Presmerovavanie na rôzne surveye a pod Vyřešeno

[BananekSK]

Tu je log z JRT :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by patrik on po 30. 03. 2015 at 19:06:31,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644194415}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644514423}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194415}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644514423}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644514423}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611191115}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611511123}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194415}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644514423}



~~~ Files

Successfully deleted: [File] "C:\Users\patrik\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\patrik\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\DeiaLExpress



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 30. 03. 2015 at 19:10:12,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Reklama]

[BananekSK]

Tu je z RougeKilleru a u tamtého mbam mi neukázalo žiadne upozornenie nič ... : RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : patrik [Administrator]
Started from : C:\Users\patrik\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 03/30/2015 19:45:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] worms 4 mayhem game.lnk -- C:\Users\patrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\worms 4 mayhem game.lnk [LNK@] C:\PROGRA~3\{B1DBF~1\WORMS4~1.EXE --startup=1 -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] eb6d957a491024f306fc52f47f1eaf3d
[BSP] e9207618de6f72905958579b7eb9e49a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 249899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512000000 | Size: 226939 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[BananekSK]

Tak správa z RougKilleru : RogueKiller V10.5.8.0 (x64) [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : patrik [Administrator]
Started from : C:\Users\patrik\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 03/31/2015 14:39:02

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] eb6d957a491024f306fc52f47f1eaf3d
[BSP] e9207618de6f72905958579b7eb9e49a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 249899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512000000 | Size: 226939 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_03312015_142338.log - RKreport_DEL_03312015_142902.log - RKreport_DEL_03312015_142912.log - RKreport_SCN_03302015_194504.log
RKreport_SCN_03312015_142325.log - RKreport_SCN_03312015_142735.log - RKreport_SCN_03312015_143445.log - RKreport_SCN_03312015_143806.log

[BananekSK]

A tu je z Zoeku :
Zoek.exe v5.0.0.0 Updated 29-March-2015
Tool run by patrik on ut 31. 03. 2015 at 14:41:11,97.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\patrik\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31. 3. 2015 14:41:50 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\InstallShield deleted successfully
C:\Users\patrik\AppData\Local\.# deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{011af536-4f62-4142-84f0-c8dae1a8bb94} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{017f309d-3b6e-44a1-b0a8-5faa4882c048} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13CD5099-21B3-4557-8968-FE4BEE16337F} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{189F00E6-85C5-4710-8526-CA4028C0155A} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19AD30CF-7D44-47E9-AD3B-B451CB6C31FA} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B073292-A431-4B33-AEEC-D7FBF5E61D0} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{276E0F81-63FD-4C5B-BE40-1AFC4854136F} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35A9CF4F-6C1C-49A0-87A5-6254D2B295E6} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41209d71-fa40-41ee-8d2e-9bc2211a1a7c} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41705624-D46B-420E-AE3A-CECB383DA8} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{447F2F3-9E18-4B9C-AF83-8BA43DE7DD96} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46A8651B-4A9D-4730-8BD7-F4FDA8841AA8} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FD75093-268C-4ACB-87D2-DFE87EBD10D1} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{518BA18E-FFD8-41FC-B02F-82536C631330} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5754ED99-86D2-4A8C-8815-DB8DD8D86842} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E9DA82F-22C-4B83-B41A-DCF119FE23A} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67fb1d49-5696-48ab-ab18-43ab460dc9a6} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BA45382-7A56-4C32-979A-4A4E11C22BB1} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DE0C019-50C7-4C7C-888C-BB433F3F3D53} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7657996-2E64-4FC5-9EE1-168E98E9FD9E} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b02f775-c650-4e86-ae86-8cfbc304deea} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9417E601-1084-43B1-A1CF-