Nefunkční mozilla, nové složky v PC

Zpráva

turquoisefly · #1 Příspěvek od **turquoisefly** » 10 zář 2014 13:15

FRST.zip: (19.71 KiB) Staženo 45 x

Dobrý den,
povedlo se mi stáhnout do počítače nějakou mrchu - instalovala jsem program na stažení videa z youtube a společně s tím se objevily problémy s Mozillou. Na některé stránky se dostanu (zpravidla po zadání adresy do adresního řádku), ale nefunguje vyhledávání přes google a některé stránky jsou blokovány i tak s hlášením, že je potřeba přijmout bezpečnostní výjimku (nedůvěryhodné připojení). Program jsem odinstalovala, ale problém zůstal.
Po restartu jsem v počítači našla kopii složky, na které jsem předtím pracovala, ale s řadou nesmyslných znaků v názvu. Microsoft Security Essentilas nic nenašel.

Mohli byste se na to prosím mrknout?
Děkuji

P.S.: V příloze jsou logy z FRST

Log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlasta at 2014-09-10 14:12:16
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 36 GB (18%) free of 200 GB
Total RAM: 4094 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:19, on 10.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\RocketTab\Client.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Vlasta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49195;https=127.0.0.1:49195
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Vlasta\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Vlasta\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12192 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
/QuitInfo:0000000000000418;0000000000000428; /AddRef;
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
C:\Windows\SysWOW64\XSrvSetup.exe
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2280
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-04595bcd-6694-4922-b983-a31dd6fcf686 -SystemEventPortName:HostProcess-525aab13-7f44-40a9-a1a5-bb6e8d7831e5 -IoCancelEventPortName:HostProcess-7513581b-209f-4361-b8fe-efe3a917a73a -NonStateChangingEventPortName:HostProcess-a7fd4c5a-19a8-4590-ae10-a35dd0077888 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6c5b05bf-2f8b-4110-b306-982660ce3c1f -DeviceGroupId:WpdFsGroup
"taskhost.exe"
/QuitInfo:0000000000000738;0000000000000754; /AddRef;
"C:\Windows\system32\Dwm.exe"
/QuitInfo:0000000000000774;0000000000000780;
C:\Windows\Explorer.EXE
/loadhooks /Parent:00000000000001A4
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe" /p
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -startup
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
WTablet\Wacom_TabletUser.exe
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Wacom_Tablet.exe au
KHALMNPR.EXE /API
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\RocketTab\Client.exe" /Preferred=true
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Vlasta\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Vlasta\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-01-13 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08 654384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"QIP Internet Guardian"=C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe [2014-03-04 436720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-09-10 11:51:01 ----D---- C:\Program Files (x86)\RocketTab
2014-09-10 11:50:56 ----D---- C:\Program Files (x86)\GreenTree Applications
2014-09-10 08:35:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-09-09 00:13:50 ----D---- C:\Users\Vlasta\AppData\Roaming\pdfforge
2014-09-09 00:13:46 ----D---- C:\Program Files (x86)\PDFCreator
2014-09-09 00:13:46 ----A---- C:\Windows\SYSWOW64\MSMPIDE.DLL
2014-09-02 22:29:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-08-27 20:13:56 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-27 20:13:56 ----A---- C:\Windows\system32\win32k.sys
2014-08-27 20:13:56 ----A---- C:\Windows\system32\gdi32.dll
2014-08-15 00:35:42 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-15 00:35:42 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-15 00:35:42 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-15 00:35:42 ----A---- C:\Windows\system32\icardagt.exe
2014-08-15 00:35:40 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-15 00:35:40 ----A---- C:\Windows\system32\icardres.dll
2014-08-15 00:35:28 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-15 00:35:28 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-14 15:48:11 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-14 15:48:11 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:48:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-14 15:48:09 ----A---- C:\Windows\system32\tzres.dll
2014-08-14 15:48:04 ----A---- C:\Windows\system32\msi.dll
2014-08-14 15:48:03 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-14 15:48:03 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-14 15:48:03 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-14 15:48:03 ----A---- C:\Windows\system32\msihnd.dll
2014-08-14 15:48:03 ----A---- C:\Windows\system32\consent.exe
2014-08-14 15:48:03 ----A---- C:\Windows\system32\authui.dll
2014-08-14 15:47:59 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-14 15:47:56 ----A---- C:\Windows\system32\shell32.dll
2014-08-14 15:47:55 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-14 15:47:53 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-14 15:47:53 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-14 15:47:53 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-14 15:47:52 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-14 15:47:52 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:47:52 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:47:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-14 15:47:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-14 15:47:51 ----A---- C:\Windows\system32\iernonce.dll
2014-08-14 15:47:51 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-14 15:47:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-14 15:47:50 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-14 15:47:50 ----A---- C:\Windows\system32\urlmon.dll
2014-08-14 15:47:50 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:47:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-08-14 15:47:49 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-14 15:47:49 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:47:49 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-14 15:47:48 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-14 15:47:48 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-14 15:47:48 ----A---- C:\Windows\system32\iesetup.dll
2014-08-14 15:47:48 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-14 15:47:47 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-14 15:47:47 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-14 15:47:47 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-14 15:47:47 ----A---- C:\Windows\system32\iertutil.dll
2014-08-14 15:47:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-14 15:47:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-14 15:47:46 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-14 15:47:46 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-14 15:47:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-14 15:47:46 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-14 15:47:46 ----A---- C:\Windows\system32\ieui.dll
2014-08-14 15:47:46 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-14 15:47:45 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-14 15:47:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-14 15:47:45 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-14 15:47:45 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-14 15:47:45 ----A---- C:\Windows\system32\ieframe.dll
2014-08-14 15:47:44 ----A---- C:\Windows\system32\wininet.dll
2014-08-14 15:47:44 ----A---- C:\Windows\system32\vbscript.dll
2014-08-14 15:47:44 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:47:44 ----A---- C:\Windows\system32\jscript9.dll
2014-08-14 15:47:44 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-14 15:47:43 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 15:47:43 ----A---- C:\Windows\system32\msrating.dll
2014-08-14 15:47:42 ----A---- C:\Windows\system32\mshtml.dll
2014-08-14 15:46:59 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-14 15:46:58 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-14 15:46:57 ----A---- C:\Windows\system32\aepdu.dll
2014-08-14 15:46:57 ----A---- C:\Windows\system32\aeinv.dll

