: Menu Editor - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-11-06]
==================== Services (Whitelisted) =================
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
==================== Drivers (Whitelisted) ====================
S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-02] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-31] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 09:05 - 2014-02-02 09:05 - 00017806 _____ () C:\Users\Ondra\Desktop\FRST.txt
2014-02-02 09:03 - 2014-02-02 09:05 - 00000000 ____D () C:\FRST
2014-02-02 09:01 - 2014-02-01 17:22 - 02080256 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2014-02-02 09:01 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2014-02-01 22:19 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\Ondra\Downloads\Gintama Complete Series
2014-02-01 22:16 - 2014-02-01 22:16 - 00071671 _____ () C:\Users\Ondra\Downloads\Gintama_Complete_Series_Batch_[720p].7186901.TPB.torrent
2014-02-01 14:34 - 2014-02-01 15:00 - 00000000 ____D () C:\Program Files\trend micro
2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\rsit
2014-02-01 14:33 - 2013-01-11 07:31 - 00935175 _____ () C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe
2014-01-30 13:40 - 2014-01-30 13:41 - 00002504 _____ () C:\Users\Ondra\Desktop\Mb's a-malware.lnk
2014-01-30 11:24 - 2014-01-30 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 11:21 - 2012-09-20 02:17 - 01005568 _____ (Microsoft Corporation) C:\Users\Ondra\Downloads\dotNetFx45_Full_setup-30-01-2014.exe
2014-01-30 11:06 - 2013-12-19 18:06 - 29141928 _____ (Oracle Corporation) C:\Users\Ondra\Downloads\jre-7u51-windows-i586-30-01-2014.exe
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 08:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 08:44 - 2014-02-02 08:56 - 00001054 _____ () C:\Windows\setupact.log
2014-01-29 08:44 - 2014-02-01 13:55 - 00017540 _____ () C:\Windows\PFRO.log
2014-01-29 08:44 - 2014-01-29 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-28 16:21 - 2014-01-28 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-01-25 15:19 - 2014-01-25 15:19 - 00000000 _____ () C:\Users\Ondra\Desktop\Yoshihiro Togashi.txt
2014-01-25 15:09 - 2014-01-28 12:11 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle meziverze
2014-01-25 11:22 - 2014-02-01 13:54 - 00000000 ____D () C:\Program Files (x86)\Simpo PDF Creator Pro
2014-01-25 11:22 - 2014-01-25 11:22 - 00001022 _____ () C:\Users\Ondra\Desktop\Simpo PDF Creator Pro.lnk
2014-01-25 11:12 - 2014-01-28 12:11 - 00000000 ____D () C:\Users\Ondra\Documents\PDFs Output
2014-01-25 11:12 - 2011-08-29 15:25 - 04255192 _____ (Two Pilots) C:\Windows\SpcPro_PDFLib.dll
2014-01-25 11:12 - 2010-12-11 15:26 - 00120832 _____ () C:\Windows\PreConvertPro.dll
2014-01-25 11:03 - 2014-01-25 11:04 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Oxy
2014-01-25 10:58 - 2014-01-25 11:32 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Mobogenie
2014-01-25 10:58 - 2014-01-25 11:31 - 00000000 ____D () C:\Users\Ondra\AppData\Local\genienext
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\cache
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\.android
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 _____ () C:\Users\Ondra\daemonprocess.txt
2014-01-25 10:57 - 2014-01-25 11:32 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-25 10:36 - 2014-01-25 10:36 - 00000000 ____D () C:\Users\Ondra\Documents\PDFConverter
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\PDF Architect
2014-01-25 00:32 - 2014-01-28 12:03 - 00000000 ____D () C:\Users\Ondra\Desktop\HxH orig
2014-01-25 00:31 - 2014-01-25 00:48 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle-2.4.3
2014-01-22 21:59 - 2014-01-22 22:51 - 00230342 _____ () C:\Users\Ondra\Documents\Záloha dokumentu Překlad po úpravě - final.wbk
2014-01-21 11:44 - 2014-01-21 11:44 - 02833712 _____ () C:\Users\Ondra\Downloads\Killua run.mp4
2014-01-20 16:28 - 2014-01-20 16:28 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Foxit Reader
2014-01-17 15:22 - 2014-01-31 16:22 - 04330480 _____ () C:\Users\Ondra\Desktop\DRAKS0005.sl2
2014-01-15 23:18 - 2014-01-15 23:18 - 00001089 _____ () C:\Users\Ondra\Downloads\Cheat Engine.lnk
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Users\Ondra\Documents\My Cheat Tables
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CT
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CETrainer
