Zdravím ve fóru,
už jsem tu zas s prosbou o pomoc. Na počítači začaly vyskakovat reklamy. Může se někdo, prosím, podívat do logu RSITu, co se děje tentokrát?
Logfile of random's system information tool 1.09 (written by random/random)
Run by Paja at 2014-04-29 14:24:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 109 GB (25%) free of 430 GB
Total RAM: 3936 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:39, on 29.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\BisonCam\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe
C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Paja.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Whilokii - {204df522-9a96-4a72-abb0-60f7a216d6d2} - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ROboSaver - {E1558251-9CB4-E4DD-5C95-31BF160FCE42} - C:\ProgramData\ROboSaver\T.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-3655408085-2314531987-3534120068-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3655408085-2314531987-3534120068-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3655408085-2314531987-3534120068-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3655408085-2314531987-3534120068-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PhishWall.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~2\sw-boo~1\assist~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update Whilokii - Whilokii - C:\Program Files (x86)\Whilokii\updateWhilokii.exe
O23 - Service: Util Whilokii - Whilokii - C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13685 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 37979552
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\windows\system32\conhost.exe "-1835260765145487546-1171633460-1156910140332698346350473994-15296248321402413698
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
taskeng.exe {1ABB8CE5-27D0-462B-BDC5-098EEFC37F39}
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\BisonCam\Monitor.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe"
"C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"
"C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\SysWOW64\RunDll32.exe "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1572.0.386358414\2031315505" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,5,14,27 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --enable-software-compositing --channel="1572.2.178189356\973619082" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --enable-software-compositing --channel="1572.3.104651176\550280976" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="1572.6.1061997973\707347194" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\meldoidjejoaoeialjghjibgmonblnlh\4.0.2_0\nppwchrome.dll" --lang=cs --channel="1572.7.132693656\1377919993" /prefetch:-390060480
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/FlashHardwareVideoDecode/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1572.8.1891765256\1307551331" /prefetch:673131151
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 6772
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\wuauclt.exe"
"C:\Program Files (x86)\WinRAR\WinRAR.exe" "C:\Users\Paja\Desktop\statnice.rar"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/FlashHardwareVideoDecode/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1572.28.1336806890\990280175" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/FlashHardwareVideoDecode/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1572.32.1774970345\1539165986" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/FlashHardwareVideoDecode/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1572.35.1783583232\400389165" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/FlashHardwareVideoDecode/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="1572.37.1014350276\1958274945" /prefetch:673131151
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Paja\Downloads\RSITx64 (2).exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38]
"Description"=
"Path"=C:\windows\SysWOW64\npdeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\extensions\
foxyproxy@eric.h.jung
staged
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-09 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-22 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-09 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-22 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42}]
ROboSaver - C:\ProgramData\ROboSaver\T.x64.dll [2014-04-13 474112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204df522-9a96-4a72-abb0-60f7a216d6d2}]
Whilokii - C:\Program Files (x86)\Whilokii\WhilokiiBHO.dll [2013-10-21 249624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08 92208]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-12-17 329712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-09 1143168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21 4502400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-12-17 59376]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42}]
ROboSaver - C:\ProgramData\ROboSaver\T.dll [2014-04-13 425472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-09 1390368]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-09 1390368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-09 1143168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-26 11775592]
"S_Monitor"=C:\Program Files (x86)\BisonCam\Monitor.exe [2011-01-03 258936]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-24 2712360]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2011-05-07 114688]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2011-05-07 789920]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-05-07 9745312]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-05-07 5374880]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-12-13 172144]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-12-13 399984]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-12-13 441968]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20922016]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"=C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe [2009-12-28 336384]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-05 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-12-05 224352]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2011-05-07 329056]
"EaseUs Watch"=C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [2011-10-21 70792]
"EaseUs Tray"=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [2011-10-21 743560]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-02 3774312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PhishWall.lnk - C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe
C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-12-13 442880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-04-13 01:00:16 ----D---- C:\ProgramData\8394ae9e30411e3e
2014-04-13 01:00:03 ----D---- C:\ProgramData\ROboSaver
2014-04-12 00:15:45 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-04-12 00:15:45 ----A---- C:\windows\system32\ieui.dll
2014-04-12 00:15:00 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-04-12 00:15:00 ----A---- C:\windows\system32\vbscript.dll
2014-04-12 00:14:45 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 00:14:45 ----A---- C:\windows\system32\iernonce.dll
2014-04-12 00:14:45 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-04-12 00:14:45 ----A---- C:\windows\system32\ie4uinit.exe
2014-04-12 00:14:44 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-04-12 00:14:44 ----A---- C:\windows\system32\jscript9diag.dll
2014-04-12 00:14:43 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-04-12 00:14:43 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-04-12 00:14:43 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-04-12 00:14:43 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-04-12 00:14:43 ----A---- C:\windows\system32\msrating.dll
2014-04-12 00:14:43 ----A---- C:\windows\system32\msfeeds.dll
2014-04-12 00:14:43 ----A---- C:\windows\system32\jsproxy.dll
2014-04-12 00:14:43 ----A---- C:\windows\system32\dxtrans.dll
2014-04-12 00:14:43 ----A---- C:\windows\system32\dxtmsft.dll
2014-04-12 00:14:42 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-12 00:14:42 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-04-12 00:14:42 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-04-12 00:14:42 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-04-12 00:14:42 ----A---- C:\windows\system32\mshtml.dll