8F134982AC36} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9497AD74-222F-455A-8214-6A64278BA033} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{966D5B5C-6DD4-4364-8CB7-43D4EB877CA} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96C8887E-BCAC-4593-8D6A-F67D560B7C3} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99248B8E-21A3-41DC-9BD-B162479043C4} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF2ABD1-5660-4839-A543-95B92AD1AF73} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2A99F71-7AC-4B25-BE69-B297B45AB2D} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2B0DE93-3515-4821-A7CC-9AAB7FCE9F3B} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9A7D99-CBB5-43A7-BC8C-B67CEC1AE7F6} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4950D8A-EC67-425B-B1A6-94DA947080ED} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD41A0BA-F331-42CE-8069-ACDC195F5D3} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c16452ec-6703-4da5-85ca-543655c19b2d} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3839932-FE99-44E8-94C3-AF5839B6A6F3} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d24e8eae-49a8-4b6b-9311-8f2be70a7591} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA41DB27-B0F0-4CA5-A06-1AEC41CA125E} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2191811-231E-460C-AAE3-4968D585F72} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F611D838-C723-419E-83A-9419673B8435} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9a375b8-2e9e-4bfd-8ba6-ac4a8efc794d} deleted successfully
HKEY_USERS\S-1-5-21-1819284140-3831816572-1499321633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC76D255-BCE4-4F68-A2DF-BC668F89A4C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{011af536-4f62-4142-84f0-c8dae1a8bb94} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{017f309d-3b6e-44a1-b0a8-5faa4882c048} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41209d71-fa40-41ee-8d2e-9bc2211a1a7c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67fb1d49-5696-48ab-ab18-43ab460dc9a6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8b02f775-c650-4e86-ae86-8cfbc304deea} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c16452ec-6703-4da5-85ca-543655c19b2d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d24e8eae-49a8-4b6b-9311-8f2be70a7591} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9a375b8-2e9e-4bfd-8ba6-ac4a8efc794d} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\copunikk deleted
C:\PROGRA~2\49b819f2-0025-4d11-9056-990abe883fe0 deleted
C:\PROGRA~2\ab330b76-4930-4f03-8af3-514be6bb433c deleted
C:\PROGRA~2\SystemRequirementsLab deleted
C:\PROGRA~2\Blank Canvas Signatures for Gmail deleted
C:\PROGRA~2\Facebook voice input deleted
C:\PROGRA~2\Image Viewer deleted
C:\PROGRA~2\Lego Super Heroes deleted
C:\PROGRA~2\Mail Control deleted
C:\PROGRA~2\Markdown Preview deleted
C:\PROGRA~2\Sticky Notes Just popped up deleted
C:\PROGRA~3\jiafdmiaegapnnkflljcolklnfpanjli deleted
C:\PROGRA~3\kipllpmkpbgndkafpbliaoiekmdioflm deleted
C:\Program Files (x86)\Atheros\ab330b76-4930-4f03-8af3-514be6bb433c.dll deleted
C:\PROGRA~3\{b1dbff56-2d0d-8e29-b1db-bff562d0fd58} deleted
C:\PROGRA~3\10305811743725129283 deleted
C:\install.exe deleted
C:\Users\patrik\AppData\Roaming\appdataFr3.bin deleted
C:\PROGRA~3\EnjOyCCoupon deleted
C:\PROGRA~3\TakeTheCouppon deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\patrik\AppData\Local\Installer deleted
C:\Users\patrik\AppData\Local\CrashRpt deleted
C:\Users\Public\Documents\GOOBZO deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Public\Documents\YTAHelper deleted
C:\windows\SysNative\tasks\UNELEVATE_1657 deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\patrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\patrik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=73 folders=43 19417723 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\patrik\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\patrik\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ut 31. 03. 2015 at 15:11:21,73 ======================

[BananekSK]

A tu je z HJT-čka log : Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:04, on 31. 3. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\patrik\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncdyyaahSrv] C:\Windows\system32\mncdyyaah.vbe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: LINKMAGIC.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Survarium Update Service - Unknown owner - C:\Program Files (x86)\Survarium\game\binaries\x86\survarium_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8813 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncdyyaahSrv] C:\Windows\system32\mncdyyaah.vbe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

najdi a smaž tyto soubory:
C:\Windows\system32\mncdyyaah.vbe
C:\Windows\inf\msstp.vbe


co rpoblémy?:

[BananekSK]

Idem to fixovať... problémy neboli zatiaľ žiadne
----
Upravujem... Problémy nastali ... tie súbory čo mám vymazať niesu vidieť ani potom čo som zaškrtal a odškrtal tie políčka ....