2014-01-15 10:09 - 2014-01-15 10:09 - 00004076 _____ () C:\Windows\System32\Tasks\Modlitební chvilička
2014-01-15 08:41 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:41 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 08:40 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-03 09:47 - 2012-05-26 19:31 - 01572413 _____ () C:\Users\Ondra\Downloads\Bible21-03-01-2014.jar
2014-01-03 09:47 - 2012-05-26 19:30 - 00000398 _____ () C:\Users\Ondra\Downloads\Bible21-03-01-2014.jad
2014-01-03 09:37 - 2011-05-03 18:52 - 04670225 _____ () C:\Users\Ondra\Downloads\Bible-21-03-01-2014.mobi
==================== One Month Modified Files and Folders =======
2014-02-02 09:05 - 2014-02-02 09:05 - 00017806 _____ () C:\Users\Ondra\Desktop\FRST.txt
2014-02-02 09:05 - 2014-02-02 09:03 - 00000000 ____D () C:\FRST
2014-02-02 09:04 - 2009-07-14 05:50 - 00020336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 09:04 - 2009-07-14 05:50 - 00020336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 09:03 - 2013-01-19 12:24 - 01116043 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 08:59 - 2013-09-26 14:51 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 08:57 - 2013-09-26 14:51 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 08:57 - 2013-01-19 13:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-02 08:56 - 2014-01-29 08:44 - 00001054 _____ () C:\Windows\setupact.log
2014-02-02 08:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 23:52 - 2013-10-02 16:22 - 00000000 ____D () C:\Users\Ondra\Documents\Lexicon
2014-02-01 23:52 - 2013-01-27 22:42 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\uTorrent
2014-02-01 23:13 - 2013-01-19 20:08 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 22:22 - 2014-02-01 22:19 - 00000000 ____D () C:\Users\Ondra\Downloads\Gintama Complete Series
2014-02-01 22:16 - 2014-02-01 22:16 - 00071671 _____ () C:\Users\Ondra\Downloads\Gintama_Complete_Series_Batch_[720p].7186901.TPB.torrent
2014-02-01 17:22 - 2014-02-02 09:01 - 02080256 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2014-02-01 15:55 - 2013-01-19 13:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-01 15:00 - 2014-02-01 14:34 - 00000000 ____D () C:\Program Files\trend micro
2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\rsit
2014-02-01 13:55 - 2014-01-29 08:44 - 00017540 _____ () C:\Windows\PFRO.log
2014-02-01 13:55 - 2013-06-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 13:54 - 2014-01-25 11:22 - 00000000 ____D () C:\Program Files (x86)\Simpo PDF Creator Pro
2014-02-01 13:31 - 2011-04-12 10:03 - 09266248 _____ () C:\Windows\system32\perfh005.dat
2014-02-01 13:31 - 2011-04-12 10:03 - 03179412 _____ () C:\Windows\system32\perfc005.dat
2014-02-01 13:31 - 2009-07-14 06:12 - 00006560 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 16:22 - 2014-01-17 15:22 - 04330480 _____ () C:\Users\Ondra\Desktop\DRAKS0005.sl2
2014-01-30 13:41 - 2014-01-30 13:40 - 00002504 _____ () C:\Users\Ondra\Desktop\Mb's a-malware.lnk
2014-01-30 11:25 - 2013-10-18 09:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 11:24 - 2014-01-30 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 11:24 - 2013-06-26 07:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 10:19 - 2013-01-20 23:10 - 00000000 ___RD () C:\Users\Ondra\Instalační soubory
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 00:59 - 2013-11-29 17:23 - 4290903984 _____ () C:\RAMDiskDS.img
2014-01-30 00:45 - 2013-11-29 17:02 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\GameCompanion
2014-01-29 23:49 - 2013-01-19 19:57 - 00007605 _____ () C:\Users\Ondra\AppData\Local\resmon.resmoncfg
2014-01-29 21:33 - 2013-12-01 14:39 - 00000000 ____D () C:\Users\Ondra\Hry zástupci
2014-01-29 20:11 - 2013-02-13 12:56 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Media Player Classic
2014-01-29 08:44 - 2014-01-29 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-28 22:34 - 2013-11-17 19:05 - 00000000 ____D () C:\Windows\Minidump
2014-01-28 16:21 - 2014-01-28 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-01-28 12:11 - 2014-01-25 15:09 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle meziverze
2014-01-28 12:11 - 2014-01-25 11:12 - 00000000 ____D () C:\Users\Ondra\Documents\PDFs Output
2014-01-28 12:03 - 2014-01-25 00:32 - 00000000 ____D () C:\Users\Ondra\Desktop\HxH orig
2014-01-28 10:16 - 2013-11-20 08:25 - 00000000 ____D () C:\Users\Ondra\Desktop\překlad různé věci k tomu