2014-04-12 00:14:42 ----A---- C:\windows\system32\ieUnatt.exe
2014-04-12 00:14:42 ----A---- C:\windows\system32\iesetup.dll
2014-04-12 00:14:40 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-04-12 00:14:40 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-04-12 00:14:40 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-04-12 00:14:40 ----A---- C:\windows\system32\ieapfltr.dll
2014-04-12 00:14:39 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 00:14:39 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-04-12 00:14:39 ----A---- C:\windows\system32\ieetwcollector.exe
2014-04-12 00:14:38 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-04-12 00:14:38 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-04-12 00:14:38 ----A---- C:\windows\system32\iertutil.dll
2014-04-12 00:14:37 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-04-12 00:14:37 ----A---- C:\windows\system32\wininet.dll
2014-04-12 00:14:37 ----A---- C:\windows\system32\urlmon.dll
2014-04-12 00:14:36 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-04-12 00:14:36 ----A---- C:\windows\system32\ieframe.dll
2014-04-12 00:14:34 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-04-12 00:14:34 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-04-12 00:14:34 ----A---- C:\windows\system32\jscript9.dll
2014-04-09 11:47:52 ----A---- C:\windows\system32\drivers\storport.sys
2014-04-09 11:47:52 ----A---- C:\windows\system32\drivers\msiscsi.sys
2014-04-09 11:47:52 ----A---- C:\windows\system32\drivers\Diskdump.sys
2014-04-09 11:47:51 ----A---- C:\windows\SYSWOW64\iologmsg.dll
2014-04-09 11:47:50 ----A---- C:\windows\system32\iologmsg.dll
2014-04-09 11:47:33 ----A---- C:\windows\system32\kernel32.dll
2014-04-09 11:47:32 ----A---- C:\windows\SYSWOW64\kernel32.dll
2014-04-09 11:47:32 ----A---- C:\windows\system32\wow64.dll
2014-04-09 11:47:31 ----A---- C:\windows\system32\wow64win.dll
2014-04-09 11:47:30 ----A---- C:\windows\SYSWOW64\setup16.exe
2014-04-09 11:47:30 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2014-04-09 11:47:30 ----A---- C:\windows\system32\ntvdm64.dll
2014-04-09 11:47:29 ----A---- C:\windows\system32\wow64cpu.dll
2014-04-09 11:47:22 ----A---- C:\windows\SYSWOW64\wow32.dll
2014-04-09 11:47:21 ----A---- C:\windows\SYSWOW64\user.exe
2014-04-09 11:47:21 ----A---- C:\windows\SYSWOW64\instnm.exe
2014-04-09 11:47:16 ----A---- C:\windows\system32\drivers\ntfs.sys
2014-04-06 12:38:25 ----D---- C:\Users\Paja\AppData\Roaming\SecureBrain
2014-04-06 12:38:22 ----D---- C:\Program Files (x86)\SecureBrain
2014-04-05 15:23:39 ----D---- C:\Program Files (x86)\Macmillan
2014-04-03 17:45:51 ----D---- C:\Program Files (x86)\SW-Booster
2014-04-03 17:43:35 ----D---- C:\ProgramData\InstallMate
======List of files/folders modified in the last 1 month======
2014-04-29 14:24:39 ----D---- C:\windows\Prefetch
2014-04-29 14:24:37 ----D---- C:\windows\temp
2014-04-29 14:24:37 ----D---- C:\Program Files\trend micro
2014-04-29 13:54:51 ----D---- C:\Users\Paja\AppData\Roaming\Skype
2014-04-29 13:48:03 ----D---- C:\windows\SysWOW64
2014-04-29 13:47:59 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-04-29 09:41:05 ----D---- C:\windows\system32\config
2014-04-29 09:23:37 ----SHD---- C:\System Volume Information
2014-04-29 09:02:37 ----D---- C:\windows\System32
2014-04-29 09:02:37 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-04-29 08:58:55 ----A---- C:\windows\SYSWOW64\log.txt
2014-04-29 08:56:18 ----D---- C:\Users\Paja\AppData\Roaming\Dropbox
2014-04-29 08:54:28 ----D---- C:\ProgramData\VeriFace
2014-04-25 23:12:00 ----A---- C:\windows\ntbtlog.txt
2014-04-25 23:05:24 ----D---- C:\windows\system32\NDF
2014-04-23 20:21:43 ----SD---- C:\Users\Paja\AppData\Roaming\Microsoft
2014-04-20 18:27:33 ----D---- C:\windows\system32\catroot2
2014-04-20 09:49:04 ----SHD---- C:\windows\Installer
2014-04-20 09:49:04 ----D---- C:\Config.Msi
2014-04-20 09:48:58 ----RD---- C:\Program Files (x86)\Skype
2014-04-13 01:00:16 ----D---- C:\ProgramData
2014-04-12 09:15:14 ----D---- C:\windows\rescache
2014-04-12 08:49:06 ----D---- C:\windows\winsxs
2014-04-12 08:47:58 ----D---- C:\windows\SYSWOW64\en-US
2014-04-12 08:47:58 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-04-12 08:47:58 ----D---- C:\Program Files\Internet Explorer
2014-04-12 08:47:56 ----D---- C:\windows\system32\en-US
2014-04-12 08:47:56 ----D---- C:\windows\system32\cs-CZ
2014-04-12 08:47:56 ----D---- C:\windows\PolicyDefinitions
2014-04-12 08:47:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-12 00:18:46 ----D---- C:\windows\system32\catroot
2014-04-10 07:53:49 ----D---- C:\windows\system32\drivers
2014-04-10 07:53:44 ----D---- C:\windows\AppPatch
2014-04-10 07:53:39 ----D---- C:\windows\system32\DriverStore
2014-04-10 01:05:08 ----D---- C:\ProgramData\Microsoft Help
2014-04-10 00:54:06 ----D---- C:\windows\system32\MRT
2014-04-10 00:54:01 ----A---- C:\windows\system32\MRT.exe
2014-04-06 12:44:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-04-06 12:38:22 ----RD---- C:\Program Files (x86)
2014-04-06 12:38:20 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-03-31 09:35:08 ----N---- C:\windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2013-10-17 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-02-09 207904]
R0 EUBAKUP;EUBAKUP; C:\windows\system32\drivers\eubakup.sys [2011-10-21 44680]
R0 EUBKMON;EUBKMON; C:\windows\system32\drivers\EUBKMON.sys [2011-10-21 50312]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-05-07 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-05-07 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; \??\C:\windows\system32\drivers\aswRdr2.sys [2013-10-17 92544]
R1 aswSnx;aswSnx; \??\C:\windows\system32\drivers\aswSnx.sys [2014-02-09 1038072]
R1 aswSP;aswSP; \??\C:\windows\system32\drivers\aswSP.sys [2014-02-09 421704]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-05-07 13408]
R1 EUDSKACS;EUDSKACS; \??\C:\windows\system32\drivers\eudskacs.sys [2011-10-21 19592]
R1 EUFDDISK;EUFDDISK; \??\C:\windows\system32\drivers\EuFdDisk.sys [2011-10-21 189576]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2014-02-09 78648]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-05-07 29792]
R3 aswStm;aswStm; \??\C:\windows\system32\drivers\aswStm.sys [2014-02-09 80184]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-03-02 4720704]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-12-14 349224]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-12-14 106536]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2010-12-14 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-14 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-12-14 21416]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-12-13 5353888]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-01-27 2734696]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2013-07-12 185344]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-03-24 1413168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 ALSysIO;ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dot4;MS IEEE-1284.4 Driver; C:\windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-02-09 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]
R2 EaseUS Agent;EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
R2 Guard Agent;Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-14 325656]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2011-10-15 1640768]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-04-08 1320496]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-04-08 799280]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-14 2655768]
R2 Util Whilokii;Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [2013-10-10 65304]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update Whilokii;Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [2013-10-05 65304]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 257712]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-12-13 277616]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 936848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-12-12 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosba o kontrolu logu - vyskakující reklamy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosba o kontrolu logu - vyskakující reklamy
