Prosím o kontrolu logu HJT Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 10 kvě 2015 18:51

Zde je log ze Zoek:

Option Explicit
Dim fs, objFSO, objLogFile, oFolder
Set fs = CreateObject("scripting.filesystemobject")
oFolder = Wscript.Arguments.Item(0)
Const ForAppending = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile("test.txt", ForAppending, True)
objLogFile.Write(oFolder & " (F=")
objLogFile.Write CountFiles(oFolder)
objLogFile.Write(" D=")
objLogFile.Write CountFolders(oFolder)
objLogFile.Write(" ")
objLogFile.Write FolderSize(oFolder)
objLogFile.Write(" bytes)" & vbCrLf )
objLogFile.Close
Function CountFolders (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.SubFolders.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFolders(SubFld.Path)
Next
CountFolders = IntCount
End Function
Function FolderSize (ByVal StrFolder)
Dim ParentFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.size
FolderSize = IntCount
End Function
Function CountFiles (ByVal StrFolder)
Dim ParentFld
Dim SubFld
Dim IntCount
Set ParentFld = fs.GetFolder (StrFolder)
IntCount = ParentFld.Files.Count
For Each SubFld In ParentFld.SubFolders
IntCount = IntCount + CountFiles(SubFld.Path)
Next
CountFiles = IntCount
End Function
Keybord not present. Press Enter to continue

Reklama
Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jerabina » 10 kvě 2015 18:54

Vypadá, že Zoek nepracoval. Zkus ho prosím v Nouzovém režimu.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 10 kvě 2015 18:59

Zoek pracoval, ale já jsem horlivě vložil první log, který zoek vyexpedoval :-) Pravděpodobně je správný tenhle:


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Petr on 10.05.2015 at 17:50:36,83.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.05.2015 17:55:11 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\360 deleted successfully
C:\Program Files\Panda Security deleted successfully
C:\Program Files\Webteh deleted successfully
C:\PROGRA~2\Shared Space deleted successfully
C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Users\Petr\AppData\Roaming\Panda Security deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\prefs.js:

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0khh5aex.default-1427958703254\prefs.js:

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0khh5aex.default-1427958703254\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1825_.backup
prefs__2321_.backup

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1825_.backup

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0khh5aex.default-1427958703254

user.js not found
---- FireFox user.js and prefs.js backups ----


==== Deleting Files \ Folders ======================

C:\Program Files\360 not found
C:\Program Files\Panda Security not found
C:\Program Files\Webteh not found
C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\Users\Petr\AppData\Roaming\ProductData deleted
C:\PROGRA~2\ProductData deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\torrents-search.xml deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0khh5aex.default-1427958703254
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4" [10.05.2015 13:58]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Pocket - %ProfilePath%\extensions\isreaditlater@ideashower.com
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Classic Theme Restorer Customize UI - %ProfilePath%\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi
- ProxTube - %ProfilePath%\extensions\ich@maltegoetz.de.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- Download Manager Tweak - %ProfilePath%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0khh5aex.default-1427958703254
- Undetermined - %ProfilePath%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877
8355BD2CD6CD108FB1318AA3D1085CA0 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Program Files\TVUPlayer\npTVUAx.dll - TVU Web Player for FireFox
EA768A823B0DE8D2B3FFF8E38F4AFF50 - C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll - Google Updater
19454D237DDA0653CB9274F2F3F36559 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
5180B825E1F4E7C2900A98295E5CB386 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
343BA8F3ABC8CE69700F37DB4A82300F - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll - Silverlight Plug-In
D31C4608FDCD9CEB756F45E91DCF64F8 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45
66F9ADD8A2335EF9870AFDA4F35F492B - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.14
1DE714BB4BB48B10BC94FF84C9BC6471 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Web Player
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
AB3546B509E4B89096078EB2081C39C7 - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 36.0.1985.125



==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer deleted successfully

==== Empty IE Cache ======================

C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Petr\AppData\Local\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================


==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Petr\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on 10.05.2015 at 18:57:47,71 ======================
Keybord not present. Press Enter to continue

mople71
Level 3.5
Level 3.5
Příspěvky: 662
Registrován: listopad 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod mople71 » 10 kvě 2015 19:04

Bezva. :-)


Stáhni si prosím FRST:

Pro 32-bit OS: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Pro 64-bit OS: http://www.bleepingcomputer.com/downloa ... ool/dl/82/

Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic navíc nezatrhávej.

Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 10 kvě 2015 19:57

Zde je první log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Petr (administrator) on INTEL on 10-05-2015 19:50:41
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgemcx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1359064 2015-04-01] (COMODO)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2015-05-10] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll [2012-10-02] (Google)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [2010-04-23] (TVU networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\doplky-pro-firefox.xml [2015-05-06]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\thepiratebayorg.xml [2015-05-06]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\wikipedia-ssl-de.xml [2015-05-06]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\wikipedia-ssl.xml [2015-05-06]
FF Extension: No Name - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-04-06]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\cs@dictionaries.addons.mozilla.org [2015-05-06]
FF Extension: Pocket - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\isreaditlater@ideashower.com [2015-05-10]
FF Extension: EPUBReader - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-05-06]
FF Extension: Seznam lištička - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-05-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\adblockpopups@jessehakanen.net.xpi [2015-05-06]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-05-06]
FF Extension: Ghostery - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\firefox@ghostery.com.xpi [2015-05-10]
FF Extension: ProxTube - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\ich@maltegoetz.de.xpi [2015-05-06]
FF Extension: Thumbnail Zoom Plus - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-05-06]
FF Extension: Flagfox - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-05-06]
FF Extension: NoScript - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-06]
FF Extension: Adblock Plus - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-06]
FF Extension: Tab Mix Plus - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-05-06]
FF Extension: Download Manager Tweak - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2015-05-06]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-07-20]
FF HKLM\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-07-20]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2015-05-10]

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
StartMenuInternet: ChromePlus - C:\Users\Petr\AppData\Roaming\ChromePlus\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2015-05-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2015-05-10] (AVG Technologies CZ, s.r.o.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4351816 2015-04-01] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664728 2015-04-01] (COMODO)
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-11-08] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
S3 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [919184 2015-05-01] (NVIDIA Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20698768 2015-05-01] (NVIDIA Corporation)
S4 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2015-05-10] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2015-05-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2015-05-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2015-05-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2015-05-10] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2015-05-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2015-05-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [299552 2015-05-10] (AVG Technologies CZ, s.r.o.)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [621144 2015-04-01] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2015-04-01] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-12] (Disc Soft Ltd)
R2 HWiNFO32; D:\Program Files\HWiNFO32\HWiNFO32.SYS [20216 2011-05-22] (REALiX(tm))
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-04-01] (COMODO)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [1147392 2009-04-21] (Creative Technology Ltd.)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-12-27] () [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 19:50 - 2015-05-10 19:51 - 00018212 _____ () C:\Users\Petr\Desktop\FRST.txt
2015-05-10 19:50 - 2015-05-10 19:50 - 00000000 ____D () C:\FRST
2015-05-10 19:41 - 2015-05-10 19:41 - 01141248 _____ (Farbar) C:\Users\Petr\Desktop\FRST.exe
2015-05-10 18:52 - 2015-05-10 17:50 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-10 17:54 - 2015-05-10 18:57 - 00011538 _____ () C:\zoek-results.log
2015-05-10 17:50 - 2015-05-10 18:25 - 00000000 ____D () C:\zoek_backup
2015-05-10 17:36 - 2015-05-10 17:36 - 01308672 _____ () C:\Users\Petr\Desktop\zoek.exe
2015-05-10 17:25 - 2015-05-10 17:25 - 00000000 ____D () C:\Users\Petr\AppData\Local\Apps\2.0
2015-05-10 17:16 - 2015-05-10 17:16 - 00000923 _____ () C:\Users\Petr\Desktop\JRT.txt
2015-05-10 17:07 - 2015-05-10 17:08 - 16937048 _____ () C:\Users\Petr\Desktop\RogueKiller.exe
2015-05-10 17:07 - 2015-05-10 17:07 - 02720307 _____ (Thisisu) C:\Users\Petr\Desktop\JRT.exe
2015-05-10 16:59 - 2015-05-10 16:59 - 00001124 _____ () C:\Users\Petr\Desktop\mbamm.txt
2015-05-10 15:59 - 2015-05-10 16:36 - 00000000 ____D () C:\AdwCleaner
2015-05-10 15:34 - 2015-05-10 15:34 - 00003408 ____N () C:\bootsqm.dat
2015-05-10 13:59 - 2015-05-10 13:59 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\AVG10
2015-05-10 13:58 - 2015-05-10 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
2015-05-10 13:57 - 2015-05-10 14:00 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-05-10 13:57 - 2015-05-10 13:59 - 00000000 ____D () C:\ProgramData\AVG10
2015-05-10 13:56 - 2015-05-10 13:56 - 00000000 ____D () C:\Program Files\AVG
2015-05-10 13:53 - 2015-05-10 13:59 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-10 12:15 - 2015-05-10 13:53 - 02301792 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-10 11:51 - 2015-05-10 13:15 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-05-10 11:47 - 2015-05-10 13:48 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-09 13:39 - 2015-05-10 13:51 - 00122088 _____ () C:\Users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-09 11:41 - 2015-05-10 11:22 - 00000000 __SHD () C:\$360Section
2015-05-09 11:24 - 2015-05-10 11:22 - 00000000 ____D () C:\ProgramData\360Quarant
2015-05-09 11:24 - 2015-05-09 11:24 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-05-06 13:49 - 2015-05-07 07:55 - 00003758 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-05-06 12:04 - 2015-05-10 18:57 - 00011204 _____ () C:\Windows\PFRO.log
2015-05-06 12:02 - 2015-05-06 12:02 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Comodo
2015-05-06 10:00 - 2015-04-08 22:34 - 00560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-05-06 09:56 - 2015-04-09 02:52 - 25374864 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 24053392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 12852784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 11380728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 08590480 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-06 09:56 - 2015-04-09 02:52 - 02573456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 01048720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235012.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00962192 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00927256 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00912528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235012.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00402760 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00346440 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00154440 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2015-05-06 09:56 - 2015-04-09 02:52 - 00128512 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2015-05-06 08:32 - 2015-05-10 18:57 - 00003790 _____ () C:\Windows\setupact.log
2015-05-06 08:32 - 2015-05-06 08:32 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-26 10:04 - 2015-04-26 10:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-25 23:54 - 2015-04-25 23:54 - 00002747 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-04-25 23:54 - 2015-04-25 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-04-25 14:20 - 2015-04-25 15:15 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\BSplayer
2015-04-25 14:20 - 2015-04-25 14:20 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\BSplayer Pro
2015-04-24 11:09 - 2015-04-24 11:09 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Thumbnail me
2015-04-24 11:09 - 2015-04-24 11:09 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thumbnail me 3.0
2015-04-24 11:09 - 2015-04-24 11:09 - 00000000 ____D () C:\Users\Petr\AppData\Local\Thumbnail me
2015-04-24 11:09 - 2015-04-24 11:09 - 00000000 ____D () C:\Program Files\Thumbnail me 3.0
2015-04-24 10:50 - 2015-04-24 10:52 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\MediaInfo
2015-04-24 10:49 - 2015-04-24 10:49 - 00001068 _____ () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-04-24 10:49 - 2015-04-24 10:49 - 00000000 ____D () C:\Program Files\MediaInfo
2015-04-22 21:47 - 2015-04-22 21:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-22 08:17 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-22 08:17 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-22 08:17 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-21 08:52 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-21 08:52 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-21 08:52 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-04-21 08:52 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-21 08:51 - 2014-12-11 19:47 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-19 20:10 - 2015-04-19 20:10 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-19 20:10 - 2015-04-19 20:10 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-19 20:10 - 2015-04-19 20:10 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-19 20:10 - 2015-04-19 20:10 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-19 20:10 - 2015-04-19 20:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-19 20:10 - 2015-04-19 20:10 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-19 20:10 - 2015-04-19 20:10 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-19 20:10 - 2015-04-19 20:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-19 20:10 - 2015-04-19 20:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-19 19:59 - 2015-04-19 20:22 - 61710336 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-04-19 19:59 - 2015-04-19 20:22 - 38936576 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2015-04-19 19:59 - 2015-04-19 20:22 - 05013504 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-04-19 19:59 - 2015-04-19 20:22 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit
2015-04-19 19:59 - 2015-04-19 20:22 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-04-19 19:46 - 2015-04-19 21:03 - 00000000 ____D () C:\Program Files\IObit
2015-04-15 12:15 - 2015-04-15 12:15 - 00000000 ____D () C:\Program Files\Ear Test
2015-04-15 08:53 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:53 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:53 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:53 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 08:53 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 08:53 - 2015-03-17 07:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 08:53 - 2015-03-17 07:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 08:53 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 08:53 - 2015-03-17 06:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 08:53 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 08:53 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 08:53 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 08:53 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 08:53 - 2015-03-17 06:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 08:53 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 08:53 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 08:53 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 08:53 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 08:53 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 08:53 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:53 - 2015-03-13 05:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 08:53 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 08:53 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:53 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 08:53 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 08:53 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:53 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:53 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 08:53 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:53 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:53 - 2015-03-13 05:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 08:53 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 08:53 - 2015-03-13 05:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 08:53 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:53 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 08:53 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 08:53 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:53 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:53 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:53 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:53 - 2015-03-13 04:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 08:53 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 08:53 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:53 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:53 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 08:53 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:53 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:53 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:52 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:52 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:52 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:52 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:52 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:52 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:52 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:52 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-11 11:43 - 2015-04-11 11:43 - 00000323 _____ () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Shortcut to Swirl.swl