2014-01-28 10:15 - 2013-06-04 18:23 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Foxit Software
2014-01-26 12:29 - 2013-03-03 08:59 - 00000000 ____D () C:\Windows\pss
2014-01-26 12:29 - 2013-01-19 12:36 - 00000000 ___RD () C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 09:58 - 2013-03-05 11:09 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-01-26 09:58 - 2013-01-19 12:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 15:19 - 2014-01-25 15:19 - 00000000 _____ () C:\Users\Ondra\Desktop\Yoshihiro Togashi.txt
2014-01-25 11:32 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Mobogenie
2014-01-25 11:32 - 2014-01-25 10:57 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-25 11:31 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\genienext
2014-01-25 11:22 - 2014-01-25 11:22 - 00001022 _____ () C:\Users\Ondra\Desktop\Simpo PDF Creator Pro.lnk
2014-01-25 11:04 - 2014-01-25 11:03 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Oxy
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\cache
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\.android
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 _____ () C:\Users\Ondra\daemonprocess.txt
2014-01-25 10:58 - 2013-01-19 12:36 - 00000000 ____D () C:\Users\Ondra
2014-01-25 10:36 - 2014-01-25 10:36 - 00000000 ____D () C:\Users\Ondra\Documents\PDFConverter
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\PDF Architect
2014-01-25 00:48 - 2014-01-25 00:31 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle-2.4.3
2014-01-25 00:09 - 2013-12-31 15:08 - 00000000 ____D () C:\Users\Ondra\Downloads\Calibre knihovna
2014-01-24 08:45 - 2013-01-19 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-24 08:45 - 2013-01-19 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 08:45 - 2013-01-19 20:08 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 08:45 - 2013-01-19 17:33 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Adobe
2014-01-23 18:09 - 2013-01-21 18:23 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-22 22:51 - 2014-01-22 21:59 - 00230342 _____ () C:\Users\Ondra\Documents\Záloha dokumentu Překlad po úpravě - final.wbk
2014-01-21 20:51 - 2013-01-28 00:30 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Paint.NET
2014-01-21 11:44 - 2014-01-21 11:44 - 02833712 _____ () C:\Users\Ondra\Downloads\Killua run.mp4
2014-01-21 11:37 - 2013-01-20 17:50 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Windows Live
2014-01-20 16:28 - 2014-01-20 16:28 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Foxit Reader
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 23:18 - 2014-01-15 23:18 - 00001089 _____ () C:\Users\Ondra\Downloads\Cheat Engine.lnk
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Users\Ondra\Documents\My Cheat Tables
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CT
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CETrainer
2014-01-15 18:36 - 2009-07-14 05:50 - 00381616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 11:32 - 2013-12-21 12:04 - 00000000 ____D () C:\Users\Ondra\Downloads\Dějiny českého povstání léta 1618 I-III (Gindely)
2014-01-15 10:09 - 2014-01-15 10:09 - 00004076 _____ () C:\Windows\System32\Tasks\Modlitební chvilička
2014-01-15 10:06 - 2013-01-21 16:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 10:05 - 2013-07-18 09:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 10:00 - 2013-01-19 15:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 09:03 - 2013-01-30 16:13 - 00000000 ___RD () C:\Users\Ondra\Documents\Důležité dokumenty
Files to move or delete:
====================
C:\Users\Ondra\AppData\Roaming\CamLayout.ini
C:\Users\Ondra\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 16:45
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:363.8 GB) (Free:190.68 GB) NTFS
Drive d: () (Fixed) (Total:100.78 GB) (Free:74.06 GB) NTFS
Available physical RAM: 6038.22 MB
Total physical RAM: 8055.38 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Ondra\Desktop" je 575 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server
"C:\Program Files (x86)\Simpo PDF Creator Pro\SpcProSrv.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive
"C:\Users\Ondra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk
C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk
C:\Program%20Files%20(x86)\SANotify\SANotify.jar [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~2\MIF5BA~1\Office12\ONENOTEM.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Ondra (administrator) on KOKOBUK on 02-02-2014 09:05:25