Zdravim 
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Díky, že jste se toho ujal
tady je log:
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Paja on st 30.04.2014 at 9:11:17,12.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Prac\viry\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30.4.2014 9:13:59 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Whilokii deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js:
user_pref("backup.old.browser.startup.homepage", "http://www.japan.cz/");
Added to C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
user.js not found
---- Lines extensions.ZQY removed from prefs.js ----
user_pref("extensions.ZQY.epoch", "1398894500");
user_pref("extensions.ZQY.url", "http://foreveryshare.ru/sync2/?q=hfZ9oe ... UGrjn5rTsM
---- FireFox user.js and prefs.js backups ----
prefs_30.04.2014_0927_.backup
==== Deleting Files \ Folders ======================
C:\Users\Paja\AppData\LocalLow\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted
C:\Users\Paja\AppData\Local\Packages\windows_ie_ac_001\AC\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted
C:\PROGRA~3\8394ae9e30411e3e deleted
C:\PROGRA~3\OneKey Recovery deleted
C:\PROGRA~3\ROboSaver deleted
C:\Users\Paja\AppData\Roaming\pdfforge deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\jetpack deleted
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\extensions\yye1zj@kxouakb.co.uk deleted
"C:\PROGRA~2\Whilokii\updateWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\updateWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\bin\utilWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\bin\utilWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii" not deleted
"C:\PROGRA~2\Whilokii" not deleted
"C:\PROGRA~2\Whilokii\bin" not deleted
"C:\PROGRA~2\Whilokii\bin" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09.02.2014 15:54]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FoxyProxy Basic - %ProfilePath%\extensions\foxyproxy@eric.h.jung
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
9FD6A1990289B9290563CA069CB74EF9 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
5BF37947AF594EAC3D6F8405405D2541 - C:\windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.380.5
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - MicrosoftŽ WindowsŽ Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iaimhpklononapfjngelgdokckfjekfc - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11.04.2014 19:46]
RandomPrice - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiipmkdoejomeohecnfafaeaahcncmg
Skype Click to Call - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
PhishWall - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\meldoidjejoaoeialjghjibgmonblnlh
==== Chrome Fix ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiipmkdoejomeohecnfafaeaahcncmg deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdiipmkdoejomeohecnfafaeaahcncmg_0.localstorage deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdiipmkdoejomeohecnfafaeaahcncmg_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=UP97DF& ... -SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
==== Reset Google Chrome ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-jp deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paja\Desktop\Posledni záloha 25.5.2011\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52GL3YK2 will be deleted at reboot
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGVZNVIS will be deleted at reboot
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMVXXQ99 will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Paja\AppData\Local\Mozilla\Firefox\Profiles\4u1s4iqh.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=58 folders=21 3660081 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Paja\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Paja\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Whilokii" not found
"C:\PROGRA~2\Whilokii" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52GL3YK2" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGVZNVIS" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMVXXQ99" not found
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on st 30.04.2014 at 9:47:08,80 ======================
tady je log:
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Paja on st 30.04.2014 at 9:11:17,12.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Prac\viry\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30.4.2014 9:13:59 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Whilokii deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Whilokii deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js:
user_pref("backup.old.browser.startup.homepage", "http://www.japan.cz/");
Added to C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
user.js not found
---- Lines extensions.ZQY removed from prefs.js ----
user_pref("extensions.ZQY.epoch", "1398894500");
user_pref("extensions.ZQY.url", "http://foreveryshare.ru/sync2/?q=hfZ9oe ... UGrjn5rTsM
---- FireFox user.js and prefs.js backups ----
prefs_30.04.2014_0927_.backup
==== Deleting Files \ Folders ======================
C:\Users\Paja\AppData\LocalLow\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted
C:\Users\Paja\AppData\Local\Packages\windows_ie_ac_001\AC\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted
C:\PROGRA~3\8394ae9e30411e3e deleted
C:\PROGRA~3\OneKey Recovery deleted
C:\PROGRA~3\ROboSaver deleted
C:\Users\Paja\AppData\Roaming\pdfforge deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\jetpack deleted
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\extensions\yye1zj@kxouakb.co.uk deleted
"C:\PROGRA~2\Whilokii\updateWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\updateWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\bin\utilWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii\bin\utilWhilokii.exe" deleted
"C:\PROGRA~2\Whilokii" not deleted
"C:\PROGRA~2\Whilokii" not deleted
"C:\PROGRA~2\Whilokii\bin" not deleted
"C:\PROGRA~2\Whilokii\bin" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09.02.2014 15:54]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- FoxyProxy Basic - %ProfilePath%\extensions\foxyproxy@eric.h.jung
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
9FD6A1990289B9290563CA069CB74EF9 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
5BF37947AF594EAC3D6F8405405D2541 - C:\windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.380.5
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - MicrosoftŽ WindowsŽ Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iaimhpklononapfjngelgdokckfjekfc - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11.04.2014 19:46]
RandomPrice - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiipmkdoejomeohecnfafaeaahcncmg
Skype Click to Call - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
PhishWall - Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\meldoidjejoaoeialjghjibgmonblnlh
==== Chrome Fix ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iaimhpklononapfjngelgdokckfjekfc deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiipmkdoejomeohecnfafaeaahcncmg deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdiipmkdoejomeohecnfafaeaahcncmg_0.localstorage deleted successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdiipmkdoejomeohecnfafaeaahcncmg_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=UP97DF& ... -SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
==== Reset Google Chrome ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_USERS\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1558251-9CB4-E4DD-5C95-31BF160FCE42} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-jp deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paja\Desktop\Posledni záloha 25.5.2011\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52GL3YK2 will be deleted at reboot
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGVZNVIS will be deleted at reboot
C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMVXXQ99 will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Paja\AppData\Local\Mozilla\Firefox\Profiles\4u1s4iqh.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=58 folders=21 3660081 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Paja\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Paja\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Whilokii" not found