======List of files/folders modified in the last 1 months======

2014-09-10 14:12:17 ----D---- C:\Program Files\trend micro
2014-09-10 14:05:00 ----D---- C:\Windows\System32
2014-09-10 14:05:00 ----D---- C:\Windows\inf
2014-09-10 14:05:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-10 13:16:08 ----D---- C:\Windows\system32\config
2014-09-10 13:04:52 ----D---- C:\Windows\temp
2014-09-10 13:02:45 ----D---- C:\Users\Vlasta\AppData\Roaming\WTablet
2014-09-10 13:01:03 ----D---- C:\Windows
2014-09-10 12:21:19 ----RD---- C:\Program Files (x86)
2014-09-10 12:00:26 ----D---- C:\ProgramData
2014-09-10 11:51:02 ----D---- C:\Windows\system32\Tasks
2014-09-10 08:35:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-10 08:35:03 ----D---- C:\Windows\SysWOW64
2014-09-10 07:29:56 ----D---- C:\Windows\system32\catroot
2014-09-10 07:29:55 ----D---- C:\Windows\system32\catroot2
2014-09-10 07:29:52 ----D---- C:\Windows\winsxs
2014-09-10 07:29:31 ----D---- C:\Windows\Prefetch
2014-09-03 15:59:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-27 09:21:26 ----D---- C:\Windows\system32\LogFiles
2014-08-21 10:58:30 ----D---- C:\Windows\debug
2014-08-16 16:47:50 ----D---- C:\Windows\rescache
2014-08-16 15:44:04 ----SHD---- C:\Windows\Installer
2014-08-15 11:17:20 ----D---- C:\Windows\Microsoft.NET
2014-08-15 11:16:27 ----RSD---- C:\Windows\assembly
2014-08-15 08:28:19 ----D---- C:\Windows\ehome
2014-08-15 08:28:18 ----RSD---- C:\Windows\Fonts
2014-08-15 08:28:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-15 08:28:12 ----D---- C:\Windows\system32\cs-CZ
2014-08-15 08:28:11 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-15 08:28:11 ----D---- C:\Windows\system32\drivers
2014-08-15 08:28:11 ----D---- C:\Program Files\Internet Explorer
2014-08-15 08:28:10 ----D---- C:\Windows\system32\en-US
2014-08-15 08:28:10 ----D---- C:\Windows\PolicyDefinitions
2014-08-15 08:28:09 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-15 00:47:30 ----D---- C:\ProgramData\Microsoft Help
2014-08-15 00:42:07 ----D---- C:\Windows\system32\MRT
2014-08-15 00:39:39 ----A---- C:\Windows\system32\MRT.exe
2014-08-15 00:35:11 ----SD---- C:\Windows\system32\CompatTel