[Orcus]

OK, smažem přes Combofix.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[BananekSK]

Pardon bol som v praveku u babky ktorá nemá internet :) tak tu je ten log : ComboFix 15-04-01.01 - patrik . 04. 2015 21:07:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8044.6317 [GMT 2:00]
Running from: c:\users\patrik\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2015-03-02 to 2015-04-02 )))))))))))))))))))))))))))))))
.
.
2015-04-02 19:12 . 2015-04-02 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-02 16:30 . 2015-04-02 16:30 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0DF202E-35E0-4F78-8579-952CF0DF673B}\offreg.dll
2015-04-01 16:34 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0DF202E-35E0-4F78-8579-952CF0DF673B}\mpengine.dll
2015-03-31 13:12 . 2015-03-31 13:16 20 ----a-w- c:\users\patrik\AppData\Roaming\appdataFr3.bin
2015-03-31 12:57 . 2015-03-31 12:41 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-31 12:57 . 2015-04-02 19:12 -------- d-----w- c:\users\patrik\AppData\Local\Temp
2015-03-31 12:41 . 2015-03-31 12:55 -------- d-----w- C:\zoek_backup
2015-03-31 10:53 . 2015-03-25 18:30 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9575A5A4-72A5-4562-95D4-AA50FE5BADD1}\gapaengine.dll
2015-03-31 10:52 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-30 17:34 . 2015-03-31 12:35 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-30 17:33 . 2015-03-30 17:48 -------- d-----w- c:\programdata\RogueKiller
2015-03-30 17:33 . 2015-03-30 17:33 136408 ----a-w- c:\windows\system32\drivers\6E2B63D2.sys
2015-03-30 17:14 . 2015-03-30 17:14 136408 ----a-w- c:\windows\system32\drivers\00625516.sys
2015-03-30 17:11 . 2015-04-02 16:31 790030 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2015-03-30 13:38 . 2015-03-30 17:02 -------- d-----w- C:\AdwCleaner
2015-03-30 13:18 . 2015-03-30 13:18 136408 ---ha-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 13:17 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-30 13:17 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-30 13:17 . 2015-03-30 17:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-30 13:17 . 2015-03-30 13:17 -------- d-----w- c:\programdata\Malwarebytes
2015-03-30 13:17 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-29 19:25 . 2015-03-29 19:25 -------- d-----w- c:\users\patrik\AppData\Local\Norman Malware Cleaner
2015-03-29 08:24 . 2015-03-29 08:24 -------- d-----w- C:\8ffabf65cb45e67421a54d7034f975a5
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieUserList
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieSiteList
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieBrowserModeList
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\Colossal Order
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\.mono
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Local\Colossal Order
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\programdata\.mono
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\Steam
2015-03-22 15:51 . 2013-10-14 17:00 28368 ---ha-w- c:\windows\system32\IEUDINIT.EXE
2015-03-22 15:39 . 2015-03-22 15:39 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-03-22 15:39 . 2015-03-22 15:39 859648 ----a-w- c:\windows\system32\tdh.dll
2015-03-22 15:39 . 2015-03-22 15:39 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-03-22 15:39 . 2015-03-22 15:39 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-03-22 15:39 . 2015-03-22 15:39 1732032 ----a-w- c:\windows\system32\ntdll.dll
2015-03-22 15:39 . 2015-03-22 15:39 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-22 15:38 . 2015-03-22 15:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-03-22 15:38 . 2015-03-22 15:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-03-22 15:27 . 2015-03-22 15:27 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-03-22 15:27 . 2015-03-22 15:27 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-03-22 14:32 . 2015-03-22 14:40 -------- d--h--w- c:\windows\system32\MRT
2015-03-22 14:20 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-22 14:20 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-03-22 14:20 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-03-22 14:20 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-03-22 14:18 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2015-03-22 14:18 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-03-22 14:18 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-22 14:18 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-22 14:18 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-03-22 14:18 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-03-22 14:18 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-22 14:18 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-03-22 14:18 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-03-22 14:18 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2015-03-22 14:18 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-03-07 09:57 . 2015-03-07 09:57 -------- d-----w- c:\users\patrik\AppData\Roaming\SFBot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 18:30 . 2014-11-02 05:46 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-16 15:20 . 2015-02-23 06:21 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-02-05 21:01 . 2015-02-21 11:07 1756424 ---ha-w- c:\windows\system32\nvspbridge64.dll