"C:\PROGRA~2\Whilokii" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52GL3YK2" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGVZNVIS" not found
"C:\Users\Paja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMVXXQ99" not found
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on st 30.04.2014 at 9:47:08,80 ======================
Re: Prosba o kontrolu logu - vyskakující reklamy
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Vkládám:
# AdwCleaner v3.205 - Report created 30/04/2014 at 20:59:32
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paja - PAJINKA
# Running from : C:\Prac\viry\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\SW-Booster
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Whilokii
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Whilokii
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v27.0.1 (cs)
[ File : C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R1].txt - [2928 octets] - [30/04/2014 20:54:59]
AdwCleaner[S1].txt - [2758 octets] - [30/04/2014 20:59:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2818 octets] ##########
# AdwCleaner v3.205 - Report created 30/04/2014 at 20:59:32
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paja - PAJINKA
# Running from : C:\Prac\viry\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\SW-Booster
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Whilokii
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Whilokii
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v27.0.1 (cs)
[ File : C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\prefs.js ]
-\\ Google Chrome v33.0.1750.154
[ File : C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R1].txt - [2928 octets] - [30/04/2014 20:54:59]
AdwCleaner[S1].txt - [2758 octets] - [30/04/2014 20:59:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2818 octets] ##########
Re: Prosba o kontrolu logu - vyskakující reklamy
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Tady je:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Paja (administrator) on PAJINKA on 30-04-2014 21:58:37
Running from C:\Users\Paja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\BisonCam\Monitor.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(SecureBrain Corporation) C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Dropbox, Inc.) C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [S_Monitor] => C:\Program Files (x86)\BisonCam\Monitor.exe [258936 2011-01-03] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-07] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-05-07] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-05-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-05-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-07] (Lenovo)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241984 2011-10-15] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhishWall.lnk
ShortcutTarget: PhishWall.lnk -> C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe (SecureBrain Corporation)
Startup: C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.3.1
FireFox:
========
FF ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "ftp", "93.170.36.3"
FF NetworkProxy: "ftp_port", 1080
FF NetworkProxy: "http", "93.170.36.3"
FF NetworkProxy: "http_port", 1080
FF NetworkProxy: "socks", "93.170.36.3"
FF NetworkProxy: "socks_port", 1080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "93.170.36.3"
FF NetworkProxy: "ssl_port", 1080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FoxyProxy Standard - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung [2014-02-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-04-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-04-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-10]
Chrome:
=======
CHR HomePage:
CHR Extension: (Dokumenty Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Disk Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (YouTube) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Skype Click to Call) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Peněženka Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (Gmail) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [60552 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-17] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-09] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [50312 2011-10-21] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-30 21:58 - 2014-04-30 21:58 - 00018287 _____ () C:\Users\Paja\Desktop\FRST.txt
2014-04-30 21:58 - 2014-04-30 21:58 - 00000000 ____D () C:\FRST
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 02061824 _____ (Farbar) C:\Users\Paja\Desktop\FRST64.exe
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
2014-04-30 20:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-04-30 20:54 - 2014-04-30 20:59 - 00000000 ____D () C:\AdwCleaner
2014-04-30 20:52 - 2014-04-30 20:53 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:33 - 2014-04-30 09:33 - 00000000 ____D () C:\Users\Paja\Desktop\Posledni zßloha 25.5.2011
2014-04-30 09:33 - 2014-04-30 09:10 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:13 - 2014-04-30 09:47 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:10 - 2014-04-30 09:39 - 00000000 ____D () C:\zoek_backup
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
2014-04-26 22:01 - 2014-04-26 22:15 - 30732616 _____ () C:\Users\Paja\Desktop\statnice.rar
2014-04-26 13:06 - 2014-04-26 13:06 - 00265216 _____ () C:\Users\Paja\Downloads\h24_zenkokukei.xls
2014-04-25 20:43 - 2014-04-25 20:44 - 00466937 _____ () C:\Users\Paja\Downloads\OTAZKY liter.rar
2014-04-22 20:19 - 2014-04-22 20:19 - 00409088 _____ () C:\Users\Paja\Downloads\A140327_VEN_DANE_2013_G.XLS
2014-04-22 10:15 - 2014-04-22 10:15 - 00254976 _____ () C:\Users\Paja\Downloads\KPMG_291009.ppt
2014-04-20 20:34 - 2013-08-20 20:06 - 722104320 _____ () C:\Users\Paja\Desktop\X-Men-První-třída.2011.Akční-Scifi.cz-titulky.W..avi
2014-04-20 20:23 - 2014-04-20 20:25 - 00000000 ____D () C:\Users\Paja\Desktop\Worms Armageddon - New Edition
2014-04-20 20:23 - 2014-04-20 20:25 - 00000000 ____D () C:\Users\Paja\Desktop\Counter Strike 1,6(ConZero)
2014-04-20 20:08 - 2014-04-20 20:13 - 00000000 ____D () C:\Users\Paja\Desktop\7. série
2014-04-20 20:08 - 2014-04-20 20:12 - 00000000 ____D () C:\Users\Paja\Desktop\Black bookss
2014-04-15 14:17 - 2014-04-15 14:17 - 00019968 _____ () C:\Users\Paja\Downloads\FF-1432-version1-cz_prot.xls
2014-04-13 01:00 - 2014-04-13 01:00 - 00000000 ____D () C:\Users\Paja\AppData\Local\Packages
2014-04-12 00:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-12 00:15 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-12 00:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-12 00:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-12 00:14 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 00:14 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 00:14 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-12 00:14 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 00:14 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 00:14 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-12 00:14 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-12 00:14 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 00:14 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 00:14 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 00:14 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-12 00:14 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-12 00:14 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-12 00:14 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 00:14 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 00:14 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-12 00:14 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 00:14 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 00:14 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-12 00:14 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 00:14 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 00:14 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 00:14 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 00:14 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 00:14 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 00:14 