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 19:08 - 2011-11-08 15:48 - 01908827 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 19:05 - 2009-07-14 06:34 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 19:05 - 2009-07-14 06:34 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 18:57 - 2014-07-21 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-10 18:57 - 2012-04-08 14:24 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 18:25 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-10 17:36 - 2014-06-08 21:01 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-10 16:57 - 2012-10-19 16:39 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\vlc
2015-05-10 16:43 - 2014-07-07 14:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 14:04 - 2013-10-28 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research
2015-05-10 14:04 - 2013-10-28 22:55 - 00002659 _____ () C:\Users\Public\Desktop\WWT ¦ Mars.lnk
2015-05-10 14:04 - 2013-10-28 22:55 - 00002647 _____ () C:\Users\Public\Desktop\WorldWide Telescope.lnk
2015-05-10 13:58 - 2013-04-06 14:59 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\TuneUp Software
2015-05-10 13:58 - 2012-11-12 04:47 - 00255968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-05-10 13:58 - 2011-05-27 19:05 - 00134480 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AVGIDSDriver.sys
2015-05-10 13:58 - 2011-03-16 16:03 - 00032592 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2015-05-10 13:58 - 2011-03-01 14:25 - 00034896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-05-10 13:58 - 2011-02-22 08:12 - 00022992 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AVGIDSEH.sys
2015-05-10 13:58 - 2011-02-10 07:53 - 00024144 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AVGIDSFilter.sys
2015-05-10 13:58 - 2011-02-10 07:53 - 00021968 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\system32\Drivers\AVGIDSShim.sys
2015-05-10 13:57 - 2014-11-04 04:48 - 00299552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2015-05-10 13:35 - 2011-11-09 10:58 - 00002122 _____ () C:\Windows\epplauncher.mif
2015-05-10 11:22 - 2014-04-16 19:28 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8th Wonder Software Designs
2015-05-10 11:22 - 2012-10-15 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2015-05-10 06:15 - 2011-11-08 16:42 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-09 11:46 - 2014-05-13 20:00 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Skype
2015-05-09 11:43 - 2011-11-08 15:44 - 00000000 ____D () C:\Windows\Panther
2015-05-09 11:41 - 2014-12-20 01:12 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Winamp
2015-05-09 11:41 - 2014-01-28 21:13 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\uTorrent
2015-05-09 11:41 - 2012-12-17 01:40 - 00000000 ____D () C:\Users\Petr\.VirtualBox
2015-05-09 11:41 - 2012-10-15 20:08 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Stellarium
2015-05-09 11:41 - 2012-04-10 15:43 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\BitTorrent
2015-05-09 11:41 - 2012-01-15 15:18 - 00000000 ____D () C:\Program Files\YeaChess
2015-05-07 07:54 - 2015-03-24 01:45 - 00002250 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-05-06 10:00 - 2012-09-17 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-06 09:58 - 2011-11-08 16:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-01 18:51 - 2014-07-30 11:39 - 01316000 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2015-05-01 18:51 - 2014-07-21 17:29 - 01316184 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2015-04-27 09:16 - 2011-11-08 17:28 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Adobe
2015-04-27 09:03 - 2015-01-23 10:22 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 10:18 - 2012-04-02 22:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-26 10:18 - 2011-11-08 17:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-26 10:04 - 2011-11-08 16:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-26 10:04 - 2011-11-08 16:27 - 00000000 ____D () C:\Program Files\Adobe
2015-04-26 10:03 - 2011-11-08 16:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-26 09:24 - 2011-11-08 16:29 - 00000000 ____D () C:\Program Files\Java
2015-04-26 09:21 - 2011-11-08 16:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-26 09:20 - 2014-05-02 07:06 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-25 23:55 - 2012-11-13 08:49 - 00000000 ____D () C:\ProgramData\Sophos
2015-04-23 15:39 - 2012-11-22 22:26 - 00000000 ____D () C:\Users\Petr\AppData\Local\Microsoft Games
2015-04-23 14:30 - 2014-02-06 19:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-22 23:10 - 2011-11-09 12:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-22 19:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2015-04-21 22:38 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 11:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-20 11:13 - 2011-11-16 06:48 - 00000000 ____D () C:\Users\Petr\TapinRadio
2015-04-19 20:16 - 2011-11-23 23:28 - 00000000 ____D () C:\ProgramData\IObit
2015-04-19 20:08 - 2014-10-01 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resurrection Demo
2015-04-19 20:08 - 2014-09-28 12:21 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptor - Shareware
2015-04-19 20:08 - 2014-09-28 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Murk
2015-04-19 20:08 - 2014-09-28 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Aggressive
2015-04-19 20:08 - 2014-09-28 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn 2
2015-04-19 20:08 - 2014-09-28 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monsters & Mayhem
2015-04-19 20:08 - 2014-09-28 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spheres of Chaos
2015-04-19 20:08 - 2014-09-28 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BufoVok 2.2
2015-04-19 20:08 - 2013-11-01 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopTray
2015-04-19 19:50 - 2011-11-15 19:02 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\IObit
2015-04-19 19:49 - 2012-10-02 21:52 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Apple Computer
2015-04-19 08:13 - 2011-11-08 16:12 - 01609092 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 09:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 09:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-16 08:42 - 2014-12-10 12:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 08:42 - 2014-05-06 22:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:17 - 2013-08-14 23:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:11 - 2011-11-16 06:59 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-11 14:08 - 2011-12-18 20:46 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2012-08-06 18:24 - 2012-08-06 18:24 - 0138904 _____ () C:\Users\Petr\AppData\Roaming\PnkBstrK.sys
2013-10-18 11:35 - 2013-10-18 11:38 - 0030208 ___SH () C:\Users\Petr\AppData\Roaming\Thumbs.db
2012-07-28 17:27 - 2012-07-28 17:27 - 0021976 _____ () C:\Users\Petr\AppData\Roaming\UserTile.png
2011-12-18 15:32 - 2014-03-09 00:02 - 0069120 _____ () C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-13 20:05 - 2014-05-13 20:05 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-10 19:36

==================== End Of Log ============================
Keybord not present. Press Enter to continue

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 10 kvě 2015 19:58

A zde je druhý log z FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Petr at 2015-05-10 19:51:21
Running from C:\Users\Petr\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1382680524-3974183494-2248916863-500 - Administrator - Disabled)
Guest (S-1-5-21-1382680524-3974183494-2248916863-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1382680524-3974183494-2248916863-1002 - Limited - Enabled)
Petr (S-1-5-21-1382680524-3974183494-2248916863-1001 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Aktualizace NVIDIA 2.4.3.22 (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1434 - AVG Technologies CZ, s.r.o.)
AVG 2011 (Version: 10.0.1434 - AVG Technologies CZ, s.r.o.) Hidden
AVG 2011 (Version: 10.0.4311 - AVG Technologies CZ, s.r.o.) Hidden
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
BitTorrent (HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CloneSpy 2.63 (HKLM\...\CloneSpy) (Version: - CloneSpy)
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.0.32580.1142 - COMODO Group Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Cookienator (HKLM\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.03 - Piriform)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Ear Test 1.00 (HKLM\...\Ear Test_is1) (Version: - Johannes Wallroth)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fences (HKLM\...\Fences) (Version: - Stardock Corporation)
Fences (Version: 0.95 - Stardock Corporation) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freemake Video Converter verze 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1808.5272 - Google Inc.)
Grand Theft Auto Vice City (HKLM\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
ChromePlus (HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\ChromePlus) (Version: - Maple studio.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java DB 10.3.1.4 (HKLM\...\{CD49361E-3FE6-457E-90A1-9C59E29B5D02}) (Version: 10.3.1.4 - Sun Microsystems, Inc)
Java SE Development Kit 7 Update 15 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle)
Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Java(TM) SE Development Kit 6 Update 5 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Magic FLAC to MP3 Converter 3.71 (HKLM\...\Magic FLAC to MP3 Converter_is1) (Version: - Magic Video)
MAGIX Burn routines (HKLM\...\{72945A77-20ED-4507-B267-4771EDE4EE58}) (Version: 11.0.0.233 - MAGIX AG)
MAGIX Content and Soundpools (HKLM\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (HKLM\...\MX.{B807FEBE-E253-4B7E-B23F-364873478065}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Demo songs) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.3.45 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.73 (HKLM\...\MediaInfo) (Version: 0.7.73 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM\...\{AC65361C-7AD1-4811-834A-6AEF497F9927}) (Version: 4.1.74 - Microsoft Research)
Mozilla Firefox 37.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 37.0.2 (x86 cs)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music NFO Builder v1.20 (HKLM\...\Music NFO Builder_is1) (Version: - Pawel Piecuch)
NetBeans IDE 7.3 (HKLM\...\nbi-nb-base-7.3.0.0.201302132200) (Version: 7.3 - NetBeans.org)
Nokia Connectivity Cable Driver (HKLM\...\{25CFEF55-A945-41FC-86ED-76469F31DF37}) (Version: 7.1.41.0 - Nokia)
Nokia Music Player (HKLM\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 350.12 (Version: 350.12 - NVIDIA Corporation) Hidden
PatchBeam v1.10 (HKLM\...\PatchBeam_is1) (Version: 1.00 - ConeXware, Inc.)
PC Connectivity Solution (HKLM\...\{4B28C077-9958-45F1-8BB4-CBF90A69AD4E}) (Version: 11.4.15.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
PowerArchiver 2010 (HKLM\...\{789495D8-AF08-4B7C-9022-5F624F3CFB0B}) (Version: 11.71.03 - ConeXware, Inc.)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ramdisk (HKLM\...\Ramdisk) (Version: - )
Readon TV Movie Radio Player 7.6.0.0 (HKLM\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Scorpions WinCheater (HKLM\...\Scorpions WinCheater 2.07 (s databází 165)_is1) (Version: - )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Sibelius 6.1.0.3 Demo (HKLM\...\Sibelius 6 Demo_is1) (Version: - )
Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Tests (HKLM\...\Smart Tests) (Version: 1.0.165.0 - Vitware)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
SQLite3 manager 5.1 lite, release 280207 (HKLM\...\SQLite3 manager LITE_is1) (Version: - Ivan Sivak - SOFTWARE)
Stellarium 0.11.4 (HKLM\...\Stellarium_is1) (Version: 0.11.4 - Stellarium team)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.47.1000 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TapinRadio 1.18 (HKLM\...\TapinRadio_is1) (Version: - TapinRadio)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Thumbnail me 3.0 (HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\Thumbnail me 3.0) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )
TS Dějepis (HKLM\...\TS Dějepis) (Version: - )
TS Dějepis (plná instalace) (HKLM\...\TS Dějepis (plná instalace)) (Version: - )
TVUPlayer 2.5.3.1 (HKLM\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ucitilek (HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\9ead8755c3c1fd40) (Version: 1.0.7.128 - David Roško Usoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VisiPics V1.30 (HKLM\...\VisiPics_is1) (Version: - Ozone)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Word Manager (HKLM\...\Word Manager) (Version: 1.1.280.0 - Vitware.cz)
yBook (HKLM\...\yBook_is1) (Version: - Spacejock Software)
Yea Chess (HKLM\...\YeaChess) (Version: - )
Zoner Photo Studio 12 (HKLM\...\ZonerPhotoStudio12_CZ_is1) (Version: 12.0.1.7 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{513a5114-75ea-41c3-994b-712f23eab71f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 12\Program\SHELLEXT.DLL (ZONER software)
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