Running from C:\Users\Ondra\Desktop
Windows 7 Professional N Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2013-01-19] (Lenovo)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2013-01-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2013-01-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [XMouseButtonControl] - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] - C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [CAPOSD] - C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GMouse] - "C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE" /hide
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs: prio.dll => File Not Found
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: prio32.dll => File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hesla JB (jednou denně).lnk
ShortcutTarget: Hesla JB (jednou denně).lnk -> C:\Program Files (x86)\Hesla JB\Heslaw.exe ()
==================== Internet (Whitelisted) ====================
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100
FireFox:
========
FF ProfilePath: C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default
FF Homepage: hxxp://www.mozilla.cz/zpravicky/category/doplnky/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Pocket - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\isreaditlater@ideashower.com [2013-11-12]
FF Extension: Flashblock - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-11-01]
FF Extension: FT GraphiteGlow - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2014-01-07]
FF Extension: Customizable Shortcuts - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2013-11-01]
FF Extension: FireGestures - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\firegestures@xuldev.org.xpi [2013-11-01]
FF Extension: Google/Yandex search link fix - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2013-11-01]
FF Extension: InstantFox - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\searchy@searchy.xpi [2013-11-01]
FF Extension: Text Link - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2013-11-23]
FF Extension: Quick Translator - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-11-01]
FF Extension: Fasterfox - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2013-11-12]
FF Extension: Adblock Plus - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-01]
FF Extension: Tab Mix Plus - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-23]
FF Extension: DownThemAll! - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-12]
FF Extension: Menu Editor - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-11-06]
==================== Services (Whitelisted) =================
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
==================== Drivers (Whitelisted) ====================
S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-02] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-31] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S4 RAMDiskVE; System32\Drivers\RAMDiskVE.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-02 09:05 - 2014-02-02 09:05 - 00017806 _____ () C:\Users\Ondra\Desktop\FRST.txt
2014-02-02 09:03 - 2014-02-02 09:05 - 00000000 ____D () C:\FRST
2014-02-02 09:01 - 2014-02-01 17:22 - 02080256 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2014-02-02 09:01 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2014-02-01 22:19 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\Ondra\Downloads\Gintama Complete Series
2014-02-01 22:16 - 2014-02-01 22:16 - 00071671 _____ () C:\Users\Ondra\Downloads\Gintama_Complete_Series_Batch_[720p].7186901.TPB.torrent
2014-02-01 14:34 - 2014-02-01 15:00 - 00000000 ____D () C:\Program Files\trend micro
2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\rsit
2014-02-01 14:33 - 2013-01-11 07:31 - 00935175 _____ () C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe
2014-01-30 13:40 - 2014-01-30 13:41 - 00002504 _____ () C:\Users\Ondra\Desktop\Mb's a-malware.lnk
2014-01-30 11:24 - 2014-01-30 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 11:21 - 2012-09-20 02:17 - 01005568 _____ (Microsoft Corporation) C:\Users\Ondra\Downloads\dotNetFx45_Full_setup-30-01-2014.exe
2014-01-30 11:06 - 2013-12-19 18:06 - 29141928 _____ (Oracle Corporation) C:\Users\Ondra\Downloads\jre-7u51-windows-i586-30-01-2014.exe