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-12 00:14 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-12 00:14 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-12 00:14 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-12 00:14 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 00:14 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 00:14 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-12 00:14 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 00:14 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-12 00:14 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 00:14 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 00:14 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-12 00:14 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 00:14 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 00:14 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 00:14 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-12 00:14 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-12 00:14 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 00:14 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-11 08:26 - 2014-04-11 09:07 - 735110072 _____ () C:\Users\Paja\Downloads\Výchova-dívek-v-čechách-(1997).avi
2014-04-09 22:54 - 2014-04-09 22:55 - 00146912 _____ () C:\Users\Paja\Downloads\setup.exe
2014-04-09 12:04 - 2014-04-09 12:04 - 00000000 ____D () C:\Users\Paja\AppData\Local\Deployment
2014-04-09 12:02 - 2014-04-09 12:03 - 00010512 _____ () C:\Users\Paja\Downloads\Powerlevel.application
2014-04-09 11:47 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 11:47 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 11:47 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 11:47 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 11:47 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 11:47 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 11:47 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 11:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 11:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 11:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 11:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 11:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 11:47 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-08 08:56 - 2014-04-08 10:27 - 00015950 _____ () C:\Users\Paja\Downloads\kpmg.odt
2014-04-06 12:43 - 2014-04-06 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\SecureBrain
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Program Files (x86)\SecureBrain
2014-04-06 12:34 - 2014-04-06 12:35 - 17160376 _____ () C:\Users\Paja\Downloads\phishwall.exe
2014-04-05 15:23 - 2014-04-05 15:23 - 00002030 _____ () C:\Users\Public\Desktop\Advanced Language Practice.lnk
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macmillan
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Macmillan
2014-04-02 11:19 - 2014-04-02 11:20 - 04873318 _____ () C:\Users\Paja\Downloads\Prezentace.zip
2014-04-02 10:14 - 2014-04-02 10:15 - 00000000 ____D () C:\Users\Paja\Desktop\ヒアリング写真(全体版)
==================== One Month Modified Files and Folders =======
2014-04-30 21:58 - 2014-04-30 21:58 - 00018287 _____ () C:\Users\Paja\Desktop\FRST.txt
2014-04-30 21:58 - 2014-04-30 21:58 - 00000000 ____D () C:\FRST
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 02061824 _____ (Farbar) C:\Users\Paja\Desktop\FRST64.exe
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
2014-04-30 21:47 - 2013-12-11 10:47 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 21:22 - 2011-12-10 15:45 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\Skype
2014-04-30 21:13 - 2011-05-07 14:34 - 01439125 _____ () C:\windows\WindowsUpdate.log
2014-04-30 21:11 - 2013-12-03 16:54 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 21:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:05 - 2011-05-07 22:14 - 04225146 _____ () C:\windows\system32\perfh005.dat
2014-04-30 21:05 - 2011-05-07 22:14 - 01381432 _____ () C:\windows\system32\perfc005.dat
2014-04-30 21:05 - 2009-07-14 07:13 - 00006264 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-30 21:03 - 2013-04-09 16:27 - 00000000 ___RD () C:\Users\Paja\Dropbox
2014-04-30 21:03 - 2013-04-09 16:24 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\Dropbox
2014-04-30 21:02 - 2011-05-07 15:02 - 00000000 ____D () C:\ProgramData\VeriFace
2014-04-30 21:02 - 2011-05-07 14:55 - 00290776 _____ () C:\windows\system32\fastboot.set
2014-04-30 21:01 - 2013-12-03 16:53 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 21:01 - 2011-05-07 15:02 - 04310027 _____ () C:\FaceProv.log
2014-04-30 21:01 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-30 21:00 - 2013-10-23 11:33 - 00168912 _____ () C:\windows\PFRO.log
2014-04-30 21:00 - 2013-10-22 18:44 - 00021572 _____ () C:\windows\setupact.log
2014-04-30 20:59 - 2014-04-30 20:54 - 00000000 ____D () C:\AdwCleaner
2014-04-30 20:53 - 2014-04-30 20:52 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:47 - 2014-04-30 09:13 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:39 - 2014-04-30 09:10 - 00000000 ____D () C:\zoek_backup
2014-04-30 09:33 - 2014-04-30 09:33 - 00000000 ____D () C:\Users\Paja\Desktop\Posledni zßloha 25.5.2011
2014-04-30 09:10 - 2014-04-30 09:33 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:10 - 2012-12-01 16:59 - 00000000 ____D () C:\Prac
2014-04-30 08:50 - 2013-11-13 02:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-04-30 08:47 - 2013-10-17 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 14:47 - 2013-05-19 12:15 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 14:47 - 2013-05-19 12:15 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 14:47 - 2011-12-11 00:00 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
2014-04-29 14:24 - 2013-06-23 14:03 - 00000000 ____D () C:\Program Files\trend micro
2014-04-29 11:52 - 2013-04-28 10:18 - 00000000 ____D () C:\Users\Paja\Desktop\Brigada
2014-04-28 22:51 - 2013-07-17 14:25 - 00000000 ____D () C:\Users\Paja\Desktop\karlovka diplomka
2014-04-28 22:44 - 2013-06-20 10:20 - 01434112 ___SH () C:\Users\Paja\Desktop\Thumbs.db
2014-04-26 22:15 - 2014-04-26 22:01 - 30732616 _____ () C:\Users\Paja\Desktop\statnice.rar
2014-04-26 14:20 - 2012-06-24 08:50 - 00000000 ____D () C:\Users\Paja\Desktop\VSE
2014-04-26 13:06 - 2014-04-26 13:06 - 00265216 _____ () C:\Users\Paja\Downloads\h24_zenkokukei.xls
2014-04-25 23:05 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-25 20:44 - 2014-04-25 20:43 - 00466937 _____ () C:\Users\Paja\Downloads\OTAZKY liter.rar
2014-04-22 20:19 - 2014-04-22 20:19 - 00409088 _____ () C:\Users\Paja\Downloads\A140327_VEN_DANE_2013_G.XLS
2014-04-22 10:15 - 2014-04-22 10:15 - 00254976 _____ () C:\Users\Paja\Downloads\KPMG_291009.ppt
2014-04-20 20:25 - 2014-04-20 20:23 - 00000000 ____D () C:\Users\Paja\Desktop\Worms Armageddon - New Edition
2014-04-20 20:25 - 2014-04-20 20:23 - 00000000 ____D () C:\Users\Paja\Desktop\Counter Strike 1,6(ConZero)
2014-04-20 20:13 - 2014-04-20 20:08 - 00000000 ____D () C:\Users\Paja\Desktop\7. série
2014-04-20 20:12 - 2014-04-20 20:08 - 00000000 ____D () C:\Users\Paja\Desktop\Black bookss
2014-04-20 09:48 - 2013-02-15 02:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 14:17 - 2014-04-15 14:17 - 00019968 _____ () C:\Users\Paja\Downloads\FF-1432-version1-cz_prot.xls
2014-04-14 23:21 - 2012-04-09 04:09 - 00000000 ____D () C:\Users\Paja\Desktop\jp2012
2014-04-13 19:18 - 2014-01-23 05:08 - 00000000 ____D () C:\Users\Paja\Desktop\チェコのヒアリング調査
2014-04-13 01:00 - 2014-04-13 01:00 - 00000000 ____D () C:\Users\Paja\AppData\Local\Packages
2014-04-12 09:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-12 08:47 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-11 09:07 - 2014-04-11 08:26 - 735110072 _____ () C:\Users\Paja\Downloads\Výchova-dívek-v-čechách-(1997).avi
2014-04-10 01:05 - 2011-12-10 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 01:03 - 2013-07-12 17:11 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 00:54 - 2012-01-28 15:05 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 22:55 - 2014-04-09 22:54 - 00146912 _____ () C:\Users\Paja\Downloads\setup.exe
2014-04-09 12:04 - 2014-04-09 12:04 - 00000000 ____D () C:\Users\Paja\AppData\Local\Deployment
2014-04-09 12:04 - 2014-02-08 12:01 - 00000000 ____D () C:\Users\Paja\AppData\Local\Apps\2.0