2015-02-05 21:01 . 2015-02-21 11:07 1514528 ---ha-w- c:\windows\system32\nvspcap64.dll
2015-02-05 21:01 . 2015-02-21 11:07 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-02-05 21:01 . 2015-02-21 11:07 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-02-05 21:01 . 2015-02-21 11:06 74056 ---ha-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2015-02-21 11:06 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2015-02-21 11:01 38032 ---ha-w- c:\windows\system32\drivers\nvvad64v.sys
2015-02-05 21:01 . 2015-02-21 11:00 995248 ---ha-w- c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-21 11:00 969872 ---ha-w- c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-21 11:00 943760 ---ha-w- c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-21 11:00 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-21 11:00 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-21 11:00 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-21 11:00 3610768 ---ha-w- c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-21 11:00 35472 ---ha-w- c:\windows\system32\nvaudcap64v.dll
2015-02-05 21:01 . 2015-02-21 11:00 353224 ---ha-w- c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-21 11:00 3299512 ---ha-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2015-02-21 11:00 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-21 11:00 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-02-05 21:01 . 2015-02-21 11:00 32106640 ---ha-w- c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-21 11:00 31376 ---ha-w- c:\windows\system32\drivers\nvpciflt.sys
2015-02-05 21:01 . 2015-02-21 11:00 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-21 11:00 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2015-02-21 11:00 25460880 ---ha-w- c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-21 11:00 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-21 11:00 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-21 11:00 1895240 ---ha-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-21 11:00 18575880 ---ha-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2015-02-21 11:00 177624 ---ha-w- c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-21 11:00 17253848 ---ha-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2015-02-21 11:00 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-21 11:00 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2015-02-21 11:00 1557648 ---ha-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-21 11:00 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2015-02-21 11:00 13294528 ---ha-w- c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-21 11:00 13208200 ---ha-w- c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-21 11:00 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-21 11:00 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-02-21 11:00 10284872 ---ha-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 19:07 . 2015-02-21 11:06 6861128 ---ha-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2015-02-21 11:06 3517584 ---ha-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2015-02-21 11:06 935056 ---ha-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2015-02-21 11:06 62792 ---ha-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2015-02-21 11:06 2558792 ---ha-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2015-02-21 11:06 74896 ---ha-w- c:\windows\system32\nv3dappshextr.dll
2015-02-05 19:06 . 2015-02-21 11:06 385168 ---ha-w- c:\windows\system32\nvmctray.dll
2015-02-05 19:06 . 2015-02-21 11:06 1098384 ---ha-w- c:\windows\system32\nv3dappshext.dll
2015-02-05 12:50 . 2015-02-21 11:06 4236870 ---ha-w- c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mncdyyaahSrv"="c:\windows\system32\mncdyyaah.vbe" [2014-03-05 7670]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-02-17 3978600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LINKMAGIC.lnk - c:\program files (x86)\LINKMAGIC\LINKMAGIC.EXE [2014-10-9 1757696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Survarium Update Service;Survarium Update Service;c:\program files (x86)\Survarium\game\binaries\x86\survarium_service.exe Survarium;c:\program files (x86)\Survarium\game\binaries\x86\survarium_service.exe Survarium [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 08:39 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-09 06:54]
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-09 06:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-05 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-02-05 1514528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-MSStp - c:\windows\inf\msstp.vbe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-02 21:14:42
ComboFix-quarantined-files.txt 2015-04-02 19:14
.
Pre-Run: 160 397 508 608 bytes free
Post-Run: 160 015 441 920 bytes free
.