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 08:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 08:44 - 2014-02-02 08:56 - 00001054 _____ () C:\Windows\setupact.log
2014-01-29 08:44 - 2014-02-01 13:55 - 00017540 _____ () C:\Windows\PFRO.log
2014-01-29 08:44 - 2014-01-29 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-28 16:21 - 2014-01-28 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-01-25 15:19 - 2014-01-25 15:19 - 00000000 _____ () C:\Users\Ondra\Desktop\Yoshihiro Togashi.txt
2014-01-25 15:09 - 2014-01-28 12:11 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle meziverze
2014-01-25 11:22 - 2014-02-01 13:54 - 00000000 ____D () C:\Program Files (x86)\Simpo PDF Creator Pro
2014-01-25 11:22 - 2014-01-25 11:22 - 00001022 _____ () C:\Users\Ondra\Desktop\Simpo PDF Creator Pro.lnk
2014-01-25 11:12 - 2014-01-28 12:11 - 00000000 ____D () C:\Users\Ondra\Documents\PDFs Output
2014-01-25 11:12 - 2011-08-29 15:25 - 04255192 _____ (Two Pilots) C:\Windows\SpcPro_PDFLib.dll
2014-01-25 11:12 - 2010-12-11 15:26 - 00120832 _____ () C:\Windows\PreConvertPro.dll
2014-01-25 11:03 - 2014-01-25 11:04 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Oxy
2014-01-25 10:58 - 2014-01-25 11:32 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Mobogenie
2014-01-25 10:58 - 2014-01-25 11:31 - 00000000 ____D () C:\Users\Ondra\AppData\Local\genienext
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\cache
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\.android
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 _____ () C:\Users\Ondra\daemonprocess.txt
2014-01-25 10:57 - 2014-01-25 11:32 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-25 10:36 - 2014-01-25 10:36 - 00000000 ____D () C:\Users\Ondra\Documents\PDFConverter
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\PDF Architect
2014-01-25 00:32 - 2014-01-28 12:03 - 00000000 ____D () C:\Users\Ondra\Desktop\HxH orig
2014-01-25 00:31 - 2014-01-25 00:48 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle-2.4.3
2014-01-22 21:59 - 2014-01-22 22:51 - 00230342 _____ () C:\Users\Ondra\Documents\Záloha dokumentu Překlad po úpravě - final.wbk
2014-01-21 11:44 - 2014-01-21 11:44 - 02833712 _____ () C:\Users\Ondra\Downloads\Killua run.mp4
2014-01-20 16:28 - 2014-01-20 16:28 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Foxit Reader
2014-01-17 15:22 - 2014-01-31 16:22 - 04330480 _____ () C:\Users\Ondra\Desktop\DRAKS0005.sl2
2014-01-15 23:18 - 2014-01-15 23:18 - 00001089 _____ () C:\Users\Ondra\Downloads\Cheat Engine.lnk
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Users\Ondra\Documents\My Cheat Tables
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CT
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CETrainer
2014-01-15 10:09 - 2014-01-15 10:09 - 00004076 _____ () C:\Windows\System32\Tasks\Modlitební chvilička
2014-01-15 08:41 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:41 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 08:41 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 08:40 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-03 09:47 - 2012-05-26 19:31 - 01572413 _____ () C:\Users\Ondra\Downloads\Bible21-03-01-2014.jar
2014-01-03 09:47 - 2012-05-26 19:30 - 00000398 _____ () C:\Users\Ondra\Downloads\Bible21-03-01-2014.jad
2014-01-03 09:37 - 2011-05-03 18:52 - 04670225 _____ () C:\Users\Ondra\Downloads\Bible-21-03-01-2014.mobi
==================== One Month Modified Files and Folders =======
2014-02-02 09:05 - 2014-02-02 09:05 - 00017806 _____ () C:\Users\Ondra\Desktop\FRST.txt
2014-02-02 09:05 - 2014-02-02 09:03 - 00000000 ____D () C:\FRST
2014-02-02 09:04 - 2009-07-14 05:50 - 00020336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 09:04 - 2009-07-14 05:50 - 00020336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 09:03 - 2013-01-19 12:24 - 01116043 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 08:59 - 2013-09-26 14:51 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 08:57 - 2013-09-26 14:51 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 08:57 - 2013-01-19 13:02 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-02-02 08:56 - 2014-01-29 08:44 - 00001054 _____ () C:\Windows\setupact.log
2014-02-02 08:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 23:52 - 2013-10-02 16:22 - 00000000 ____D () C:\Users\Ondra\Documents\Lexicon
2014-02-01 23:52 - 2013-01-27 22:42 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\uTorrent