2014-04-09 12:03 - 2014-04-09 12:02 - 00010512 _____ () C:\Users\Paja\Downloads\Powerlevel.application
2014-04-08 10:27 - 2014-04-08 08:56 - 00015950 _____ () C:\Users\Paja\Downloads\kpmg.odt
2014-04-06 12:44 - 2014-04-06 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\SecureBrain
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Program Files (x86)\SecureBrain
2014-04-06 12:38 - 2011-05-07 14:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-06 12:38 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 12:35 - 2014-04-06 12:34 - 17160376 _____ () C:\Users\Paja\Downloads\phishwall.exe
2014-04-05 15:23 - 2014-04-05 15:23 - 00002030 _____ () C:\Users\Public\Desktop\Advanced Language Practice.lnk
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macmillan
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Macmillan
2014-04-02 11:20 - 2014-04-02 11:19 - 04873318 _____ () C:\Users\Paja\Downloads\Prezentace.zip
2014-04-02 10:15 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\Paja\Desktop\ヒアリング写真(全体版)
2014-04-01 18:06 - 2011-05-07 15:05 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 18:06 - 2011-05-07 15:05 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
2011-12-10 22:59 - 2011-10-21 23:46 - 00074376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Paja\Desktop" je 261233 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-04-2014 03
Ran by Paja (administrator) on PAJINKA on 30-04-2014 21:58:37
Running from C:\Users\Paja\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\BisonCam\Monitor.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(SecureBrain Corporation) C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
(Dropbox, Inc.) C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [S_Monitor] => C:\Program Files (x86)\BisonCam\Monitor.exe [258936 2011-01-03] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-07] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-05-07] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2011-05-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2011-05-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-05] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-05] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-07] (Lenovo)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70792 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [743560 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [241984 2011-10-15] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-15] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhishWall.lnk
ShortcutTarget: PhishWall.lnk -> C:\Program Files (x86)\SecureBrain\pwcore\pwagent.exe (SecureBrain Corporation)
Startup: C:\Users\Paja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Paja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.3.1
FireFox:
========
FF ProfilePath: C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "ftp", "93.170.36.3"
FF NetworkProxy: "ftp_port", 1080
FF NetworkProxy: "http", "93.170.36.3"
FF NetworkProxy: "http_port", 1080
FF NetworkProxy: "socks", "93.170.36.3"
FF NetworkProxy: "socks_port", 1080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "93.170.36.3"
FF NetworkProxy: "ssl_port", 1080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: FoxyProxy Standard - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung [2014-02-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-04-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-04-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-10]
Chrome:
=======
CHR HomePage:
CHR Extension: (Dokumenty Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Disk Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (YouTube) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Skype Click to Call) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-23]
CHR Extension: (Peněženka Google) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (Gmail) - C:\Users\Paja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [60552 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23176 2011-10-21] (CHENGDU YIWO Tech Development Co., Ltd)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-02-09] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-17] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-02-09] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-02-09] (AVAST Software)
S3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-09] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [50312 2011-10-21] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-30 21:58 - 2014-04-30 21:58 - 00018287 _____ () C:\Users\Paja\Desktop\FRST.txt
2014-04-30 21:58 - 2014-04-30 21:58 - 00000000 ____D () C:\FRST
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 02061824 _____ (Farbar) C:\Users\Paja\Desktop\FRST64.exe
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
2014-04-30 20:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-04-30 20:54 - 2014-04-30 20:59 - 00000000 ____D () C:\AdwCleaner
2014-04-30 20:52 - 2014-04-30 20:53 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:33 - 2014-04-30 09:33 - 00000000 ____D () C:\Users\Paja\Desktop\Posledni zßloha 25.5.2011
2014-04-30 09:33 - 2014-04-30 09:10 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:13 - 2014-04-30 09:47 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:10 - 2014-04-30 09:39 - 00000000 ____D () C:\zoek_backup
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
2014-04-26 22:01 - 2014-04-26 22:15 - 30732616 _____ () C:\Users\Paja\Desktop\statnice.rar
2014-04-26 13:06 - 2014-04-26 13:06 - 00265216 _____ () C:\Users\Paja\Downloads\h24_zenkokukei.xls
2014-04-25 20:43 - 2014-04-25 20:44 - 00466937 _____ () C:\Users\Paja\Downloads\OTAZKY liter.rar
2014-04-22 20:19 - 2014-04-22 20:19 - 00409088 _____ () C:\Users\Paja\Downloads\A140327_VEN_DANE_2013_G.XLS
2014-04-22 10:15 - 2014-04-22 10:15 - 00254976 _____ () C:\Users\Paja\Downloads\KPMG_291009.ppt
2014-04-20 20:34 - 2013-08-20 20:06 - 722104320 _____ () C:\Users\Paja\Desktop\X-Men-První-třída.2011.Akční-Scifi.cz-titulky.W..avi
2014-04-20 20:23 - 2014-04-20 20:25 - 00000000 ____D () C:\Users\Paja\Desktop\Worms Armageddon - New Edition
2014-04-20 20:23 - 2014-04-20 20:25 - 00000000 ____D () C:\Users\Paja\Desktop\Counter Strike 1,6(ConZero)
2014-04-20 20:08 - 2014-04-20 20:13 - 00000000 ____D () C:\Users\Paja\Desktop\7. série
2014-04-20 20:08 - 2014-04-20 20:12 - 00000000 ____D () C:\Users\Paja\Desktop\Black bookss
2014-04-15 14:17 - 2014-04-15 14:17 - 00019968 _____ () C:\Users\Paja\Downloads\FF-1432-version1-cz_prot.xls
2014-04-13 01:00 - 2014-04-13 01:00 - 00000000 ____D () C:\Users\Paja\AppData\Local\Packages
2014-04-12 00:15 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-12 00:15 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-12 00:15 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-12 00:15 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-12 00:14 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-12 00:14 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-12 00:14 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-12 00:14 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-12 00:14 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-12 00:14 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-12 00:14 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-12 00:14 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-12 00:14 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-12 00:14 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-12 00:14 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-12 00:14 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-12 00:14 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-12 00:14 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-12 00:14 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-12 00:14 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-12 00:14 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-12 00:14 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-12 00:14 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-12 00:14 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 00:14 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-12 00:14 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-12 00:14 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-12 00:14 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-12 