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-27 115312]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-12 283200]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-06 2337440]
R3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-01-23 35600]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\Windows\system32\DRIVERS\Rockey4.sys [2011-05-11 25600]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-22 16168]
S2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-02-25 25640]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Rockey_USB;Feitian ROCKEY4 USB Service; C:\Windows\system32\DRIVERS\Rockey4USB.sys [2011-05-11 16384]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2010-01-27 231328]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USB28xxBGA;PCTV 330e/800e Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2007-08-08 576640]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2007-08-08 54528]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 JMB36X;JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-01-13 187776]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 267440]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-01-20 1436424]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-11 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-02 114288]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

turquoisefly · #2 Příspěvek od **turquoisefly** » 10 zář 2014 14:47

: Untitled-1.jpg (135.87 KiB) Zobrazeno 2096 x

Odinstalovala jsem Security Essentials a natáhla Avast a vyhodilo mi to dvě hrozby:

#3 Příspěvek od **vyosek** » 10 zář 2014 14:49

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

turquoisefly · #4 Příspěvek od **turquoisefly** » 10 zář 2014 15:57

Děkuju za pomoc a vkládám logy.

ADWCleaner:

# AdwCleaner v3.309 - Report created 10/09/2014 at 16:30:25
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Vlasta - VLASTA-PC
# Running from : C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Vlasta\AppData\Local\PackageAware
Folder Deleted : C:\Users\Vlasta\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Vlasta\AppData\Roaming\Solvusoft
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Vlasta\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v32.0 (x86 cs)

[ File : C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\prefs.js ]

*************************

AdwCleaner[R0].txt - [3459 octets] - [10/09/2014 16:29:14]
AdwCleaner[S0].txt - [3263 octets] - [10/09/2014 16:30:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3323 octets] ##########

Zoek:

Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Vlasta on st 10.09.2014 at 16:35:31,91.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Vlasta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.9.2014 16:38:02 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1D6BB70A-57F1-49cc-B305-8D324CA84156} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully
HKEY_USERS\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\prefs.js:
user_pref("browser.startup.homepage", "seznam.cz");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://search.yahoo.com/search?fr=gree ... =501549&p=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\prefs.js:

ProfilePath: C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_10.09.2014_1646_.backup

==== Deleting Files \ Folders ======================

C:\Users\Vlasta\.android deleted
C:\PROGRA~2\Free HD Converter deleted
C:\windows\SysNative\tasks\RocketTab deleted
C:\windows\SysNative\tasks\RocketTab Update Task deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\~.tmp deleted
"C:\PROGRA~2\RocketTab\Client.exe" deleted
"C:\PROGRA~2\RocketTab" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10.09.2014 15:37]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Clickjacking Reveal - %ProfilePath%\extensions\no-clickjacking@daohoangson.com.xpi
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[10.09.2014 15:37]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{862DDF09-D0D4-4317-A0D3-19F885A2344F} Google Url="http://www.google.com/search?q={searchT ... utEncoding?}"
{A2EFA036-CB79-4360-844A-B929FDAE935C} Google Url="http://www.google.com/custom?client=pub ... earchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49172;https=127.0.0.1:49172"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vlasta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vlasta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=5 6988933 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Vlasta\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Vlasta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 10.09.2014 at 16:53:03,55 ======================