2014-02-01 23:13 - 2013-01-19 20:08 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 22:22 - 2014-02-01 22:19 - 00000000 ____D () C:\Users\Ondra\Downloads\Gintama Complete Series
2014-02-01 22:16 - 2014-02-01 22:16 - 00071671 _____ () C:\Users\Ondra\Downloads\Gintama_Complete_Series_Batch_[720p].7186901.TPB.torrent
2014-02-01 17:22 - 2014-02-02 09:01 - 02080256 _____ (Farbar) C:\Users\Ondra\Desktop\FRST64.exe
2014-02-01 15:55 - 2013-01-19 13:02 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-02-01 15:00 - 2014-02-01 14:34 - 00000000 ____D () C:\Program Files\trend micro
2014-02-01 14:34 - 2014-02-01 14:34 - 00000000 ____D () C:\rsit
2014-02-01 13:55 - 2014-01-29 08:44 - 00017540 _____ () C:\Windows\PFRO.log
2014-02-01 13:55 - 2013-06-27 23:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 13:54 - 2014-01-25 11:22 - 00000000 ____D () C:\Program Files (x86)\Simpo PDF Creator Pro
2014-02-01 13:31 - 2011-04-12 10:03 - 09266248 _____ () C:\Windows\system32\perfh005.dat
2014-02-01 13:31 - 2011-04-12 10:03 - 03179412 _____ () C:\Windows\system32\perfc005.dat
2014-02-01 13:31 - 2009-07-14 06:12 - 00006560 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-31 16:22 - 2014-01-17 15:22 - 04330480 _____ () C:\Users\Ondra\Desktop\DRAKS0005.sl2
2014-01-30 13:41 - 2014-01-30 13:40 - 00002504 _____ () C:\Users\Ondra\Desktop\Mb's a-malware.lnk
2014-01-30 11:25 - 2013-10-18 09:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-30 11:24 - 2014-01-30 11:24 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-30 11:24 - 2014-01-30 11:24 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-30 11:24 - 2013-06-26 07:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-30 10:19 - 2013-01-20 23:10 - 00000000 ___RD () C:\Users\Ondra\Instalační soubory
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-30 08:49 - 2014-01-30 08:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 00:59 - 2013-11-29 17:23 - 4290903984 _____ () C:\RAMDiskDS.img
2014-01-30 00:45 - 2013-11-29 17:02 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\GameCompanion
2014-01-29 23:49 - 2013-01-19 19:57 - 00007605 _____ () C:\Users\Ondra\AppData\Local\resmon.resmoncfg
2014-01-29 21:33 - 2013-12-01 14:39 - 00000000 ____D () C:\Users\Ondra\Hry zástupci
2014-01-29 20:11 - 2013-02-13 12:56 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Media Player Classic
2014-01-29 08:44 - 2014-01-29 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-28 22:34 - 2013-11-17 19:05 - 00000000 ____D () C:\Windows\Minidump
2014-01-28 16:21 - 2014-01-28 16:21 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-01-28 12:11 - 2014-01-25 15:09 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle meziverze
2014-01-28 12:11 - 2014-01-25 11:12 - 00000000 ____D () C:\Users\Ondra\Documents\PDFs Output
2014-01-28 12:03 - 2014-01-25 00:32 - 00000000 ____D () C:\Users\Ondra\Desktop\HxH orig
2014-01-28 10:16 - 2013-11-20 08:25 - 00000000 ____D () C:\Users\Ondra\Desktop\překlad různé věci k tomu
2014-01-28 10:15 - 2013-06-04 18:23 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Foxit Software
2014-01-26 12:29 - 2013-03-03 08:59 - 00000000 ____D () C:\Windows\pss
2014-01-26 12:29 - 2013-01-19 12:36 - 00000000 ___RD () C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 09:58 - 2013-03-05 11:09 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2014-01-26 09:58 - 2013-01-19 12:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-25 15:19 - 2014-01-25 15:19 - 00000000 _____ () C:\Users\Ondra\Desktop\Yoshihiro Togashi.txt
2014-01-25 11:32 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Mobogenie
2014-01-25 11:32 - 2014-01-25 10:57 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-01-25 11:31 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\genienext
2014-01-25 11:22 - 2014-01-25 11:22 - 00001022 _____ () C:\Users\Ondra\Desktop\Simpo PDF Creator Pro.lnk
2014-01-25 11:04 - 2014-01-25 11:03 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\Oxy
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\AppData\Local\cache
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 ____D () C:\Users\Ondra\.android
2014-01-25 10:58 - 2014-01-25 10:58 - 00000000 _____ () C:\Users\Ondra\daemonprocess.txt
2014-01-25 10:58 - 2013-01-19 12:36 - 00000000 ____D () C:\Users\Ondra
2014-01-25 10:36 - 2014-01-25 10:36 - 00000000 ____D () C:\Users\Ondra\Documents\PDFConverter
2014-01-25 10:24 - 2014-01-25 10:24 - 00000000 ____D () C:\Users\Ondra\AppData\Roaming\PDF Architect