00:14 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-12 00:14 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-12 00:14 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-12 00:14 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-12 00:14 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-12 00:14 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-12 00:14 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 00:14 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-12 00:14 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-12 00:14 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-12 00:14 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-12 00:14 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-12 00:14 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-12 00:14 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-12 00:14 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-12 00:14 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-12 00:14 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-12 00:14 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-12 00:14 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-12 00:14 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-11 08:26 - 2014-04-11 09:07 - 735110072 _____ () C:\Users\Paja\Downloads\Výchova-dívek-v-čechách-(1997).avi
2014-04-09 22:54 - 2014-04-09 22:55 - 00146912 _____ () C:\Users\Paja\Downloads\setup.exe
2014-04-09 12:04 - 2014-04-09 12:04 - 00000000 ____D () C:\Users\Paja\AppData\Local\Deployment
2014-04-09 12:02 - 2014-04-09 12:03 - 00010512 _____ () C:\Users\Paja\Downloads\Powerlevel.application
2014-04-09 11:47 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 11:47 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 11:47 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 11:47 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 11:47 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 11:47 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 11:47 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 11:47 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 11:47 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 11:47 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 11:47 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 11:47 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 11:47 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 11:47 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-08 08:56 - 2014-04-08 10:27 - 00015950 _____ () C:\Users\Paja\Downloads\kpmg.odt
2014-04-06 12:43 - 2014-04-06 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\SecureBrain
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Program Files (x86)\SecureBrain
2014-04-06 12:34 - 2014-04-06 12:35 - 17160376 _____ () C:\Users\Paja\Downloads\phishwall.exe
2014-04-05 15:23 - 2014-04-05 15:23 - 00002030 _____ () C:\Users\Public\Desktop\Advanced Language Practice.lnk
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macmillan
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Macmillan
2014-04-02 11:19 - 2014-04-02 11:20 - 04873318 _____ () C:\Users\Paja\Downloads\Prezentace.zip
2014-04-02 10:14 - 2014-04-02 10:15 - 00000000 ____D () C:\Users\Paja\Desktop\ヒアリング写真(全体版)
==================== One Month Modified Files and Folders =======
2014-04-30 21:58 - 2014-04-30 21:58 - 00018287 _____ () C:\Users\Paja\Desktop\FRST.txt
2014-04-30 21:58 - 2014-04-30 21:58 - 00000000 ____D () C:\FRST
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 02061824 _____ (Farbar) C:\Users\Paja\Desktop\FRST64.exe
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
2014-04-30 21:47 - 2013-12-11 10:47 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-30 21:22 - 2011-12-10 15:45 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\Skype
2014-04-30 21:13 - 2011-05-07 14:34 - 01439125 _____ () C:\windows\WindowsUpdate.log
2014-04-30 21:11 - 2013-12-03 16:54 - 00000952 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-30 21:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:09 - 2009-07-14 06:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-30 21:05 - 2011-05-07 22:14 - 04225146 _____ () C:\windows\system32\perfh005.dat
2014-04-30 21:05 - 2011-05-07 22:14 - 01381432 _____ () C:\windows\system32\perfc005.dat
2014-04-30 21:05 - 2009-07-14 07:13 - 00006264 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-30 21:03 - 2013-04-09 16:27 - 00000000 ___RD () C:\Users\Paja\Dropbox
2014-04-30 21:03 - 2013-04-09 16:24 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\Dropbox
2014-04-30 21:02 - 2011-05-07 15:02 - 00000000 ____D () C:\ProgramData\VeriFace
2014-04-30 21:02 - 2011-05-07 14:55 - 00290776 _____ () C:\windows\system32\fastboot.set
2014-04-30 21:01 - 2013-12-03 16:53 - 00000948 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 21:01 - 2011-05-07 15:02 - 04310027 _____ () C:\FaceProv.log
2014-04-30 21:01 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-30 21:00 - 2013-10-23 11:33 - 00168912 _____ () C:\windows\PFRO.log
2014-04-30 21:00 - 2013-10-22 18:44 - 00021572 _____ () C:\windows\setupact.log
2014-04-30 20:59 - 2014-04-30 20:54 - 00000000 ____D () C:\AdwCleaner
2014-04-30 20:53 - 2014-04-30 20:52 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:47 - 2014-04-30 09:13 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:39 - 2014-04-30 09:10 - 00000000 ____D () C:\zoek_backup
2014-04-30 09:33 - 2014-04-30 09:33 - 00000000 ____D () C:\Users\Paja\Desktop\Posledni zßloha 25.5.2011
2014-04-30 09:10 - 2014-04-30 09:33 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:10 - 2012-12-01 16:59 - 00000000 ____D () C:\Prac
2014-04-30 08:50 - 2013-11-13 02:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-04-30 08:47 - 2013-10-17 12:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 14:47 - 2013-05-19 12:15 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 14:47 - 2013-05-19 12:15 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 14:47 - 2011-12-11 00:00 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
2014-04-29 14:24 - 2013-06-23 14:03 - 00000000 ____D () C:\Program Files\trend micro
2014-04-29 11:52 - 2013-04-28 10:18 - 00000000 ____D () C:\Users\Paja\Desktop\Brigada
2014-04-28 22:51 - 2013-07-17 14:25 - 00000000 ____D () C:\Users\Paja\Desktop\karlovka diplomka
2014-04-28 22:44 - 2013-06-20 10:20 - 01434112 ___SH () C:\Users\Paja\Desktop\Thumbs.db
2014-04-26 22:15 - 2014-04-26 22:01 - 30732616 _____ () C:\Users\Paja\Desktop\statnice.rar
2014-04-26 14:20 - 2012-06-24 08:50 - 00000000 ____D () C:\Users\Paja\Desktop\VSE
2014-04-26 13:06 - 2014-04-26 13:06 - 00265216 _____ () C:\Users\Paja\Downloads\h24_zenkokukei.xls
2014-04-25 23:05 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-25 20:44 - 2014-04-25 20:43 - 00466937 _____ () C:\Users\Paja\Downloads\OTAZKY liter.rar
2014-04-22 20:19 - 2014-04-22 20:19 - 00409088 _____ () C:\Users\Paja\Downloads\A140327_VEN_DANE_2013_G.XLS
2014-04-22 10:15 - 2014-04-22 10:15 - 00254976 _____ () C:\Users\Paja\Downloads\KPMG_291009.ppt
2014-04-20 20:25 - 2014-04-20 20:23 - 00000000 ____D () C:\Users\Paja\Desktop\Worms Armageddon - New Edition
2014-04-20 20:25 - 2014-04-20 20:23 - 00000000 ____D () C:\Users\Paja\Desktop\Counter Strike 1,6(ConZero)
2014-04-20 20:13 - 2014-04-20 20:08 - 00000000 ____D () C:\Users\Paja\Desktop\7. série
2014-04-20 20:12 - 2014-04-20 20:08 - 00000000 ____D () C:\Users\Paja\Desktop\Black bookss
2014-04-20 09:48 - 2013-02-15 02:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 14:17 - 2014-04-15 14:17 - 00019968 _____ () C:\Users\Paja\Downloads\FF-1432-version1-cz_prot.xls
2014-04-14 23:21 - 2012-04-09 04:09 - 00000000 ____D () C:\Users\Paja\Desktop\jp2012
2014-04-13 19:18 - 2014-01-23 05:08 - 00000000 ____D () C:\Users\Paja\Desktop\チェコのヒアリング調査
2014-04-13 01:00 - 2014-04-13 01:00 - 00000000 ____D () C:\Users\Paja\AppData\Local\Packages
2014-04-12 09:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-12 08:47 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-11 09:07 - 2014-04-11 08:26 - 735110072 _____ () C:\Users\Paja\Downloads\Výchova-dívek-v-čechách-(1997).avi
2014-04-10 01:05 - 2011-12-10 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 01:03 - 2013-07-12 17:11 - 00000000 ____D () C:\windows\system32\MRT