#5 Příspěvek od **vyosek** » 10 zář 2014 16:36

Poprosim o novy log z FRST

turquoisefly · #6 Příspěvek od **turquoisefly** » 10 zář 2014 16:45

Addition.zip: (11.08 KiB) Staženo 55 x

Přikládám

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Vlasta (administrator) on VLASTA-PC on 10-09-2014 17:41:43
Running from C:\Users\Vlasta\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(QIP.ru) C:\Program Files (x86)\QipGuard\QipGuard.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(QIP.ru) C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-10] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3081686529-2762977039-4001555225-1000\...\Run: [QIP Internet Guardian] => C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe [436720 2014-03-04] (QIP.ru)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vlasta\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2EFA036-CB79-4360-844A-B929FDAE935C} URL = http://www.google.com/custom?client=pub ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818
FF Homepage: http://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Clickjacking Reveal - C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\Extensions\no-clickjacking@daohoangson.com.xpi [2014-05-16]
FF Extension: FlashGot - C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-08-14]
FF Extension: Adblock Plus - C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\uspxx3ow.default-1361891926818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-01-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-10]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-10] (AVAST Software)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [187776 2011-01-13] (QIP.ru) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-09] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-10] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-12] (DT Soft Ltd)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-16] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-16] ()
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [25600 2011-05-11] (Feitian Technologies Co., Ltd.)
S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [16384 2011-05-11] (Feitian Technologies Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 17:41 - 2014-09-10 17:42 - 00019878 _____ () C:\Users\Vlasta\Desktop\FRST.txt
2014-09-10 16:49 - 2014-09-10 16:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-10 16:37 - 2014-09-10 16:53 - 00011763 _____ () C:\zoek-results.log
2014-09-10 16:35 - 2014-09-10 16:46 - 00000000 ____D () C:\zoek_backup
2014-09-10 16:29 - 2014-09-10 16:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 16:22 - 2014-09-10 16:22 - 01370467 _____ () C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe
2014-09-10 16:19 - 2014-09-10 16:19 - 01290240 _____ () C:\Users\Vlasta\Desktop\zoek.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 15:41 - 2014-09-10 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 15:40 - 2014-09-10 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 15:40 - 2014-09-10 15:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-10 15:38 - 2014-09-10 15:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 15:38 - 2014-09-10 15:38 - 00000000 ____D () C:\Users\Vlasta\AppData\Roaming\AVAST Software
2014-09-10 15:38 - 2014-09-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 15:37 - 2014-09-10 15:38 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 15:37 - 2014-09-10 15:37 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 15:37 - 2014-09-10 15:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 15:36 - 2014-09-10 15:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-10 15:36 - 2014-09-10 15:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-10 14:43 - 2014-09-10 14:43 - 00325331 _____ () C:\Users\Vlasta\Desktop\bookmarks-2014-09-10.json
2014-09-10 14:23 - 2014-09-10 17:41 - 00000000 ____D () C:\FRST
2014-09-10 14:19 - 2014-09-10 14:19 - 02105856 _____ (Farbar) C:\Users\Vlasta\Desktop\FRST64.exe
2014-09-10 14:12 - 2014-02-04 21:39 - 00832273 _____ () C:\Users\Vlasta\Desktop\RSITx64.exe
2014-09-10 13:01 - 2014-09-10 16:51 - 00001848 _____ () C:\Windows\PFRO.log
2014-09-10 11:58 - 2014-09-10 11:58 - 288016390 _____ () C:\Users\Vlasta\Documents\London Olympic Park Flower Meadows.mp4
2014-09-10 11:56 - 2014-09-10 11:56 - 27664557 _____ () C:\Users\Vlasta\Documents\Rotherham River of Flowers by Pictorial Meadows.mp4
2014-09-10 08:35 - 2014-09-10 08:35 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 00:13 - 2014-09-09 00:19 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-09-09 00:13 - 2014-09-09 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-09-09 00:13 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-09-09 00:13 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-09-03 16:18 - 2014-09-03 16:18 - 00000000 __SHD () C:\Users\Vlasta\AppData\Local\EmieUserList
2014-09-03 16:18 - 2014-09-03 16:18 - 00000000 __SHD () C:\Users\Vlasta\AppData\Local\EmieSiteList
2014-09-02 22:29 - 2014-09-02 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-27 20:13 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:13 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 18:59 - 2014-09-10 16:51 - 00001978 _____ () C:\Windows\setupact.log
2014-08-26 18:59 - 2014-08-26 18:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-26 12:36 - 2014-09-02 10:52 - 00000000 ____D () C:\Users\Vlasta\AppData\Local\Adobe
2014-08-17 20:41 - 2014-08-17 20:41 - 00000146 _____ () C:\Users\Vlasta\Documents\acad.err