2014-01-25 00:48 - 2014-01-25 00:31 - 00000000 ____D () C:\Users\Ondra\Desktop\Mangle-2.4.3
2014-01-25 00:09 - 2013-12-31 15:08 - 00000000 ____D () C:\Users\Ondra\Downloads\Calibre knihovna
2014-01-24 08:45 - 2013-01-19 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-24 08:45 - 2013-01-19 20:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-24 08:45 - 2013-01-19 20:08 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-24 08:45 - 2013-01-19 17:33 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Adobe
2014-01-23 18:09 - 2013-01-21 18:23 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-22 22:51 - 2014-01-22 21:59 - 00230342 _____ () C:\Users\Ondra\Documents\Záloha dokumentu Překlad po úpravě - final.wbk
2014-01-21 20:51 - 2013-01-28 00:30 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Paint.NET
2014-01-21 11:44 - 2014-01-21 11:44 - 02833712 _____ () C:\Users\Ondra\Downloads\Killua run.mp4
2014-01-21 11:37 - 2013-01-20 17:50 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Windows Live
2014-01-20 16:28 - 2014-01-20 16:28 - 00000000 ____D () C:\Users\Ondra\AppData\Local\Foxit Reader
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-15 23:18 - 2014-01-15 23:18 - 00001089 _____ () C:\Users\Ondra\Downloads\Cheat Engine.lnk
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Users\Ondra\Documents\My Cheat Tables
2014-01-15 23:18 - 2014-01-15 23:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CT
2014-01-15 23:12 - 2014-01-15 23:12 - 00455686 _____ () C:\Users\Ondra\Downloads\DATA-15-01-2014.CETrainer
2014-01-15 18:36 - 2009-07-14 05:50 - 00381616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 11:32 - 2013-12-21 12:04 - 00000000 ____D () C:\Users\Ondra\Downloads\Dějiny českého povstání léta 1618 I-III (Gindely)
2014-01-15 10:09 - 2014-01-15 10:09 - 00004076 _____ () C:\Windows\System32\Tasks\Modlitební chvilička
2014-01-15 10:06 - 2013-01-21 16:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 10:05 - 2013-07-18 09:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 10:00 - 2013-01-19 15:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 09:03 - 2013-01-30 16:13 - 00000000 ___RD () C:\Users\Ondra\Documents\Důležité dokumenty
Files to move or delete:
====================
C:\Users\Ondra\AppData\Roaming\CamLayout.ini
C:\Users\Ondra\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 16:45
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:363.8 GB) (Free:190.68 GB) NTFS
Drive d: () (Fixed) (Total:100.78 GB) (Free:74.06 GB) NTFS
Available physical RAM: 6038.22 MB
Total physical RAM: 8055.38 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=101 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Ondra\Desktop" je 575 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server
"C:\Program Files (x86)\Simpo PDF Creator Pro\SpcProSrv.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive
"C:\Users\Ondra\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk
C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk
C:\PROGRA~2\COMMON~1\LINGEA~1\luc.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk
C:\Program%20Files%20(x86)\SANotify\SANotify.jar [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~2\MIF5BA~1\Office12\ONENOTEM.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (28 KiB) Staženo 30 x
Re: Vracející se iswizard05
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 AppInit_DLLs: prio.dll => File Not Found AppInit_DLLs-x32: prio32.dll => File Not Found FF Extension: Google/Yandex search link fix - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2013-11-01] 2014-02-02 09:01 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe 2014-02-01 14:33 - 2013-01-11 07:31 - 00935175 _____ () C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe C:\Users\Ondra\AppData\Roaming\CamLayout.ini C:\Users\Ondra\AppData\Roaming\CamShapes.ini C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll C:\Users\Ondra\AppData\Local\Temp\mdi064.dll C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll C:\Users\Ondra\AppData\Local\Temp\iswizard05 Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk" /f Hosts: CMD: shutdown /r /f /t 2 End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Je moc brzo soudit jestli to vyřešilo to zpomalení, každopádně nb hned po restartu hučí o dost míň a myš se zdá zatím ok.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Ondra at 2014-02-02 16:07:53 Run:1