==================== Restore Points =========================

08-05-2015 08:46:22 Windows Update
10-05-2015 12:50:39 Installed Microsoft Fix it 50123
10-05-2015 13:56:39 Installed AVG 2011
10-05-2015 13:57:04 Installed AVG 2011
10-05-2015 14:08:56 Nainstalováno rozhraní DirectX
10-05-2015 17:54:56 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-10-20 12:35 - 2015-05-10 17:55 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07FF4B21-0D8E-4D65-A6C1-534AC4FEFC2F} - System32\Tasks\{7EE2D1FA-A015-4059-94A3-E8AE59D96553} => C:\Program Files\City Interactive\MOTORM4X Offroad Extreme\MOTORM4XOffroadExtremeCZ.exe
Task: {0D9B836C-2254-4E5A-9F28-72AF04766658} - System32\Tasks\{5D5F9B0A-15E4-4884-9696-E6824DBEA113} => C:\Program Files\Skype\\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {23D1E784-02DB-4882-8289-D6197915CA74} - System32\Tasks\{1AF97EA6-6EE2-41C6-9CBF-B7984A0F9C6E} => pcalua.exe -a "C:\!! Torrenty\Stažené soubory\Vtipy.exe" -d "C:\!! Torrenty\Stažené soubory"
Task: {28BE504E-A6DC-4F2D-91DA-03C55102A8E3} - System32\Tasks\{2C11FBD0-8C6C-4F4A-9D6B-5A713790651D} => pcalua.exe -a "G:\Instalačky\Hry\!! Staré hry\MS DOS\grand-theft-auto-install.exe" -d "G:\Instalačky\Hry\!! Staré hry\MS DOS"
Task: {37A8E238-7876-4DF4-8798-F244F8DC6342} - System32\Tasks\{644464D8-01F9-4966-A4E1-BF041B225D34} => pcalua.exe -a "G:\Instalačky\Hry\Medal of Honor Airborne (CZ)\redist\dxwebsetup9.29.1973.exe" -d "G:\Instalačky\Hry\Medal of Honor Airborne (CZ)\redist"
Task: {39AAD2A9-44F4-4523-AD0B-DE0DAFF6A459} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {51CB31CE-CEE7-4A17-88CC-78694367AEA0} - System32\Tasks\{6954F9FA-1B61-4D06-912E-4BA27D140ED1} => pcalua.exe -a "G:\Instalačky\Hry a programy\VirtuaNES\VirtuaNES.exe" -d "G:\Instalačky\Hry a programy\VirtuaNES"
Task: {536EC94E-1E69-43A9-A7EE-1C8AEE1F9BF1} - System32\Tasks\{D1B59439-F8C7-4009-8BF9-399F8519189E} => pcalua.exe -a G:\Instalačky\Hry\Šachy\YeaChess\YeaChess_setup.exe -d G:\Instalačky\Hry\Šachy\YeaChess
Task: {54441870-0E8E-49F5-93A7-1E169BF5A3C2} - System32\Tasks\{1282BFA7-186B-471F-94F4-A8473C8A1611} => pcalua.exe -a "C:\Program Files\City Interactive\MOTORM4X Offroad Extreme\MOTORM4XOffroadExtremeCZ.exe" -d "C:\Program Files\City Interactive\MOTORM4X Offroad Extreme"
Task: {585D47EB-6BD6-4FDB-94A3-AF5DD665A155} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {5C6B6A14-9FF9-4453-9B79-BD74E4A4DB98} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6242D18B-05BC-4E1D-A454-B868E625E9F1} - System32\Tasks\{476E53AD-B19C-4D41-851C-83224F4610E4} => pcalua.exe -a "G:\Instalačky\Hry\GTA San Andreas\gtasa120cz.exe" -d "G:\Instalačky\Hry\GTA San Andreas"
Task: {6316CE80-244C-4CFF-B6A6-E47B83F94E9B} - System32\Tasks\{85F5F6AB-72FC-4198-B6FD-E041AB4E7E86} => pcalua.exe -a "G:\Instalačky\Správa počítače\HijackThis.exe" -d "G:\Instalačky\Správa počítače"
Task: {653FBAB2-C834-4EAB-BBD8-B4D50B633D1D} - System32\Tasks\{3A337F26-F7F0-4F5D-939F-A30DDA74A77D} => pcalua.exe -a I:\Setup.exe -d I:\
Task: {67CDEB1F-9BAA-411B-9A10-577061620A19} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7EA043E0-2192-4D94-9C60-7D3C4743D53C} - System32\Tasks\{66A67963-CF16-450B-9E8F-E176D9D9B93D} => pcalua.exe -a "G:\Instalačky\Internetová televize a rádia\Setup TV\setup.exe" -d "G:\Instalačky\Internetová televize a rádia\Setup TV"
Task: {883A0EDC-B064-4AFB-BED6-BAB95C44196F} - System32\Tasks\{2E5EA928-3063-4C5C-B659-29D23548AACB} => C:\Users\Public\Sony Online Entertainment\Installed Games\Bullet Run\LaunchPad.exe [2012-08-07] (Sony Online Entertainment, LLC)
Task: {88EC7AF4-A3EF-4386-8718-B07C18352180} - System32\Tasks\{078C2638-0F11-4E6A-B8A4-8AD46B0EA1BB} => pcalua.exe -a "G:\FŠCHM\instalačky\Hry a programy\WinCH2_setup.exe" -d "G:\FŠCHM\instalačky\Hry a programy"
Task: {89F0F489-8CBE-472F-B147-A85FB55AD888} - System32\Tasks\{63CA6418-8E23-4758-9903-CFF40C10E908} => pcalua.exe -a "G:\Instalačky\Správa počítače\!! Antivirové programy\Mwav.exe" -d "G:\Instalačky\Správa počítače\!! Antivirové programy"
Task: {8B03A27E-AC1F-4FE4-9FD9-640ED4E7D0DF} - System32\Tasks\{7FB65A87-A109-4CA5-B7E0-0D790571227E} => pcalua.exe -a "C:\Program Files\Rockstar Games\GTA San Andreas\text\gtasa120cz.exe" -d "C:\Program Files\Rockstar Games\GTA San Andreas\text"
Task: {93723144-5D73-49A4-8802-B66F9E89E54E} - System32\Tasks\{3CFB85D5-65BB-43E7-95AC-06B20AABCD4E} => pcalua.exe -a "G:\Instalačky\Hudba a video\Hudba\Magic Flac to Mp3 converter v.3.71\flac2mp3.exe" -d "G:\Instalačky\Hudba a video\Hudba\Magic Flac to Mp3 converter v.3.71"
Task: {96167CFF-8299-4B37-98C8-310B033BAB14} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {99B5FCC6-AB85-4505-905A-82CB47CF40AB} - System32\Tasks\{A68AAF46-D59F-457B-ABE1-6235CFA0E289} => pcalua.exe -a "C:\!! Torrenty\!! Hotovo\Magic Flac to Mp3 converter v.3.71\flac2mp3.exe" -d "C:\!! Torrenty\!! Hotovo\Magic Flac to Mp3 converter v.3.71"
Task: {9A221177-0495-4423-8A93-E19927BC82E3} - System32\Tasks\{96381C5F-3168-43F0-BC27-17D147A0F880} => pcalua.exe -a C:\Users\Petr\Downloads\ytd-0.95.exe -d "C:\Program Files\Mozilla Firefox"
Task: {A09D017E-BEA9-4798-B5BC-8F5F077C9C28} - System32\Tasks\{77079AD1-23F3-4A92-80AD-2EA135A68CC2} => pcalua.exe -a "C:\!! Torrenty\!! Hotovo\VirtuaNES\VirtuaNES.exe" -d "C:\!! Torrenty\!! Hotovo\VirtuaNES"
Task: {A62AD74A-C88D-4810-8F28-9B1EE04927B7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-01] (COMODO)
Task: {AC2ECFA3-8D55-4933-8FBE-2A9C69DB596E} - System32\Tasks\{D66FCA5F-E86C-4721-8DBE-23C6D55305A3} => pcalua.exe -a "C:\!! Torrenty\Stažené soubory\BluePilgrim.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {AE7BA7D5-2965-414C-97BE-081CE80DD359} - System32\Tasks\{28AB6A2F-0C04-4A68-B348-B123FCBC142D} => pcalua.exe -a "G:\Instalačky\Hry a programy\Programy\Test z dějepisu\START.EXE" -d "G:\Instalačky\Hry a programy\Programy\Test z dějepisu"
Task: {B8BF8E24-25CF-4AC4-A410-E34B3E3E103A} - System32\Tasks\{84F43999-0F6C-4F42-989D-E6BB51CB1538} => pcalua.exe -a E:\Directx8\dxsetup.exe -d E:\Directx8
Task: {BB9729AA-4F75-4005-9F01-AFA0546C5651} - System32\Tasks\{9CB38E05-79D0-43A8-9E6F-460A4AC1A1B5} => pcalua.exe -a "G:\Instalačky\Hry a programy\Hry\Emulátory\DOSBox0.72-win32-installer.exe" -d "G:\Instalačky\Hry a programy\Hry\Emulátory"
Task: {C4D716A7-1864-4576-87CD-E0755757C2AE} - System32\Tasks\{698C4DDC-6ACA-46BA-BCF3-2701EAA04D87} => pcalua.exe -a G:\Instalačky\Hry\Easter_Eggy.exe -d "C:\Program Files\Mozilla Firefox"
Task: {C5CD3940-3C9F-4100-ACA3-773BB8C113AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C777FBAD-953B-4AA8-A892-38486F327D51} - System32\Tasks\{8612F7B7-C29D-4FD4-ACD0-94875E607165} => C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe [2006-06-01] ()
Task: {CF8C997C-8321-4B17-A220-ED1509F7F602} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1382680524-3974183494-2248916863-1001
Task: {D021B2CF-B2DF-4D83-9F2D-86D9270F1336} - System32\Tasks\{35D326F5-16EB-4C54-A17E-BBCA847D24D0} => pcalua.exe -a "C:\!! Torrenty\Stažené soubory\Shockwave_Installer_Full.exe" -d "C:\!! Torrenty\Stažené soubory"
Task: {D49DB895-DD0A-4BCC-8E6C-A3750A41917F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DC7194AB-760D-4307-9A76-ED53A48778AF} - System32\Tasks\{23F7530F-3806-482D-87CB-261684A5D04D} => pcalua.exe -a "C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe" -d "C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\"
Task: {E1BCCB3C-90EF-47B6-A190-506B7166DA76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {E834DF42-8D06-4FBC-A3CC-055E0DDA0DF5} - System32\Tasks\{4C11B2A2-B4EC-4C13-A24B-5107A384512C} => pcalua.exe -a E:\akcni\3dbod\3dbod.exe -d E:\akcni\3dbod
Task: {F337B893-9046-4885-827B-4BDB0427C573} - System32\Tasks\{5BD39B76-81C7-48FB-B9F0-D4A150B105D3} => pcalua.exe -a "G:\Instalačky\Internetová televize a rádia\aglotze_v11.exe" -d "C:\Program Files\Mozilla Firefox"
Task: {F5D7551D-82E9-4FCF-8542-EAFA4ECB221E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26] (Adobe Systems Incorporated)
Task: {F86DE5E1-6B10-40C9-AD80-3EEB017200A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F9532711-C08E-4236-A173-10235C5D5411} - System32\Tasks\{90F290AE-2AA4-4250-BEDA-5A0C87F93D86} => pcalua.exe -a "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\"
Task: {FED525A2-3A53-46A2-9229-6DA32C22795B} - System32\Tasks\{9F709BFC-9180-4007-8959-16B67F532282} => pcalua.exe -a "G:\Instalačky\SMS, ICQ, Skype\Esmska-0.22.2-setup.exe" -d "G:\Instalačky\SMS, ICQ, Skype"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-21 17:26 - 2015-04-08 23:08 - 00106128 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-07-10 08:48 - 2009-11-16 20:31 - 00069632 _____ () C:\Program Files\PSPad editor\PSPadShell.dll
2015-05-06 09:10 - 2015-05-01 18:52 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-12-13 00:25 - 2014-12-13 00:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2011-02-10 07:55 - 2015-05-10 13:57 - 01148256 _____ () C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVGIDSDriver.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVGIDSEH.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVGIDSFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\AVGIDSShim.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgldx86.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgmfx86.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgrkx86.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avgtdix.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
AlternateDataStreams: C:\Users\Petr\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Petr\Desktop\FRST.exe:$CmdZnID
AlternateDataStreams: C:\Users\Petr\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Petr\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Petr\Desktop\RogueKiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Petr\Desktop\RogueKiller.exe:$CmdZnID
AlternateDataStreams: C:\Users\Petr\Desktop\zoek.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 11731 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk => C:\Windows\pss\BitTorrent.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk => C:\Windows\pss\Logitech . Registrace produktu.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Petr\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{7A255E50-C6CF-412B-89C3-9B117E0F74E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{AA80AA3B-C6C3-433F-8065-AB3F7500FBF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B203DAF3-E33C-4AFB-9F74-5C781DF98FBD}] => (Allow) LPort=5353
FirewallRules: [{322E4B0D-84AE-4D5E-B662-46E77B775100}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{CD1EDB1B-3BB7-4F3D-A51E-B04063ACC31C}] => (Allow) C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [TCP Query User{9A45832F-924C-43E8-BA2C-5757A0483163}C:\program files\tapinradio\tapinradio.exe] => (Allow) C:\program files\tapinradio\tapinradio.exe
FirewallRules: [UDP Query User{139EC371-4B05-41A6-B684-8BFA7B4279EB}C:\program files\tapinradio\tapinradio.exe] => (Allow) C:\program files\tapinradio\tapinradio.exe
FirewallRules: [TCP Query User{F38ECB3E-7F48-49EC-B646-46E0EBD07A78}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [UDP Query User{3E5DE00E-F0CF-4A13-9C31-255DD8976F2D}C:\program files\windows sidebar\sidebar.exe] => (Allow) C:\program files\windows sidebar\sidebar.exe
FirewallRules: [TCP Query User{C3D7AB9F-9CDF-40DB-8676-757A326FFE81}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0DD80B20-5040-43CF-A2B7-95EFAA84C98A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{415820F1-B21B-4C06-A6A5-686E18A2D55E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{62ADCCCE-6A2F-458C-B19C-38E1FAD5F3E5}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{6D89690A-2DEB-44CC-ACF0-16B7FC4A277F}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{5431E2B5-A6BA-4326-9102-46CFBA334093}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{83BAFAC2-B9C1-431B-BA69-C9D1737C85F7}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{594A00D1-EC04-4D21-95B9-7A546FA1351C}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [TCP Query User{908A9E04-C667-4E6B-80E3-A0933BB93BE1}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{5C5D834A-3FB6-4950-8FFB-595C41B5D282}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4E591382-6A78-41FB-A1E0-353513242C54}G:\instalačky\vypalování, winzip, stahování dat, apod\bittorrent (7.5).exe] => (Allow) G:\instalačky\vypalování, winzip, stahování dat, apod\bittorrent (7.5).exe
FirewallRules: [UDP Query User{B68D9FC7-FE51-40E0-9B7B-8CBCC080054D}G:\instalačky\vypalování, winzip, stahování dat, apod\bittorrent (7.5).exe] => (Allow) G:\instalačky\vypalování, winzip, stahování dat, apod\bittorrent (7.5).exe
FirewallRules: [TCP Query User{B9FDF405-BD9C-4B05-AB5F-3A3BB484B0DE}C:\users\petr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petr\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B367FDF1-6D97-46FD-BBAF-E02ED1FB99F2}C:\users\petr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petr\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A1A810B8-952D-4553-BCBB-D62176D9BF7A}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{F76A4799-68AB-4717-81A6-F86C1547CC52}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{9C27501F-0A96-424D-9382-9D74DEFDFA1E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{33CB591A-DAAE-4329-B273-D61BA7C587C3}C:\users\petr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petr\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{67E061F1-7FD9-4D70-B5AD-39CB6A952F3D}C:\users\petr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3BF84D45-E3AA-4E42-9E7C-14CC015C2D8B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{9B9542D4-2989-4CC8-9DC3-C56855B3F9E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7DEB36B4-50B5-45BC-BE60-FF7A6C0D84AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7C09582-D0C4-4997-9F77-B4550C1E6B5B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{DBDE4B50-109D-4958-87D6-E4663DC9D0D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{20739F45-5F6C-4494-A148-716B42CE6E85}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8306552A-8FBE-4EF5-8BA0-5AF54097CDE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{64E0B41F-6650-4645-9C1E-036186E2BDE0}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{EA4A3B86-0532-441C-B39D-737AC2DABFFC}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{2BB0AEB9-295E-4DC6-8976-204095560EA3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F769B642-6D1B-4937-A85F-D9681161D5FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AF9D5409-291D-44E7-A426-6B1EE187EE87}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9A1AC8A3-11A0-4E5C-A37E-ABF0F625158F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{13758209-EC29-4385-B776-4B0090426886}C:\users\petr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petr\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E4B921E9-F946-496E-B264-D10F4E775572}C:\users\petr\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\petr\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{892043FB-C949-4528-ADAB-BD0A2ACAC92A}C:\users\petr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petr\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6FAA17A2-F798-4A88-80BA-1DC16865D208}C:\users\petr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\petr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{355772AB-2CCA-478C-926F-190A25E8D97C}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [UDP Query User{E4F926A8-B972-4D4D-97E7-37704D0A4CBC}C:\program files\tvuplayer\tvuplayer.exe] => (Allow) C:\program files\tvuplayer\tvuplayer.exe
FirewallRules: [{9D084E6D-132E-44B5-9F57-011DAC219E8E}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{3556D12D-53CF-410D-A9F0-2A3AD66646A0}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{294FBAA5-9056-427D-963C-CD583B95A30F}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{26E61C84-5983-44FB-A807-4CC165C470E5}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{94698A97-887D-4002-8200-C406B29588EB}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{832B01F7-9248-4E7D-804D-3642EBA6E6FE}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{07FED6A6-4DE9-4F1B-9F72-0786DEE926CC}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{92F75522-3947-452E-BB63-D1E44606963D}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 07:39:40 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu version v prvku assemblyIdentity je neplatná.