2014-08-15 00:35 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 00:35 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 00:35 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 00:35 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 00:35 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 00:35 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 00:35 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 00:35 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:48 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 15:48 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 15:48 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 15:48 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 15:48 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 15:48 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 15:48 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 15:48 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 15:48 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 15:48 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 15:48 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 15:48 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 15:48 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 15:48 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 15:48 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 15:48 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 15:48 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 15:48 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 15:48 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 15:48 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 15:48 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 15:47 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 15:47 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 15:47 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 15:47 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 15:47 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 15:47 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 15:47 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 15:47 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 15:47 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 15:47 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 15:47 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 15:47 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 15:47 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 15:47 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 15:47 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 15:47 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 15:47 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 15:47 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 15:47 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 15:47 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 15:47 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 15:47 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 15:47 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 15:47 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 15:47 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 15:47 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:47 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 15:47 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 15:47 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 15:47 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 15:47 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 15:47 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 15:47 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 15:47 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 15:47 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 15:47 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 15:47 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 15:47 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 15:47 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:47 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 15:47 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 15:47 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 15:47 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 15:47 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 15:47 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 15:47 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 15:47 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 15:47 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 15:47 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 15:47 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 15:47 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 15:47 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 15:47 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 15:47 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 15:47 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 15:47 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 15:47 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 15:47 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 15:47 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 15:46 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 15:46 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 15:46 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 15:46 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 12:25 - 2014-08-11 12:27 - 230441397 _____ () C:\Users\Vlasta\Downloads\reel 7.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 17:42 - 2014-09-10 17:41 - 00019878 _____ () C:\Users\Vlasta\Desktop\FRST.txt