- - End Of File - - B64D6553DFEB48846CD4067990291EB2
-----------------------
Problémy nenastali žiadne akorát mi akosi blbne ping ( ms ) neviem ale možno to môže byť aj nejakým tým vírusom čo mi tu robí tú šarapatu v browseru... Providera som kontaktoval a u neho to je všetko okay prišiel aj mi skontroloval rooter ... všetko beží takže ďalej to nechám na Vás

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\patrik\AppData\Roaming\appdataFr3.bin
c:\windows\system32\drivers\6E2B63D2.sys
c:\windows\system32\drivers\00625516.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\system32\mncdyyaah.vbe
C:\Windows\inf\msstp.vbe

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[BananekSK]

Tu je ten prvý log z tými scriptami : ComboFix 15-04-01.01 - patrik . 04. 2015 10:53:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8044.6398 [GMT 2:00]
Running from: c:\users\patrik\Downloads\ComboFix.exe
Command switches used :: c:\users\patrik\Desktop\CFScript.thx
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\patrik\AppData\Roaming\appdataFr3.bin"
"c:\windows\inf\msstp.vbe"
"c:\windows\system32\drivers\00625516.sys"
"c:\windows\system32\drivers\6E2B63D2.sys"
"c:\windows\system32\mncdyyaah.vbe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.25.11\goopdate.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.25.11\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.25.11\psmachine.dll
c:\program files (x86)\Google\Update\1.3.25.11\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.25.11\psuser.dll
c:\program files (x86)\Google\Update\1.3.25.11\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.95\39.0.2171.95_39.0.2171.71_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\patrik\AppData\Roaming\appdataFr3.bin
c:\windows\system32\drivers\00625516.sys
c:\windows\system32\drivers\6E2B63D2.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2015-03-03 to 2015-04-03 )))))))))))))))))))))))))))))))
.
.
2015-04-03 09:03 . 2015-04-03 09:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-03 09:03 . 2015-04-03 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-03 06:51 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F9DEA1C-5A16-4200-8CEB-EE4F28C4AF52}\mpengine.dll
2015-04-01 16:34 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-31 12:57 . 2015-03-31 12:41 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-31 12:57 . 2015-04-03 09:05 -------- d-----w- c:\users\patrik\AppData\Local\Temp
2015-03-31 12:41 . 2015-03-31 12:55 -------- d-----w- C:\zoek_backup
2015-03-31 10:53 . 2015-03-25 18:30 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9575A5A4-72A5-4562-95D4-AA50FE5BADD1}\gapaengine.dll
2015-03-30 17:34 . 2015-03-31 12:35 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-30 17:33 . 2015-03-30 17:48 -------- d-----w- c:\programdata\RogueKiller
2015-03-30 17:11 . 2015-04-03 06:56 790030 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2015-03-30 13:38 . 2015-03-30 17:02 -------- d-----w- C:\AdwCleaner
2015-03-30 13:18 . 2015-03-30 13:18 136408 ---ha-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-30 13:17 . 2015-03-17 04:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-30 13:17 . 2015-03-17 04:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-30 13:17 . 2015-03-30 17:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-30 13:17 . 2015-03-30 13:17 -------- d-----w- c:\programdata\Malwarebytes
2015-03-30 13:17 . 2015-03-17 04:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-29 19:25 . 2015-03-29 19:25 -------- d-----w- c:\users\patrik\AppData\Local\Norman Malware Cleaner
2015-03-29 08:24 . 2015-03-29 08:24 -------- d-----w- C:\8ffabf65cb45e67421a54d7034f975a5
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieUserList
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieSiteList
2015-03-26 11:31 . 2015-03-26 11:31 -------- d-sh--w- c:\users\patrik\AppData\Local\EmieBrowserModeList
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\Colossal Order
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\.mono
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Local\Colossal Order
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\programdata\.mono
2015-03-23 17:02 . 2015-03-23 17:02 -------- d-----w- c:\users\patrik\AppData\Roaming\Steam
2015-03-22 15:51 . 2013-10-14 17:00 28368 ---ha-w- c:\windows\system32\IEUDINIT.EXE
2015-03-22 15:39 . 2015-03-22 15:39 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-03-22 15:39 . 2015-03-22 15:39 859648 ----a-w- c:\windows\system32\tdh.dll
2015-03-22 15:39 . 2015-03-22 15:39 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-03-22 15:39 . 2015-03-22 15:39 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-03-22 15:39 . 2015-03-22 15:39 1732032 ----a-w- c:\windows\system32\ntdll.dll
2015-03-22 15:39 . 2015-03-22 15:39 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-22 15:38 . 2015-03-22 15:38 327168 ----a-w- c:\windows\system32\mswsock.dll
2015-03-22 15:38 . 2015-03-22 15:38 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2015-03-22 15:27 . 2015-03-22 15:27 1887232 ----a-w- c:\windows\system32\d3d11.dll
2015-03-22 15:27 . 2015-03-22 15:27 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2015-03-22 14:32 . 2015-03-22 14:40 -------- d--h--w- c:\windows\system32\MRT