Error: (05/10/2015 02:04:36 PM) (Source: MsiInstaller) (EventID: 11500) (User: NT AUTHORITY)
Description: Product: Windows Live ID Client Runtime -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/10/2015 02:04:36 PM) (Source: MsiInstaller) (EventID: 11500) (User: NT AUTHORITY)
Description: Product: Windows Live ID Client Runtime -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/10/2015 02:04:35 PM) (Source: MsiInstaller) (EventID: 11500) (User: NT AUTHORITY)
Description: Product: Windows Live ID Client Runtime -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/10/2015 02:04:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {7f97c8be-3fc8-4ac6-b09c-d28f7afc621e}

Error: (05/10/2015 01:35:48 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: intel)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. (null)

Error: (05/10/2015 01:32:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: intel)
Description: Product: Microsoft Security Client CS-CZ Language Pack -- Error 1316. Zadaný účet již existuje.

Error: (05/10/2015 01:19:33 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: intel)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. (null)

Error: (05/10/2015 01:19:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: intel)
Description: Product: Microsoft Security Client CS-CZ Language Pack -- Error 1316. Zadaný účet již existuje.

Error: (05/10/2015 01:15:15 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: intel)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. (null)


System errors:
=============
Error: (05/10/2015 06:25:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:25:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:25:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:25:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 06:25:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (05/10/2015 05:55:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (05/10/2015 05:18:24 PM) (Source: volsnap) (EventID: 16) (User: )
Description: Stínové kopie svazku H: byly přerušeny, protože bylo vynuceno odpojení svazku H:, který obsahuje úložiště stínové kopie pro tyto kopie,

Error: (05/10/2015 05:12:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/10/2015 05:12:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Network Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/10/2015 05:12:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba AVG WatchDog byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 28%
Total physical RAM: 3326.49 MB
Available physical RAM: 2375.38 MB
Total Pagefile: 6651.28 MB
Available Pagefile: 5361.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.36 MB

==================== Drives ================================

Drive c: (win7) (Fixed) (Total:151.61 GB) (Free:62.51 GB) NTFS
Drive d: (winXP) (Fixed) (Total:146.48 GB) (Free:123.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HerniVyber6) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive f: (Dokumenty) (Fixed) (Total:244.14 GB) (Free:216.83 GB) NTFS
Drive g: (Multimedia) (Fixed) (Total:687.37 GB) (Free:100.8 GB) NTFS
Drive h: (Win7) (Fixed) (Total:111.79 GB) (Free:74.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A2EBA2EB)
Partition 1: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 4310430F)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E3BB742E)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Keybord not present. Press Enter to continue

mople71
Level 3.5
Level 3.5
Příspěvky: 662
Registrován: listopad 14
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod mople71 » 10 kvě 2015 20:19

Neuvěřitelný binec... Tady si někdo rád hraje, co? ;)

Na hraní se SW existuje Sandbox, pak z OS je toto... Asi máš rád Piriform, co? :smile:


Ujasnění zabezpečení PC:

Odinstaluj prosím tyto programy:

Kód: Vybrat vše

CCleaner
Sophos Virus Removal Tool
SUPERAntiSpyware


Vidím COMODO a AVG. COMODO máš pouze firewall nebo něco dalšího?

Ani jedno imho není dobrá volba.