2014-04-10 00:54 - 2012-01-28 15:05 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-09 22:55 - 2014-04-09 22:54 - 00146912 _____ () C:\Users\Paja\Downloads\setup.exe
2014-04-09 12:04 - 2014-04-09 12:04 - 00000000 ____D () C:\Users\Paja\AppData\Local\Deployment
2014-04-09 12:04 - 2014-02-08 12:01 - 00000000 ____D () C:\Users\Paja\AppData\Local\Apps\2.0
2014-04-09 12:03 - 2014-04-09 12:02 - 00010512 _____ () C:\Users\Paja\Downloads\Powerlevel.application
2014-04-08 10:27 - 2014-04-08 08:56 - 00015950 _____ () C:\Users\Paja\Downloads\kpmg.odt
2014-04-06 12:44 - 2014-04-06 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Users\Paja\AppData\Roaming\SecureBrain
2014-04-06 12:38 - 2014-04-06 12:38 - 00000000 ____D () C:\Program Files (x86)\SecureBrain
2014-04-06 12:38 - 2011-05-07 14:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-06 12:38 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 12:35 - 2014-04-06 12:34 - 17160376 _____ () C:\Users\Paja\Downloads\phishwall.exe
2014-04-05 15:23 - 2014-04-05 15:23 - 00002030 _____ () C:\Users\Public\Desktop\Advanced Language Practice.lnk
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macmillan
2014-04-05 15:23 - 2014-04-05 15:23 - 00000000 ____D () C:\Program Files (x86)\Macmillan
2014-04-02 11:20 - 2014-04-02 11:19 - 04873318 _____ () C:\Users\Paja\Downloads\Prezentace.zip
2014-04-02 10:15 - 2014-04-02 10:14 - 00000000 ____D () C:\Users\Paja\Desktop\ヒアリング写真(全体版)
2014-04-01 18:06 - 2011-05-07 15:05 - 00003948 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 18:06 - 2011-05-07 15:05 - 00003696 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 09:35 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Paja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
2011-12-10 22:59 - 2011-10-21 23:46 - 00074376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Paja\Desktop" je 261233 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Prosba o kontrolu logu - vyskakující reklamy
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [Power2GoExpress] => NA HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} FF NetworkProxy: "ftp", "93.170.36.3" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "93.170.36.3" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "socks", "93.170.36.3" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "socks_version", 4 FF NetworkProxy: "ssl", "93.170.36.3" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 FF Extension: FoxyProxy Standard - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung [2014-02-09] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION DisableService: c2cautoupdatesvc DisableService: c2cpnrsvc S3 ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys [X] 2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe 2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload 2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp 014-04-30 20:52 - 2014-04-30 20:53 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe 2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt 2014-04-30 09:33 - 2014-04-30 09:10 - 00024064 _____ () C:\windows\zoek-delete.exe 2014-04-30 09:13 - 2014-04-30 09:47 - 00014820 _____ () C:\zoek-results.log 2014-04-30 09:10 - 2014-04-30 09:39 - 00000000 ____D () C:\zoek_backup 2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Hosts: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-04-2014 03
Ran by Paja at 2014-05-01 09:05:48 Run:1
Running from C:\Users\Paja\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
FF NetworkProxy: "ftp", "93.170.36.3"
FF NetworkProxy: "ftp_port", 1080
FF NetworkProxy: "http", "93.170.36.3"
FF NetworkProxy: "http_port", 1080
FF NetworkProxy: "socks", "93.170.36.3"
FF NetworkProxy: "socks_port", 1080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "93.170.36.3"
FF NetworkProxy: "ssl_port", 1080
FF NetworkProxy: "type", 0
FF Extension: FoxyProxy Standard - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc
S3 ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys [X]
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
014-04-30 20:52 - 2014-04-30 20:53 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:33 - 2014-04-30 09:10 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:13 - 2014-04-30 09:47 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:10 - 2014-04-30 09:39 - 00000000 ____D () C:\zoek_backup
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
c2cautoupdatesvc service was disabled
c2cpnrsvc service was disabled
ALSysIO => Service deleted successfully.
C:\Users\Paja\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload" => File/Directory not found.
C:\Users\Paja\Downloads\trz196A.tmp => Moved successfully.
C:\Users\Paja\Desktop\zoek-results.txt => Moved successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Paja\Downloads\RSITx64 (2).exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
Ran by Paja at 2014-05-01 09:05:48 Run:1
Running from C:\Users\Paja\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
FF NetworkProxy: "ftp", "93.170.36.3"
FF NetworkProxy: "ftp_port", 1080
FF NetworkProxy: "http", "93.170.36.3"
FF NetworkProxy: "http_port", 1080
FF NetworkProxy: "socks", "93.170.36.3"
FF NetworkProxy: "socks_port", 1080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "ssl", "93.170.36.3"
FF NetworkProxy: "ssl_port", 1080
FF NetworkProxy: "type", 0
FF Extension: FoxyProxy Standard - C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc
S3 ALSysIO; \??\C:\Users\Paja\AppData\Local\Temp\ALSysIO64.sys [X]
2014-04-30 21:56 - 2014-04-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Desktop\FRSTLauncher.exe
2014-04-30 21:55 - 2014-04-30 21:55 - 00112640 _____ (forum.viry.cz) C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload
2014-04-30 21:53 - 2014-04-30 21:53 - 00111396 _____ () C:\Users\Paja\Downloads\trz196A.tmp
014-04-30 20:52 - 2014-04-30 20:53 - 01310621 _____ () C:\Users\Paja\Downloads\adwcleaner.exe
2014-04-30 09:48 - 2014-04-30 09:48 - 00014820 _____ () C:\Users\Paja\Desktop\zoek-results.txt
2014-04-30 09:33 - 2014-04-30 09:10 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-04-30 09:13 - 2014-04-30 09:47 - 00014820 _____ () C:\zoek-results.log
2014-04-30 09:10 - 2014-04-30 09:39 - 00000000 ____D () C:\zoek_backup
2014-04-29 14:24 - 2014-04-29 14:24 - 00935175 _____ () C:\Users\Paja\Downloads\RSITx64 (2).exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value deleted successfully.
HKU\S-1-5-21-3655408085-2314531987-3534120068-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\Paja\AppData\Roaming\Mozilla\Firefox\Profiles\4u1s4iqh.default\Extensions\foxyproxy@eric.h.jung => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
c2cautoupdatesvc service was disabled
c2cpnrsvc service was disabled
ALSysIO => Service deleted successfully.
C:\Users\Paja\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\Paja\Downloads\Nepotvrzeno 364258.crdownload" => File/Directory not found.
C:\Users\Paja\Downloads\trz196A.tmp => Moved successfully.
C:\Users\Paja\Desktop\zoek-results.txt => Moved successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Paja\Downloads\RSITx64 (2).exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
Re: Prosba o kontrolu logu - vyskakující reklamy
Jak se chova PC??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Vypadá to, že je čisté, neděje se nic zvláštního nebo neobvyklého.
Re: Prosba o kontrolu logu - vyskakující reklamy
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosba o kontrolu logu - vyskakující reklamy
Omlouvám se za neslušné dlouhé mlčení, něco mimopočítačového nám do toho vlezlo.
Všechny doporučené akce provedeny, počítač se chová normálně.
Žádné další dotazy nejsou, tedy uzavírám velkým díkem pro Vyosek za účinnou pomoc a je to z mé strany také vše, protože drobný příspěvek na podporu fóra jsem poslal ještě před otevřením tohoto psacího okna
Díky moc
Všechny doporučené akce provedeny, počítač se chová normálně.
Žádné další dotazy nejsou, tedy uzavírám velkým díkem pro Vyosek za účinnou pomoc a je to z mé strany také vše, protože drobný příspěvek na podporu fóra jsem poslal ještě před otevřením tohoto psacího okna
Díky moc
Re: Prosba o kontrolu logu - vyskakující reklamy
Nemate zac, rad jsem pomohl 
Zase nekdy 
Za podporu fora jmenem celeho tymu dekuji
A na zaklade Pravidla o zamykani temat
Zase nekdy Za podporu fora jmenem celeho tymu dekuji
A na zaklade Pravidla o zamykani temat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?