2015-03-22 14:20 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-22 14:20 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-03-22 14:20 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-03-22 14:20 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-03-22 14:18 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2015-03-22 14:18 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-03-22 14:18 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-22 14:18 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-22 14:18 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-03-22 14:18 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-03-22 14:18 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-22 14:18 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-03-22 14:18 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-03-22 14:18 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2015-03-22 14:18 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-03-07 09:57 . 2015-03-07 09:57 -------- d-----w- c:\users\patrik\AppData\Roaming\SFBot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 18:30 . 2014-11-02 05:46 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-16 15:20 . 2015-02-23 06:21 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-02-05 21:01 . 2015-02-21 11:07 1756424 ---ha-w- c:\windows\system32\nvspbridge64.dll
2015-02-05 21:01 . 2015-02-21 11:07 1514528 ---ha-w- c:\windows\system32\nvspcap64.dll
2015-02-05 21:01 . 2015-02-21 11:07 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-02-05 21:01 . 2015-02-21 11:07 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-02-05 21:01 . 2015-02-21 11:06 74056 ---ha-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2015-02-21 11:06 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2015-02-21 11:01 38032 ---ha-w- c:\windows\system32\drivers\nvvad64v.sys
2015-02-05 21:01 . 2015-02-21 11:00 995248 ---ha-w- c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-21 11:00 969872 ---ha-w- c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-21 11:00 943760 ---ha-w- c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-21 11:00 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-21 11:00 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-21 11:00 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-21 11:00 3610768 ---ha-w- c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-21 11:00 35472 ---ha-w- c:\windows\system32\nvaudcap64v.dll
2015-02-05 21:01 . 2015-02-21 11:00 353224 ---ha-w- c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-21 11:00 3299512 ---ha-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2015-02-21 11:00 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-21 11:00 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-02-05 21:01 . 2015-02-21 11:00 32106640 ---ha-w- c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-21 11:00 31376 ---ha-w- c:\windows\system32\drivers\nvpciflt.sys
2015-02-05 21:01 . 2015-02-21 11:00 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-21 11:00 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2015-02-21 11:00 25460880 ---ha-w- c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-21 11:00 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-21 11:00 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-21 11:00 1895240 ---ha-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-21 11:00 18575880 ---ha-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2015-02-21 11:00 177624 ---ha-w- c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-21 11:00 17253848 ---ha-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2015-02-21 11:00 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-21 11:00 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2015-02-21 11:00 1557648 ---ha-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-21 11:00 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2015-02-21 11:00 13294528 ---ha-w- c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-21 11:00 13208200 ---ha-w- c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-21 11:00 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-21 11:00 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-02-21 11:00 10284872 ---ha-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 19:07 . 2015-02-21 11:06 6861128 ---ha-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2015-02-21 11:06 3517584 ---ha-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2015-02-21 11:06 935056 ---ha-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2015-02-21 11:06 62792 ---ha-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2015-02-21 11:06 2558792 ---ha-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2015-02-21 11:06 74896 ---ha-w- c:\windows\system32\nv3dappshextr.dll
2015-02-05 19:06 . 2015-02-21 11:06 385168 ---ha-w- c:\windows\system32\nvmctray.dll
2015-02-05 19:06 . 2015-02-21 11:06 1098384 ---ha-w- c:\windows\system32\nv3dappshext.dll
2015-02-05 12:50 . 2015-02-21 11:06 4236870 ---ha-w- c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mncdyyaahSrv"="c:\windows\system32\mncdyyaah.vbe" [2014-03-05 7670]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-02-17 3978600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LINKMAGIC.lnk - c:\program files (x86)\LINKMAGIC\LINKMAGIC.EXE [2014-10-9 1757696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Survarium Update Service;Survarium Update Service;c:\program files (x86)\Survarium\game\binaries\x86\survarium_service.exe Survarium;c:\program files (x86)\Survarium\game\binaries\x86\survarium_service.exe Survarium [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 08:39 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-05 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-02-05 1514528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-04-03 11:15:21 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-03 09:15
ComboFix2.txt 2015-04-02 19:14
.
Pre-Run: 159 726 538 752 bytes free
Post-Run: 159 124 086 784 bytes free
.
- - End Of File - - F1E5A4E09CF131558646F8A7D28CB98B