Fixlist FRST:

Na Ploše (musí na ní být umístěn FRST) vytvoř textový soubor s názvem fixlist, do něj zkopíruj následujcí skript a ulož.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

Task: {653FBAB2-C834-4EAB-BBD8-B4D50B633D1D} - System32\Tasks\{3A337F26-F7F0-4F5D-939F-A30DDA74A77D} => pcalua.exe -a I:\Setup.exe -d I:\

AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
C:\ProgramData\TEMP

FirewallRules: [{9D084E6D-132E-44B5-9F57-011DAC219E8E}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{3556D12D-53CF-410D-A9F0-2A3AD66646A0}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll [2012-10-02] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: No Name - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-04-06]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\doplky-pro-firefox.xml [2015-05-06]
FF Extension: Seznam lištička - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-05-10]

S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]

C:\Windows\Tasks\360Disabled
C:\ProgramData\panda_url_filtering
Folder: C:\$360Section
C:\ProgramData\Panda Security
C:\Windows\Tasks\*.job
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\COMPONENTS.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\Windows\system32\config\SECURITY.iobit
C:\Windows\Tasks\ImCleanDisabled
C:\Program Files\Common Files\IObit
C:\Program Files\IObit
C:\Users\Petr\AppData\Roaming\TuneUp Software
C:\ProgramData\ezsidmv.dat

CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: dir C:\$360Section
CMD: dir C:\PROGRA~1
CMD: dir C:\PROGRA~2
CMD: dir %appdata%
CMD: dir %localappdata%
CMD: dir %programdata%

RemoveProxy:
EmptyTemp:
End

Poté otevři FRST jako správce a klikni na tlačítko >Fix<. Po restartu PC se na Ploše objeví fixlog, jeho obsah prosím vlož do dalšího příspěvku.

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 10 kvě 2015 21:03

Neuvěřitelný binec... Tady si někdo rád hraje, co?


Teda popravdě netuším, co myslíš tím bincem, ani to, jak se tam dostal :-) Akorát snad... doteď jsem používal AV od Microsoft, vyměnil jsem ho za 360 Total Security, pak jsem se chtěl vrátit k MSE, jenže už nešel nainstalovat kvůli chybě 0x80070643, tak jsem zkusil Pandu, a nakonec jsem zůstal u AVG. A tohle celé během víkendu. Taky jsem si nainstaloval Advanced System Care, jelikož byl full verze a zadarmo :evil: :evil: Ale jen na pár hodin. A naposledy.
Tak jestli ten bordel nemůže být z tohohle experimentu.

Comodo mám jen firewall. AVG zase firewall nemá, anžto je to free verze. AVG mi doporučili v servisu, těžko říct, co je nejlepší, ten říká to a ten zas tohle :D
Byl jsem spokojený z MSE, jenže za celé čtyři roky nic nenašel... No, abych mu nekřivdil, dvakrát něco našel.

Odinstaloval jsem SuperAntiSpyware a Sophos Virus Removal Tool, ale moc nerozumím tomu, proč bych měl odinstalovat CCleaner.

Nicméně zde je log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by Petr at 2015-05-10 20:40:52 Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

Task: {653FBAB2-C834-4EAB-BBD8-B4D50B633D1D} - System32\Tasks\{3A337F26-F7F0-4F5D-939F-A30DDA74A77D} => pcalua.exe -a I:\Setup.exe -d I:\

AlternateDataStreams: C:\ProgramData\TEMP:24051EFF
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8927A071
C:\ProgramData\TEMP

FirewallRules: [{9D084E6D-132E-44B5-9F57-011DAC219E8E}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{3556D12D-53CF-410D-A9F0-2A3AD66646A0}] => (Allow) C:\Program Files\pandasecuritytb\ToolbarCleaner.exe

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll [2012-10-02] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: No Name - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-04-06]
FF SearchPlugin: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\doplky-pro-firefox.xml [2015-05-06]
FF Extension: Seznam lištička - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-05-10]

S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]

C:\Windows\Tasks\360Disabled
C:\ProgramData\panda_url_filtering
Folder: C:\$360Section
C:\ProgramData\Panda Security
C:\Windows\Tasks\*.job
C:\Windows\system32\config\SOFTWARE.iobit
C:\Windows\system32\config\COMPONENTS.iobit
C:\Windows\system32\config\DEFAULT.iobit
C:\Windows\system32\config\SAM.iobit
C:\Windows\system32\config\SECURITY.iobit
C:\Windows\Tasks\ImCleanDisabled
C:\Program Files\Common Files\IObit
C:\Program Files\IObit
C:\Users\Petr\AppData\Roaming\TuneUp Software
C:\ProgramData\ezsidmv.dat

CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: dir C:\$360Section
CMD: dir C:\PROGRA~1
CMD: dir C:\PROGRA~2
CMD: dir %appdata%
CMD: dir %localappdata%
CMD: dir %programdata%

RemoveProxy:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}" => Key deleted successfully.
"HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}" => Key deleted successfully.
"HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}" => Key deleted successfully.
"HKU\S-1-5-21-1382680524-3974183494-2248916863-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{653FBAB2-C834-4EAB-BBD8-B4D50B633D1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{653FBAB2-C834-4EAB-BBD8-B4D50B633D1D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3A337F26-F7F0-4F5D-939F-A30DDA74A77D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3A337F26-F7F0-4F5D-939F-A30DDA74A77D}" => Key deleted successfully.
C:\ProgramData\TEMP => ":24051EFF" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
C:\ProgramData\TEMP => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D084E6D-132E-44B5-9F57-011DAC219E8E} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3556D12D-53CF-410D-A9F0-2A3AD66646A0} => value deleted successfully.
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14" => Key deleted successfully.
C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => Moved successfully.
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\searchplugins\doplky-pro-firefox.xml => Moved successfully.
C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => Moved successfully.
LiveUpdateSvc => Service deleted successfully.
BAPIDRV => Service deleted successfully.
C:\Windows\Tasks\360Disabled => Moved successfully.
C:\ProgramData\panda_url_filtering => Moved successfully.

========================= Folder: C:\$360Section ========================

2015-05-09 11:41 - 2015-05-09 11:41 - 0000973 _____ () C:\$360Section\360.788A7A02053EB331B45E9B838BB0D071.q3q
2015-05-10 11:22 - 2015-05-10 11:22 - 0000330 _____ () C:\$360Section\360.7B9D0A0AED74B66E413D653DFD6DCBD4.q3q
2015-05-09 11:41 - 2015-05-09 11:41 - 0425984 _____ () C:\$360Section\360.8FE899C2A095BA7A310220ACAF02691C.q3q
2015-05-10 11:22 - 2015-05-10 11:22 - 0000048 _____ () C:\$360Section\360.984067A161BF2EEAA6CDC7631FFC4C76.q3q
2015-05-10 11:22 - 2015-05-10 11:22 - 0022796 _____ () C:\$360Section\360.D546D833DB51CBFF07CB8330D757EA1F.q3q
2015-05-10 11:22 - 2015-05-10 11:22 - 0000000 __SHD () C:\$360Section\360Safe
2012-10-15 20:08 - 2015-05-10 11:22 - 0001024 _____ () C:\$360Section\360Safe\360.0925738A4627B00C3CF1F48AB36CF5F9.q3q
2012-01-15 15:18 - 2015-05-10 11:22 - 0001863 _____ () C:\$360Section\360Safe\360.1CB005ECDF75A93E9D765D91BEE83136.q3q
2011-11-08 17:26 - 2015-05-10 11:22 - 0001907 _____ () C:\$360Section\360Safe\360.4376AEF88A01C14229182C3A331C70BE.q3q
2015-04-19 19:49 - 2015-05-10 11:22 - 0672032 _____ () C:\$360Section\360Safe\360.6AB61F3514812D305D1C47A3CF38DD54.q3q
2011-11-08 17:26 - 2015-05-10 11:22 - 0001905 _____ () C:\$360Section\360Safe\360.92F2BD6856E0CF237DF66E3F118E2DF1.q3q
2011-11-08 17:26 - 2015-05-10 11:22 - 0001897 _____ () C:\$360Section\360Safe\360.9C8398288FDA16CBF00D8B8A8A32E1DB.q3q
2014-04-16 19:28 - 2015-05-10 11:22 - 0000746 _____ () C:\$360Section\360Safe\360.B750BD0ED4D7402F6778C5A2AA370B64.q3q

====== End of Folder: ======

C:\ProgramData\Panda Security => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.
C:\Windows\system32\config\SOFTWARE.iobit => Moved successfully.
C:\Windows\system32\config\COMPONENTS.iobit => Moved successfully.
C:\Windows\system32\config\DEFAULT.iobit => Moved successfully.
C:\Windows\system32\config\SAM.iobit => Moved successfully.
C:\Windows\system32\config\SECURITY.iobit => Moved successfully.
C:\Windows\Tasks\ImCleanDisabled => Moved successfully.
C:\Program Files\Common Files\IObit => Moved successfully.
C:\Program Files\IObit => Moved successfully.
C:\Users\Petr\AppData\Roaming\TuneUp Software => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {2EED298A-3D66-4B35-AC75-1F97EEB1AF3A}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Katalog Winsock byl �sp��n� resetov�n.
K dokon�en� resetov�n� je nutn� restartovat po��ta�.


========= End of CMD: =========


========= dir C:\$360Section =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\$360Section

09.05.2015 11:41 973 360.788A7A02053EB331B45E9B838BB0D071.q3q
10.05.2015 11:22 330 360.7B9D0A0AED74B66E413D653DFD6DCBD4.q3q
09.05.2015 11:41 425.984 360.8FE899C2A095BA7A310220ACAF02691C.q3q
10.05.2015 11:22 48 360.984067A161BF2EEAA6CDC7631FFC4C76.q3q
10.05.2015 11:22 22.796 360.D546D833DB51CBFF07CB8330D757EA1F.q3q
Soubor�: 5, Bajt�: 450.131
Adres���: 0, Voln�ch bajt�: 67.212.869.632

========= End of CMD: =========


========= dir C:\PROGRA~1 =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\PROGRA~1