2014-09-10 17:41 - 2014-09-10 14:23 - 00000000 ____D () C:\FRST
2014-09-10 17:35 - 2012-04-02 18:27 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 16:59 - 2009-07-14 06:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 16:59 - 2009-07-14 06:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 16:56 - 2011-08-05 16:20 - 01102260 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 16:53 - 2014-09-10 16:37 - 00011763 _____ () C:\zoek-results.log
2014-09-10 16:52 - 2013-08-07 13:46 - 00000000 ____D () C:\Users\Vlasta\AppData\Roaming\WTablet
2014-09-10 16:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 16:51 - 2014-09-10 13:01 - 00001848 _____ () C:\Windows\PFRO.log
2014-09-10 16:51 - 2014-08-26 18:59 - 00001978 _____ () C:\Windows\setupact.log
2014-09-10 16:46 - 2014-09-10 16:35 - 00000000 ____D () C:\zoek_backup
2014-09-10 16:46 - 2011-01-16 19:41 - 00000000 ____D () C:\Users\Vlasta
2014-09-10 16:35 - 2014-09-10 16:49 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-10 16:30 - 2014-09-10 16:29 - 00000000 ____D () C:\AdwCleaner
2014-09-10 16:30 - 2009-07-14 17:18 - 00680868 _____ () C:\Windows\system32\perfh005.dat
2014-09-10 16:30 - 2009-07-14 17:18 - 00147722 _____ () C:\Windows\system32\perfc005.dat
2014-09-10 16:30 - 2009-07-14 07:13 - 01620532 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 16:22 - 2014-09-10 16:22 - 01370467 _____ () C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe
2014-09-10 16:19 - 2014-09-10 16:19 - 01290240 _____ () C:\Users\Vlasta\Desktop\zoek.exe
2014-09-10 15:42 - 2011-11-20 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-10 15:41 - 2014-09-10 15:41 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-10 15:41 - 2014-09-10 15:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-10 15:41 - 2014-09-10 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 15:41 - 2011-02-01 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-10 15:40 - 2014-09-10 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-10 15:40 - 2014-09-10 15:40 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-10 15:38 - 2014-09-10 15:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 15:38 - 2014-09-10 15:38 - 00000000 ____D () C:\Users\Vlasta\AppData\Roaming\AVAST Software
2014-09-10 15:38 - 2014-09-10 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-10 15:38 - 2014-09-10 15:37 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-10 15:37 - 2014-09-10 15:37 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-10 15:37 - 2014-09-10 15:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-10 15:37 - 2014-09-10 15:37 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-10 15:36 - 2014-09-10 15:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-10 15:36 - 2014-09-10 15:36 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-10 15:36 - 2011-01-16 20:12 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 14:43 - 2014-09-10 14:43 - 00325331 _____ () C:\Users\Vlasta\Desktop\bookmarks-2014-09-10.json
2014-09-10 14:19 - 2014-09-10 14:19 - 02105856 _____ (Farbar) C:\Users\Vlasta\Desktop\FRST64.exe
2014-09-10 14:12 - 2014-02-04 21:40 - 00000000 ____D () C:\Program Files\trend micro
2014-09-10 11:58 - 2014-09-10 11:58 - 288016390 _____ () C:\Users\Vlasta\Documents\London Olympic Park Flower Meadows.mp4
2014-09-10 11:56 - 2014-09-10 11:56 - 27664557 _____ () C:\Users\Vlasta\Documents\Rotherham River of Flowers by Pictorial Meadows.mp4
2014-09-10 08:35 - 2014-09-10 08:35 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 08:35 - 2012-04-02 18:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 08:35 - 2012-04-02 18:27 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 08:35 - 2011-05-25 18:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 07:21 - 2009-07-14 07:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 00:19 - 2014-09-09 00:13 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-09-09 00:13 - 2014-09-09 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-09-03 16:18 - 2014-09-03 16:18 - 00000000 __SHD () C:\Users\Vlasta\AppData\Local\EmieUserList
2014-09-03 16:18 - 2014-09-03 16:18 - 00000000 __SHD () C:\Users\Vlasta\AppData\Local\EmieSiteList
2014-09-03 15:59 - 2013-02-26 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 22:30 - 2014-09-02 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 10:52 - 2014-08-26 12:36 - 00000000 ____D () C:\Users\Vlasta\AppData\Local\Adobe
2014-08-28 10:41 - 2009-07-14 06:45 - 04898248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 18:59 - 2014-08-26 18:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 06:53 - 2011-01-18 10:23 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-27 20:13 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:13 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:13 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 20:41 - 2014-08-17 20:41 - 00000146 _____ () C:\Users\Vlasta\Documents\acad.err
2014-08-17 20:40 - 2013-10-09 14:13 - 00002211 _____ () C:\Users\Vlasta\Documents\plot.log
2014-08-16 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 08:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 00:47 - 2011-01-16 20:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 00:42 - 2013-08-14 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 00:39 - 2011-01-20 10:53 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 00:35 - 2014-05-06 20:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 12:27 - 2014-08-11 12:25 - 230441397 _____ () C:\Users\Vlasta\Downloads\reel 7.mp4