Running from C:\Users\Ondra\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: prio.dll => File Not Found
AppInit_DLLs-x32: prio32.dll => File Not Found
FF Extension: Google/Yandex search link fix - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2013-11-01]
2014-02-02 09:01 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2014-02-01 14:33 - 2013-01-11 07:31 - 00935175 _____ () C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe
C:\Users\Ondra\AppData\Roaming\CamLayout.ini
C:\Users\Ondra\AppData\Roaming\CamShapes.ini
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll
C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll
C:\Users\Ondra\AppData\Local\Temp\iswizard05
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tsiVideo => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
"prio.dll" => Value Data removed successfully.
"prio32.dll" => Value Data removed successfully.
C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi => Moved successfully.
C:\Users\Ondra\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe => Moved successfully.
C:\Users\Ondra\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Ondra\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll => Moved successfully.
"C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll" => File/Directory not found.
"C:\Users\Ondra\AppData\Local\Temp\iswizard05" directory move:
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z => Moved successfully.
Could not move "C:\Users\Ondra\AppData\Local\Temp\iswizard05" directory. => Scheduled to move on reboot.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => Moved successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-02 16:09:15)<=
C:\Users\Ondra\AppData\Local\Temp\iswizard05 => Is moved successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Ondra at 2014-02-02 16:07:53 Run:1
Running from C:\Users\Ondra\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: prio.dll => File Not Found
AppInit_DLLs-x32: prio32.dll => File Not Found
FF Extension: Google/Yandex search link fix - C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2013-11-01]
2014-02-02 09:01 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Ondra\Desktop\FRSTLauncher.exe
2014-02-01 14:33 - 2013-01-11 07:31 - 00935175 _____ () C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe
C:\Users\Ondra\AppData\Roaming\CamLayout.ini
C:\Users\Ondra\AppData\Roaming\CamShapes.ini
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll
C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll
C:\Users\Ondra\AppData\Local\Temp\iswizard05
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tsiVideo => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully.
HKU\S-1-5-21-3323841661-1481063226-1255461800-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully.
"prio.dll" => Value Data removed successfully.
"prio32.dll" => Value Data removed successfully.
C:\Users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\u7f6jxxy.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi => Moved successfully.
C:\Users\Ondra\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Ondra\Downloads\RSITx64-01-02-2014.exe => Moved successfully.
C:\Users\Ondra\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Ondra\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\mdi064.dll => Moved successfully.
"C:\Users\Ondra\AppData\Local\Temp\\mdi064.dll" => File/Directory not found.
"C:\Users\Ondra\AppData\Local\Temp\iswizard05" directory move:
C:\Users\Ondra\AppData\Local\Temp\iswizard05\dwm.exe => Moved successfully.
C:\Users\Ondra\AppData\Local\Temp\iswizard05\iswizard.7z => Moved successfully.
Could not move "C:\Users\Ondra\AppData\Local\Temp\iswizard05" directory. => Scheduled to move on reboot.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => Moved successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simpo PDF Creator Pro Server" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lingea Update Center.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SA Notify.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-02 16:09:15)<=
C:\Users\Ondra\AppData\Local\Temp\iswizard05 => Is moved successfully.
==== End of Fixlog ====
Re: Vracející se iswizard05
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vracející se iswizard05
Díky moc, jsem vám závázán mistře 
Re: Vracející se iswizard05
Zase nekdy 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?