10.05.2015 20:41 <DIR> .
10.05.2015 20:41 <DIR> ..
09.11.2011 09:34 <DIR> 7-Zip
26.04.2015 10:04 <DIR> Adobe
11.11.2011 08:44 <DIR> Adobe Media Player
28.09.2014 12:05 <DIR> Aggressive
02.10.2012 12:50 <DIR> Apple Software Update
18.12.2011 15:21 <DIR> Audacity 1.3 Beta (Unicode)
10.05.2015 13:56 <DIR> AVG
25.04.2014 13:04 <DIR> Avidemux 2.6
07.02.2014 00:16 <DIR> BitTorrent
28.09.2014 12:08 <DIR> Borland
25.01.2015 00:41 <DIR> CCleaner
13.09.2014 12:04 <DIR> CDBurnerXP
29.10.2012 21:17 <DIR> CloneSpy
10.05.2015 20:41 <DIR> Common Files
24.03.2015 01:44 <DIR> COMODO
19.03.2012 10:18 <DIR> Cookienator
08.11.2011 16:18 <DIR> Creative
12.10.2014 17:24 <DIR> DAEMON Tools Lite
23.02.2013 21:49 <DIR> DBeaver
11.01.2013 19:55 <DIR> Defraggler
30.04.2012 20:11 <DIR> DIFX
18.04.2012 00:04 <DIR> directx
27.12.2011 05:54 <DIR> DivX
15.03.2012 10:49 <DIR> DOSBox-0.72
16.11.2011 07:23 <DIR> DVD Maker
15.04.2015 12:15 <DIR> Ear Test
24.02.2012 20:50 <DIR> E_HORECKA
02.08.2012 17:17 <DIR> File Shredder
09.10.2013 10:49 <DIR> FLAC to MP3 Converter
07.02.2014 10:34 <DIR> Freemake
16.11.2011 06:46 <DIR> FreeTime
08.08.2014 18:55 <DIR> Google
08.11.2011 16:14 <DIR> Intel
16.04.2015 08:42 <DIR> Internet Explorer
26.04.2015 09:24 <DIR> Java
05.04.2012 14:54 <DIR> K-Lite Codec Pack
22.09.2012 02:18 <DIR> Lavalys
11.11.2011 16:20 <DIR> Logitech
14.03.2014 12:04 <DIR> MAGIX
12.01.2015 22:22 <DIR> Malwarebytes Anti-Malware
24.04.2015 10:49 <DIR> MediaInfo
17.02.2015 05:34 <DIR> Memento Mori 2
15.10.2014 23:30 <DIR> Microsoft ASP.NET
11.11.2011 11:01 <DIR> Microsoft CAPICOM 2.1.0.2
14.07.2009 11:20 <DIR> Microsoft Games
30.07.2014 19:12 <DIR> Microsoft Games for Windows - LIVE
29.02.2012 09:46 <DIR> Microsoft Office
09.10.2013 13:00 <DIR> Microsoft Research
14.12.2014 14:16 <DIR> Microsoft Silverlight
09.04.2012 14:54 <DIR> Microsoft SQL Server Compact Edition
09.04.2012 14:54 <DIR> Microsoft Synchronization Services
12.11.2011 18:42 <DIR> Microsoft Works
13.11.2011 08:59 <DIR> Microsoft.NET
22.04.2015 21:47 <DIR> Mozilla Firefox
23.04.2015 14:30 <DIR> Mozilla Maintenance Service
14.07.2009 06:52 <DIR> MSBuild
14.03.2014 12:03 <DIR> MSXML 4.0
31.01.2014 13:10 <DIR> Music NFO Builder
03.03.2013 21:43 <DIR> NetBeans 7.3
30.04.2012 20:12 <DIR> Nokia
06.05.2015 09:58 <DIR> NVIDIA Corporation
30.08.2013 13:42 <DIR> OkayFreedom
10.07.2012 20:12 <DIR> OpenAL
09.11.2011 10:55 <DIR> PatchBeam
01.11.2013 10:58 <DIR> PopTray
15.05.2014 20:50 <DIR> PowerArchiver
21.07.2014 18:10 <DIR> PPSOFT.DK
10.07.2012 08:48 <DIR> PSPad editor
31.08.2012 22:19 <DIR> Readon Technology
31.08.2012 20:54 <DIR> Recuva
14.07.2009 06:52 <DIR> Reference Assemblies
22.07.2014 23:50 <DIR> ReNamer
30.07.2014 21:07 <DIR> Rockstar Games
25.05.2013 20:54 <DIR> SafeIP
29.03.2015 17:51 <DIR> Scorpions WinCheater
30.10.2013 10:12 <DIR> Seznam.cz
17.09.2013 22:51 <DIR> Sibelius Software
28.01.2014 23:32 <DIR> Sigil
06.04.2015 14:39 <DIR> Skype
28.11.2012 00:10 <DIR> SMPlayer
06.11.2013 13:48 <DIR> Spybot - Search & Destroy
09.06.2014 11:39 <DIR> Spybot - Search & Destroy 2
23.02.2013 21:24 <DIR> SQLite3man
17.01.2013 16:37 <DIR> Stardock
21.04.2013 23:44 <DIR> Steam
15.10.2012 20:08 <DIR> Stellarium
08.11.2011 16:31 <DIR> Sun
16.11.2011 06:48 <DIR> TapinRadio
24.04.2015 11:09 <DIR> Thumbnail me 3.0
08.11.2011 16:13 <DIR> totalcmd
04.10.2013 09:06 <DIR> TS Dejepis
02.04.2015 12:46 <DIR> TVUPlayer
19.10.2012 16:38 <DIR> VideoLAN
15.11.2011 19:41 <DIR> VirtuaNES
02.12.2011 16:17 <DIR> VirtuaWin
28.07.2012 21:02 <DIR> VisiPics
06.12.2012 09:02 <DIR> Vitware
20.12.2014 01:12 <DIR> Winamp
01.03.2015 13:48 <DIR> WinDjView
11.07.2013 18:09 <DIR> Windows Defender
10.07.2014 11:18 <DIR> Windows Journal
16.11.2011 07:23 <DIR> Windows Mail
11.03.2015 22:24 <DIR> Windows Media Player
08.11.2011 16:09 <DIR> Windows NT
16.11.2011 07:23 <DIR> Windows Photo Viewer
16.11.2011 07:23 <DIR> Windows Portable Devices
16.11.2011 07:23 <DIR> Windows Sidebar
29.03.2015 11:25 <DIR> WinPcap
19.10.2012 21:43 <DIR> yBook
09.05.2015 11:41 <DIR> YeaChess
01.07.2012 20:14 <DIR> CENZURA
09.11.2011 09:33 <DIR> Zoner
Soubor�: 0, Bajt�: 0
Adres���: 114, Voln�ch bajt�: 67.212.857.344

========= End of CMD: =========


========= dir C:\PROGRA~2 =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\PROGRA~2

10.05.2015 20:41 <DIR> .
10.05.2015 20:41 <DIR> ..
10.05.2015 11:22 <DIR> 360Quarant
26.04.2015 10:03 <DIR> Adobe
08.11.2011 17:26 <DIR> Apple
09.07.2013 21:51 <DIR> Ashampoo
29.03.2015 11:24 <DIR> AVG
10.05.2015 13:59 <DIR> AVG10
09.11.2011 11:38 <DIR> Canneverbe Limited
26.03.2015 09:33 <DIR> Comodo
09.11.2011 10:56 <DIR> ConeXware
08.11.2011 16:24 <DIR> Creative
10.07.2012 20:18 <DIR> Creative Labs
12.10.2014 17:28 <DIR> DAEMON Tools Lite
01.11.2013 10:44 <DIR> EmailTray
13.08.2014 23:01 <DIR> F-Secure
29.03.2015 11:24 <DIR> Freemake
03.10.2012 00:25 <DIR> Google Updater
25.11.2013 13:23 <DIR> Great Secrets
19.04.2015 20:16 <DIR> IObit
12.08.2014 16:11 <DIR> Lavasoft
22.06.2013 08:15 <DIR> Licenses
11.11.2011 07:11 <DIR> LogiShrd
07.07.2014 14:50 <DIR> Malwarebytes
05.03.2012 23:21 <DIR> McAfee
10.05.2015 13:59 <DIR> MFAData
22.04.2015 23:10 <DIR> Microsoft Help
03.11.2012 23:15 <DIR> MicroWorld
25.04.2012 10:00 <DIR> Mozilla
30.04.2012 20:12 <DIR> NokiaMusic
10.05.2015 18:57 <DIR> NVIDIA
21.07.2014 17:35 <DIR> NVIDIA Corporation
02.04.2015 19:24 <DIR> Oracle
17.01.2013 22:13 <DIR> Readon
08.06.2014 21:01 <DIR> RogueKiller
06.04.2015 14:39 <DIR> Skype
15.03.2014 16:02 <DIR> Smith Micro
10.05.2015 20:34 <DIR> Sophos
06.11.2013 21:04 <DIR> Spybot - Search & Destroy
17.01.2013 16:40 <DIR> Stardock
08.11.2011 17:25 <DIR> Sun
01.08.2014 11:01 <DIR> SUPERAntiSpyware.com
06.04.2013 14:59 <DIR> TuneUp Software
02.04.2015 12:46 <DIR> TVU Networks
Soubor�: 0, Bajt�: 0
Adres���: 44, Voln�ch bajt�: 67.212.861.440

========= End of CMD: =========


========= dir %appdata% =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\Users\Petr\AppData\Roaming

10.05.2015 20:41 <DIR> .
10.05.2015 20:41 <DIR> ..
27.04.2015 09:16 <DIR> Adobe
19.04.2015 19:49 <DIR> Apple Computer
09.07.2013 21:51 <DIR> Ashampoo
31.01.2014 12:44 <DIR> Audacity
29.03.2015 11:27 <DIR> AVG
10.05.2015 13:59 <DIR> AVG10
24.11.2014 20:47 <DIR> avidemux
09.04.2012 16:14 <DIR> Azureus
09.05.2015 11:41 <DIR> BitTorrent
10.12.2014 02:57 <DIR> BlackBean
25.04.2015 15:15 <DIR> BSplayer
25.04.2015 14:20 <DIR> BSplayer Pro
09.11.2011 11:38 <DIR> Canneverbe Limited
13.11.2012 21:10 <DIR> ChromePlus
29.10.2012 21:17 <DIR> CloneSpy
06.05.2015 12:02 <DIR> Comodo
14.01.2015 08:37 <DIR> DAEMON Tools Lite
08.07.2013 23:44 <DIR> dvdcss
06.04.2013 15:10 <DIR> DVDVideoSoft
08.11.2011 16:13 <DIR> GHISLER
22.07.2014 23:02 <DIR> Hulubulu
02.03.2014 12:38 <DIR> ICQ
08.11.2011 16:09 <DIR> Identities
19.04.2015 19:50 <DIR> IObit
11.11.2011 07:04 <DIR> Leadertech
19.09.2012 23:21 <DIR> LEGO Company
08.11.2011 17:28 <DIR> Macromedia
14.07.2009 11:19 <DIR> Media Center Programs
24.04.2015 10:52 <DIR> MediaInfo
06.02.2014 19:59 <DIR> Mozilla
03.03.2013 22:18 <DIR> NetBeans
30.04.2012 20:13 <DIR> Nokia
12.10.2014 17:52 <DIR> NVIDIA
06.08.2012 18:24 138.904 PnkBstrK.sys
10.07.2012 08:48 <DIR> PSpad
16.01.2015 08:18 <DIR> QuickScan
08.04.2012 16:27 <DIR> Raptr
10.10.2012 18:43 <DIR> RigNRoll_usa_ws
31.10.2013 20:00 <DIR> Seznam.cz
17.09.2013 22:52 <DIR> Sibelius Software
09.05.2015 11:46 <DIR> Skype
14.05.2014 18:41 <DIR> skypePM
20.02.2013 22:04 <DIR> Sony Online Entertainment
31.03.2015 11:58 <DIR> Spotify
01.10.2012 20:00 <DIR> Stardock
30.08.2013 13:25 <DIR> Steganos
30.08.2013 13:22 <DIR> Steganos VPN
09.05.2015 11:41 <DIR> Stellarium
24.04.2015 11:09 <DIR> Thumbnail me
16.11.2011 06:55 <DIR> TVU Networks
28.07.2012 17:27 21.976 UserTile.png
09.05.2015 11:41 <DIR> uTorrent
02.12.2011 16:06 <DIR> VirtuaWin
10.05.2015 16:57 <DIR> vlc
09.05.2015 11:41 <DIR> Winamp
01.07.2013 21:01 <DIR> Zoner
Soubor�: 2, Bajt�: 160.880
Adres���: 56, Voln�ch bajt�: 67.212.857.344

========= End of CMD: =========


========= dir %localappdata% =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\Users\Petr\AppData\Local

10.05.2015 18:57 <DIR> .
10.05.2015 18:57 <DIR> ..
10.05.2015 17:25 <DIR> Apps
09.03.2014 00:02 69.120 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
20.09.2012 02:09 <DIR> Deployment
20.04.2015 11:55 <DIR> Diagnostics
20.04.2015 11:47 <DIR> ElevatedDiagnostics
16.06.2012 20:58 <DIR> European Bus Simulator 2012
27.11.2012 23:58 <DIR> fontconfig
10.05.2015 13:51 122.088 GDIPFONTCACHEV1.DAT
03.06.2014 18:52 <DIR> Google
27.09.2012 22:15 <DIR> id Software
11.11.2011 07:05 <DIR> LogiShrd
12.06.2012 11:30 <DIR> Macromedia
29.12.2014 22:35 <DIR> Microsoft
23.04.2015 15:39 <DIR> Microsoft Games
17.11.2012 11:00 <DIR> Microsoft Help
15.10.2013 23:22 <DIR> Microsoft_Research
17.09.2013 19:00 <DIR> Mozilla
03.03.2013 22:17 <DIR> NetBeans
30.04.2012 20:12 <DIR> Nokia
21.07.2014 17:37 <DIR> NVIDIA
30.07.2014 11:40 <DIR> NVIDIA Corporation
30.12.2012 21:46 <DIR> Programs
06.08.2012 18:47 <DIR> PunkBuster
02.10.2012 13:11 <DIR> Readon_Technology
30.07.2014 21:03 <DIR> Rockstar Games
06.08.2012 18:38 <DIR> SCE
28.01.2014 23:33 <DIR> sigil-ebook
14.05.2014 18:57 <DIR> Skype
15.03.2014 16:08 <DIR> Smith Micro
31.03.2015 12:39 <DIR> Spotify
17.01.2013 16:40 <DIR> Stardock_Corporation
15.10.2012 20:08 <DIR> stellarium
11.08.2014 16:39 <DIR> Sunbelt Software
10.05.2015 20:40 <DIR> Temp
24.04.2015 11:09 <DIR> Thumbnail me
02.04.2015 12:46 <DIR> TVU Networks
25.10.2012 22:37 <DIR> Vidalia
11.01.2015 00:30 <DIR> VirtualStore
08.04.2012 15:53 <DIR> VS Revo Group
09.11.2011 11:54 <DIR> Zoner
Soubor�: 2, Bajt�: 191.208
Adres���: 40, Voln�ch bajt�: 67.212.853.248

========= End of CMD: =========


========= dir %programdata% =========

Svazek v jednotce C je win7.
S�riov� ��slo svazku je 1CE8-9BBA.