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-08 08:17

==================== End Of Log ============================

#7 Příspěvek od **vyosek** » 10 zář 2014 17:09

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3081686529-2762977039-4001555225-1000\...\Run: [QIP Internet Guardian] => C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe [436720 2014-03-04] (QIP.ru)
C:\Users\Vlasta\AppData\Roaming\QipGuard

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [187776 2011-01-13] (QIP.ru) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2014-09-10 17:41 - 2014-09-10 17:42 - 00019878 _____ () C:\Users\Vlasta\Desktop\FRST.txt
2014-09-10 16:49 - 2014-09-10 16:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-10 16:37 - 2014-09-10 16:53 - 00011763 _____ () C:\zoek-results.log
2014-09-10 16:35 - 2014-09-10 16:46 - 00000000 ____D () C:\zoek_backup
2014-09-10 16:29 - 2014-09-10 16:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 16:22 - 2014-09-10 16:22 - 01370467 _____ () C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe
2014-09-10 16:19 - 2014-09-10 16:19 - 01290240 _____ () C:\Users\Vlasta\Desktop\zoek.exe
2014-09-10 14:12 - 2014-02-04 21:39 - 00832273 _____ () C:\Users\Vlasta\Desktop\RSITx64.exe

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

turquoisefly · #8 Příspěvek od **turquoisefly** » 10 zář 2014 17:19

Přikládám FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Vlasta at 2014-09-10 18:14:39 Run:1
Running from C:\Users\Vlasta\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3081686529-2762977039-4001555225-1000\...\Run: [QIP Internet Guardian] => C:\Users\Vlasta\AppData\Roaming\QipGuard\QipGuard.exe [436720 2014-03-04] (QIP.ru)
C:\Users\Vlasta\AppData\Roaming\QipGuard

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [187776 2011-01-13] (QIP.ru) [File not signed]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2014-09-10 17:41 - 2014-09-10 17:42 - 00019878 _____ () C:\Users\Vlasta\Desktop\FRST.txt
2014-09-10 16:49 - 2014-09-10 16:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-10 16:37 - 2014-09-10 16:53 - 00011763 _____ () C:\zoek-results.log
2014-09-10 16:35 - 2014-09-10 16:46 - 00000000 ____D () C:\zoek_backup
2014-09-10 16:29 - 2014-09-10 16:30 - 00000000 ____D () C:\AdwCleaner
2014-09-10 16:22 - 2014-09-10 16:22 - 01370467 _____ () C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe
2014-09-10 16:19 - 2014-09-10 16:19 - 01290240 _____ () C:\Users\Vlasta\Desktop\zoek.exe
2014-09-10 14:12 - 2014-02-04 21:39 - 00832273 _____ () C:\Users\Vlasta\Desktop\RSITx64.exe

Hosts:
Reboot:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-3081686529-2762977039-4001555225-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian => value deleted successfully.
C:\Users\Vlasta\AppData\Roaming\QipGuard => Moved successfully.
"HKCR\PROTOCOLS\Handler\bwfile-8876480" => Key deleted successfully.
"HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B}" => Key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key not found.
QipGuard => Service stopped successfully.
QipGuard => Service deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Users\Vlasta\Desktop\FRST.txt" => File/Directory not found.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Vlasta\Desktop\adwcleaner_3.309.exe => Moved successfully.
C:\Users\Vlasta\Desktop\zoek.exe => Moved successfully.
C:\Users\Vlasta\Desktop\RSITx64.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

#9 Příspěvek od **vyosek** » 10 zář 2014 17:23

Jak se chova PC??

turquoisefly · #10 Příspěvek od **turquoisefly** » 10 zář 2014 17:28

Vypadá zdravě.

Jestli tam nevidíte nic nebezpečného, tak je to asi pryč a MOC děkuju.

#11 Příspěvek od **vyosek** » 10 zář 2014 17:29

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

turquoisefly · #12 Příspěvek od **turquoisefly** » 11 zář 2014 07:58

Děkuju za pomoc, zachránili jste mě.

Jen drobnost, která asi nehraje roli - TFC počítač nerestartoval, ale otevřel okno průzkumníka windows. Tak jsem to restartovala růčo. Jinak všechno šlape.
Díky!

#13 Příspěvek od **vyosek** » 11 zář 2014 08:16

Je to jen drobnost, v poradku

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Nefunkční mozilla, nové složky v PC

Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC

Re: Nefunkční mozilla, nové složky v PC