V�pis adres��e C:\ProgramData

10.05.2015 20:41 <DIR> .
10.05.2015 20:41 <DIR> ..
10.05.2015 11:22 <DIR> 360Quarant
26.04.2015 10:03 <DIR> Adobe
08.11.2011 17:26 <DIR> Apple
09.07.2013 21:51 <DIR> Ashampoo
29.03.2015 11:24 <DIR> AVG
10.05.2015 13:59 <DIR> AVG10
09.11.2011 11:38 <DIR> Canneverbe Limited
26.03.2015 09:33 <DIR> Comodo
09.11.2011 10:56 <DIR> ConeXware
08.11.2011 16:24 <DIR> Creative
10.07.2012 20:18 <DIR> Creative Labs
12.10.2014 17:28 <DIR> DAEMON Tools Lite
01.11.2013 10:44 <DIR> EmailTray
13.08.2014 23:01 <DIR> F-Secure
29.03.2015 11:24 <DIR> Freemake
03.10.2012 00:25 <DIR> Google Updater
25.11.2013 13:23 <DIR> Great Secrets
19.04.2015 20:16 <DIR> IObit
12.08.2014 16:11 <DIR> Lavasoft
22.06.2013 08:15 <DIR> Licenses
11.11.2011 07:11 <DIR> LogiShrd
07.07.2014 14:50 <DIR> Malwarebytes
05.03.2012 23:21 <DIR> McAfee
10.05.2015 13:59 <DIR> MFAData
22.04.2015 23:10 <DIR> Microsoft Help
03.11.2012 23:15 <DIR> MicroWorld
25.04.2012 10:00 <DIR> Mozilla
30.04.2012 20:12 <DIR> NokiaMusic
10.05.2015 18:57 <DIR> NVIDIA
21.07.2014 17:35 <DIR> NVIDIA Corporation
02.04.2015 19:24 <DIR> Oracle
17.01.2013 22:13 <DIR> Readon
08.06.2014 21:01 <DIR> RogueKiller
06.04.2015 14:39 <DIR> Skype
15.03.2014 16:02 <DIR> Smith Micro
10.05.2015 20:34 <DIR> Sophos
06.11.2013 21:04 <DIR> Spybot - Search & Destroy
17.01.2013 16:40 <DIR> Stardock
08.11.2011 17:25 <DIR> Sun
01.08.2014 11:01 <DIR> SUPERAntiSpyware.com
06.04.2013 14:59 <DIR> TuneUp Software
02.04.2015 12:46 <DIR> TVU Networks
Soubor�: 0, Bajt�: 0
Adres���: 44, Voln�ch bajt�: 67.212.853.248

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1382680524-3974183494-2248916863-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 177.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:41:21 ====
Keybord not present. Press Enter to continue

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jaro3 » 12 kvě 2015 08:08

Odinstaluj:
Spybot - Search & Destroy
Spybot - Search & Destroy 2
F-Secure
IObit
Lavasoft
McAfee
SUPERAntiSpyware



Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 12 kvě 2015 11:47

Odkazované programy smazat nemohu, protože nejsou nainstalované. Nicméně našel jsem jejich složky, jsou buď prázdné, nebo obsahují logy a některé i jiné haraburdí. Mohu je smazat?

Zde je log z ComboFix:

ComboFix 15-05-09.01 - Petr 12.05.2015 11:24:54.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.2331 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-12 do 2015-05-12 )))))))))))))))))))))))))))))))
.
.
2015-05-12 09:33 . 2015-05-12 09:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-10 17:50 . 2015-05-10 18:51 -------- d-----w- C:\FRST
2015-05-10 16:52 . 2015-05-10 15:50 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-10 16:52 . 2015-05-12 09:38 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-05-10 15:50 . 2015-05-10 16:25 -------- d-----w- C:\zoek_backup
2015-05-10 15:25 . 2015-05-10 15:25 -------- d-----w- c:\users\Petr\AppData\Local\Apps
2015-05-10 13:59 . 2015-05-10 14:36 -------- d-----w- C:\AdwCleaner
2015-05-10 11:59 . 2015-05-10 11:59 -------- d-----w- c:\users\Petr\AppData\Roaming\AVG10
2015-05-10 11:57 . 2015-05-12 06:59 -------- d-----w- c:\windows\system32\drivers\AVG
2015-05-10 11:57 . 2015-05-11 16:27 -------- d-----w- c:\programdata\AVG10
2015-05-10 11:56 . 2015-05-10 11:56 -------- d-----w- c:\program files\AVG
2015-05-10 11:53 . 2015-05-10 11:59 -------- d-----w- c:\programdata\MFAData
2015-05-10 04:15 . 2015-04-19 22:59 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E14F0569-8F99-4551-A231-B2ED60B17344}\mpengine.dll
2015-05-09 09:41 . 2015-05-10 09:22 -------- d-----w- C:\$360Section
2015-05-09 09:24 . 2015-05-10 09:22 -------- d-----w- c:\programdata\360Quarant
2015-05-06 11:49 . 2015-05-07 05:55 3758 ----a-w- c:\windows\system32\drivers\fvstore.dat
2015-05-06 10:02 . 2015-05-06 10:02 -------- d-----w- c:\users\Petr\AppData\Roaming\Comodo
2015-05-06 08:00 . 2015-04-08 20:34 560968 ----a-w- c:\windows\system32\nvStreaming.exe
2015-04-25 12:20 . 2015-04-25 13:15 -------- d-----w- c:\users\Petr\AppData\Roaming\BSplayer
2015-04-25 12:20 . 2015-04-25 12:20 -------- d-----w- c:\users\Petr\AppData\Roaming\BSplayer Pro
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\users\Petr\AppData\Local\Thumbnail me
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Thumbnail me
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\program files\Thumbnail me 3.0
2015-04-24 08:50 . 2015-04-24 08:52 -------- d-----w- c:\users\Petr\AppData\Roaming\MediaInfo
2015-04-24 08:49 . 2015-04-24 08:49 -------- d-----w- c:\program files\MediaInfo
2015-04-22 06:17 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-22 06:17 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-22 06:17 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-04-21 06:52 . 2014-08-29 01:44 37376 ----a-w- c:\windows\system32\tsgqec.dll
2015-04-21 06:52 . 2014-08-29 01:44 269312 ----a-w- c:\windows\system32\aaclient.dll
2015-04-21 06:52 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\system32\mstscax.dll
2015-04-21 06:52 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\system32\mstsc.exe
2015-04-21 06:51 . 2014-12-11 17:47 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-04-19 18:10 . 2015-04-19 18:10 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-04-19 18:10 . 2015-04-19 18:10 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2015-04-19 18:10 . 2015-04-19 18:10 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-04-19 18:10 . 2015-04-19 18:10 317440 ----a-w- c:\windows\system32\wksprt.exe
2015-04-19 18:10 . 2015-04-19 18:10 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-04-19 18:10 . 2015-04-19 18:10 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2015-04-19 18:10 . 2015-04-19 18:10 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-04-19 18:10 . 2015-04-19 18:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-19 18:10 . 2015-04-19 18:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-15 10:15 . 2015-04-15 10:15 -------- d-----w- c:\program files\Ear Test
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-10 15:36 . 2014-06-08 19:01 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-10 14:43 . 2014-07-07 12:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 11:58 . 2011-05-27 17:05 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2015-05-10 11:58 . 2011-02-10 05:53 24144 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2015-05-10 11:58 . 2011-02-22 06:12 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2015-05-10 11:58 . 2011-02-10 05:53 21968 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2015-05-10 11:58 . 2011-03-01 12:25 34896 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-05-10 11:58 . 2012-11-12 02:47 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-05-10 11:58 . 2011-03-16 14:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2015-05-10 11:57 . 2014-11-04 02:48 299552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-05-10 04:15 . 2011-11-08 14:42 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-05-01 16:51 . 2014-07-30 09:39 1316000 ----a-w- c:\windows\system32\nvspbridge.dll
2015-05-01 16:51 . 2014-07-21 15:29 1316184 ----a-w- c:\windows\system32\nvspcap.dll
2015-04-26 08:18 . 2012-04-02 20:26 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-26 08:18 . 2011-11-08 15:23 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-26 07:20 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-19 18:10 . 2015-04-19 18:10 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2015-04-09 00:52 . 2014-07-21 15:26 66704 ----a-w- c:\windows\system32\OpenCL.dll
2015-04-09 00:52 . 2014-07-21 15:23 14617096 ----a-w- c:\windows\system32\nvwgf2um.dll
2015-04-09 00:52 . 2014-07-21 15:23 12689400 ----a-w- c:\windows\system32\nvd3dum.dll
2015-04-09 00:52 . 2014-07-21 15:23 2935416 ----a-w- c:\windows\system32\nvapi.dll
2015-04-08 21:08 . 2014-07-21 15:26 4363920 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-08 21:08 . 2014-07-21 15:26 3008144 ----a-w- c:\windows\system32\nvsvc.dll
2015-04-08 21:08 . 2014-07-30 09:53 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-08 21:08 . 2014-07-21 15:26 670352 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-08 21:08 . 2014-07-21 15:26 61584 ----a-w- c:\windows\system32\nvshext.dll
2015-04-08 21:08 . 2014-07-21 15:26 374928 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-01 17:49 . 2010-09-10 22:40 91200 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-04-01 17:49 . 2010-09-10 22:40 41248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-04-01 17:49 . 2010-09-10 22:40 621144 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2015-04-01 17:49 . 2010-09-10 22:40 17088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-04-01 17:48 . 2011-11-11 15:11 33520 ----a-w- c:\windows\system32\cmdcsr.dll
2015-04-01 17:48 . 2010-09-10 22:41 444472 ----a-w- c:\windows\system32\guard32.dll
2015-04-01 17:45 . 2015-03-23 21:42 288472 ----a-w- c:\windows\system32\cmdvrt32.dll
2015-04-01 17:45 . 2015-03-23 21:42 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2015-03-23 20:21 . 2015-03-23 20:21 86 ----a-w- C:\Delapp.bat
2015-03-17 04:57 . 2015-04-15 06:53 248832 ----a-w- c:\windows\system32\schannel.dll
2015-02-26 03:11 . 2015-03-11 18:58 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:13 . 2015-03-11 18:57 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 18:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 18:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 18:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 18:57 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-01 2685072]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-05-01 1316184]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-01 1359064]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2015-05-10 2345592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-03-06 22:22 1018056 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-12-12 17:21 5489944 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2015-05-01 16:52 2685072 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2015-05-01 16:51 1316184 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-03-25 14:38 31682656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2015-03-31 09:58 7112248 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2015-03-31 09:58 2018360 ----a-w- c:\users\Petr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-10 09:57 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-04-01 1664728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-12-03 108032]
R3 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2014-12-03 9216]
R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-05-01 919184]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-04-19 14848]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2015-04-19 49664]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2015-05-10 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-05-10 32592]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-05-10 255968]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-10 299552]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2015-04-01 621144]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2015-04-01 41248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-12 243128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2015-05-10 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2015-05-10 269520]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2011-05-22 20216]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-05-01 1884304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-05-01 20698768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-04-08 410952]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2015-05-10 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2015-05-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2015-05-10 21968]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-05-01 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*­„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4164)
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG10\avgchsvx.exe
c:\program files\AVG\AVG10\avgrsx.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-05-12 11:44:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-12 09:44
.
Před spuštěním: Volných bajtů: 79.791.546.368
Po spuštění: Volných bajtů: 79.685.378.048
.
- - End Of File - - 9D782BC186569D7AA876880F5AA54489
A36C5E4F47E84449FF07ED3517B43A31
Keybord not present. Press Enter to continue

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod jerabina » 13 kvě 2015 10:37

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

CleanJavaCache::

KillAll::

Folder::
c:\program files\Skype\Updater\

Driver::
SkypeUpdate

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

RegLock::
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*­„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
Obrázek
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 558
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu HJT

Příspěvekod akiller » 13 kvě 2015 11:26

Zde je log z combofix:

ComboFix 15-05-09.01 - Petr 13.05.2015 11:05:55.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.2268 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Disabled* {C8870897-C358-086B-2944-184866CC6D0A}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Comodo Defense+ *Enabled/Updated* {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-04-13 do 2015-05-13 )))))))))))))))))))))))))))))))
.
.
2015-05-13 09:15 . 2015-05-13 09:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-05-13 09:15 . 2015-05-13 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-10 17:50 . 2015-05-10 18:51 -------- d-----w- C:\FRST
2015-05-10 16:52 . 2015-05-10 15:50 24064 ----a-w- c:\windows\zoek-delete.exe
2015-05-10 16:52 . 2015-05-13 09:18 -------- d-----w- c:\users\Petr\AppData\Local\Temp
2015-05-10 15:50 . 2015-05-10 16:25 -------- d-----w- C:\zoek_backup
2015-05-10 15:25 . 2015-05-10 15:25 -------- d-----w- c:\users\Petr\AppData\Local\Apps
2015-05-10 13:59 . 2015-05-10 14:36 -------- d-----w- C:\AdwCleaner
2015-05-10 11:59 . 2015-05-10 11:59 -------- d-----w- c:\users\Petr\AppData\Roaming\AVG10
2015-05-10 11:57 . 2015-05-13 06:05 -------- d-----w- c:\windows\system32\drivers\AVG
2015-05-10 11:57 . 2015-05-11 16:27 -------- d-----w- c:\programdata\AVG10
2015-05-10 11:56 . 2015-05-10 11:56 -------- d-----w- c:\program files\AVG
2015-05-10 11:53 . 2015-05-10 11:59 -------- d-----w- c:\programdata\MFAData
2015-05-10 04:15 . 2015-04-19 22:59 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E14F0569-8F99-4551-A231-B2ED60B17344}\mpengine.dll
2015-05-09 09:41 . 2015-05-10 09:22 -------- d-----w- C:\$360Section
2015-05-09 09:24 . 2015-05-10 09:22 -------- d-----w- c:\programdata\360Quarant
2015-05-06 11:49 . 2015-05-07 05:55 3758 ----a-w- c:\windows\system32\drivers\fvstore.dat
2015-05-06 10:02 . 2015-05-06 10:02 -------- d-----w- c:\users\Petr\AppData\Roaming\Comodo
2015-05-06 08:00 . 2015-04-08 20:34 560968 ----a-w- c:\windows\system32\nvStreaming.exe
2015-04-25 12:20 . 2015-04-25 13:15 -------- d-----w- c:\users\Petr\AppData\Roaming\BSplayer
2015-04-25 12:20 . 2015-04-25 12:20 -------- d-----w- c:\users\Petr\AppData\Roaming\BSplayer Pro
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\users\Petr\AppData\Local\Thumbnail me
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\users\Petr\AppData\Roaming\Thumbnail me
2015-04-24 09:09 . 2015-04-24 09:09 -------- d-----w- c:\program files\Thumbnail me 3.0
2015-04-24 08:50 . 2015-04-24 08:52 -------- d-----w- c:\users\Petr\AppData\Roaming\MediaInfo
2015-04-24 08:49 . 2015-04-24 08:49 -------- d-----w- c:\program files\MediaInfo
2015-04-22 06:17 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-22 06:17 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-22 06:17 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-04-21 06:52 . 2014-08-29 01:44 37376 ----a-w- c:\windows\system32\tsgqec.dll
2015-04-21 06:52 . 2014-08-29 01:44 269312 ----a-w- c:\windows\system32\aaclient.dll
2015-04-21 06:52 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\system32\mstscax.dll
2015-04-21 06:52 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\system32\mstsc.exe
2015-04-21 06:51 . 2014-12-11 17:47 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-04-19 18:10 . 2015-04-19 18:10 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-04-19 18:10 . 2015-04-19 18:10 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2015-04-19 18:10 . 2015-04-19 18:10 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-04-19 18:10 . 2015-04-19 18:10 317440 ----a-w- c:\windows\system32\wksprt.exe
2015-04-19 18:10 . 2015-04-19 18:10 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-04-19 18:10 . 2015-04-19 18:10 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2015-04-19 18:10 . 2015-04-19 18:10 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-04-19 18:10 . 2015-04-19 18:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-19 18:10 . 2015-04-19 18:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-15 10:15 . 2015-04-15 10:15 -------- d-----w- c:\program files\Ear Test
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-10 15:36 . 2014-06-08 19:01 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-10 14:43 . 2014-07-07 12:51 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-10 11:58 . 2011-05-27 17:05 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2015-05-10 11:58 . 2011-02-10 05:53 24144 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2015-05-10 11:58 . 2011-02-22 06:12 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2015-05-10 11:58 . 2011-02-10 05:53 21968 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2015-05-10 11:58 . 2011-03-01 12:25 34896 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-05-10 11:58 . 2012-11-12 02:47 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-05-10 11:58 . 2011-03-16 14:03 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2015-05-10 11:57 . 2014-11-04 02:48 299552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-05-10 04:15 . 2011-11-08 14:42 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-05-01 16:51 . 2014-07-30 09:39 1316000 ----a-w- c:\windows\system32\nvspbridge.dll
2015-05-01 16:51 . 2014-07-21 15:29 1316184 ----a-w- c:\windows\system32\nvspcap.dll
2015-04-26 08:18 . 2012-04-02 20:26 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-26 08:18 . 2011-11-08 15:23 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-26 07:20 . 2014-05-02 05:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-04-19 18:10 . 2015-04-19 18:10 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2015-04-09 00:52 . 2014-07-21 15:26 66704 ----a-w- c:\windows\system32\OpenCL.dll
2015-04-09 00:52 . 2014-07-21 15:23 14617096 ----a-w- c:\windows\system32\nvwgf2um.dll
2015-04-09 00:52 . 2014-07-21 15:23 12689400 ----a-w- c:\windows\system32\nvd3dum.dll
2015-04-09 00:52 . 2014-07-21 15:23 2935416 ----a-w- c:\windows\system32\nvapi.dll
2015-04-08 21:08 . 2014-07-21 15:26 4363920 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-08 21:08 . 2014-07-21 15:26 3008144 ----a-w- c:\windows\system32\nvsvc.dll
2015-04-08 21:08 . 2014-07-30 09:53 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-08 21:08 . 2014-07-21 15:26 670352 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-08 21:08 . 2014-07-21 15:26 61584 ----a-w- c:\windows\system32\nvshext.dll
2015-04-08 21:08 . 2014-07-21 15:26 374928 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-01 17:49 . 2010-09-10 22:40 91200 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-04-01 17:49 . 2010-09-10 22:40 41248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-04-01 17:49 . 2010-09-10 22:40 621144 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2015-04-01 17:49 . 2010-09-10 22:40 17088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-04-01 17:48 . 2011-11-11 15:11 33520 ----a-w- c:\windows\system32\cmdcsr.dll
2015-04-01 17:48 . 2010-09-10 22:41 444472 ----a-w- c:\windows\system32\guard32.dll
2015-04-01 17:45 . 2015-03-23 21:42 288472 ----a-w- c:\windows\system32\cmdvrt32.dll
2015-04-01 17:45 . 2015-03-23 21:42 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2015-03-23 20:21 . 2015-03-23 20:21 86 ----a-w- C:\Delapp.bat
2015-03-17 04:57 . 2015-04-15 06:53 248832 ----a-w- c:\windows\system32\schannel.dll
2015-02-26 03:11 . 2015-03-11 18:58 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:13 . 2015-03-11 18:57 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-11 18:57 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-11 18:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-11 18:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-11 18:57 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-01 2685072]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-05-01 1316184]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-04-01 1359064]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2015-05-10 2345592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent.lnk]
backup=c:\windows\pss\BitTorrent.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Registrace produktu.lnk]
backup=c:\windows\pss\Logitech . Registrace produktu.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-12-12 17:21 5489944 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2011-10-21 11:19 2193000 ----a-w- c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2015-05-01 16:52 2685072 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2015-05-01 16:51 1316184 ----a-w- c:\windows\System32\nvspcap.dll
.
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-04-01 1664728]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-08 79360]
R3 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2014-12-03 108032]
R3 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2014-12-03 9216]
R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-05-01 919184]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-04-19 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2015-04-19 49664]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 104280]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2015-05-10 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-05-10 32592]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-05-10 255968]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-10 299552]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2015-04-01 621144]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2015-04-01 41248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-10-12 243128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2015-05-10 7391072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2015-05-10 269520]
S2 HWiNFO32;HWiNFO32 Kernel Driver;d:\program files\HWiNFO32\HWiNFO32.SYS [2011-05-22 20216]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-05-01 1884304]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-05-01 20698768]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-04-08 410952]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2015-05-10 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2015-05-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2015-05-10 21968]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-05-01 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 19:29 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{C6846616-3E73-45D0-840E-DAE156DADA32}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\g82kcs7k.default-1430921114877\
FF - prefs.js: browser.startup.homepage - hxxps://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*03Äf\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*j!4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*­„cD\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*[rř*Źg:\filmy\Simpsonovi\09. Ĺ™ada\09x03 Lizin saxofon.avi**xofon.avi\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*ëéąg\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**Śfile:///G:/Filmy/Simpsonovi/11.%20%C5%99ada/11x02%20Bartovo%20napraveni.avi*avi*Ů!Čo\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1382680524-3974183494-2248916863-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*AÄ/%\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4580)
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\mscms.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG10\avgchsvx.exe
c:\program files\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\COMODO\COMODO Internet Security\cis.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-05-13 11:25:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-05-13 09:25
ComboFix2.txt 2015-05-12 09:44
.
Před spuštěním: Volných bajtů: 79.889.203.200
Po spuštění: Volných bajtů: 79.441.461.248
.
- - End Of File - - 2A54C38E5FE326A4DFDF4388BE7965FC
A36C5E4F47E84449FF07ED3517B43A31
Keybord not present. Press Enter to continue


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 56 hostů