Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Zpráva

Ivošisko · #1 Příspěvek od **Ivošisko** » 14 črc 2014 16:54

Při snaze stáhnout film se mi do NB nasoukal nějaký *.exe downloader a tím se mi "převálcoval" Chrome do výchozího stavu (zmizela rozšíření a jiná nastavení) a začali mi zezdola vyjíždět reklamní banery.
Navíc (ale to už delší dobu) zápasím se zpomalováním se NB - velkou část potíží se zpomalováním jsem vyřešil úpravou "airflow" (a tím snížení teploty procesoru o cca 50%) a přechodem z Firefoxu na Chrome (FF mi už zabíral více jak 0,5GB RAM). Takže nejvýraznější "dušnost" notebooku a jeho sekání pozoruji v Thunderbirdu (další moloch, kterého bych chtěl nahradit něčím lehčím, vzdušnějším).

Takže prosím o kontrolu logu se zaměřením se na ten dnešní incident, ke kterému došlo při pokusu o stažení filmu a současně se pokusit odhalit zdroj onoho zpomalování TB (vypadá to, jako by mi něco dusilo internetové připojení).

Log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Renca at 2014-07-14 17:31:22
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 22 GB (28%) free of 80 GB
Total RAM: 4095 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:29, on 14.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files\Hide Folders 2012\hf.exe
C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe
C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
C:\Program Files (x86)\StickIt\StickIt3.exe
C:\Program Files (x86)\WinOrganizer\WinOrganizer.exe
C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
C:\ProgramData\Boxtools\Toolbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Renca\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Users\Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\trend micro\Renca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: cosstminn - {A3479F92-6C4F-CD97-611F-3B614C4EF10B} - C:\Program Files (x86)\cosstminn\wJQPbZZWej.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adanak - {ef05f09c-9b2a-43a0-8155-fab1d641215a} - C:\Program Files (x86)\Adanak\Adanakbho.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [StickIt] C:\Program Files (x86)\StickIt\StickIt3.exe
O4 - HKCU\..\Run: [WinOrganizer] C:\Program Files (x86)\WinOrganizer\WinOrganizer.exe
O4 - HKCU\..\Run: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [AtomicAlarmClock6] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Renca\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Dropbox.lnk = Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Nástroj schránky Logitech Media Server.lnk = C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{788A3804-7946-4A50-BB32-DCCADDAF9CDC}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{850A5427-2841-4C2E-A225-654A46031765}: NameServer = 93.153.117.1 93.153.117.33
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEC97EFE-C21F-42EC-96A6-65F0D9E132BD}: NameServer = 93.153.117.1 93.153.117.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\suppor~1\suppor~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm Clock\timeserv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FSPro Filter Service 2 (fsproflt2) - FSPro Labs - C:\Windows\SysWOW64\fsproflt2.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Adanak - Unknown owner - C:\Program Files (x86)\Adanak\updateAdanak.exe
O23 - Service: Util Adanak - Unknown owner - C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11700 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\SysWOW64\fsproflt2.exe
C:\Windows\system32\svchost.exe -k NetworkService
Ati2evxx.exe -Client
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Hide Folders 2012\hf.exe" /s
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files\Atomic Alarm Clock\timeserv.exe"
"C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Adanak\updateAdanak.exe"
taskeng.exe {6AD138AF-E4F4-4574-A68D-48C84CE07CDD}
"C:\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe"
C:\Windows\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files (x86)\StickIt\StickIt3.exe"
"C:\Program Files (x86)\WinOrganizer\WinOrganizer.exe"
"C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
"C:\ProgramData\Boxtools\Toolbox.exe" -autorun
"C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Users\Renca\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Squeezebox\SqueezeTray.exe"
"C:\Users\Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Stardock\ObjectDock Plus\Dock64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDockTray.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe" /deviceAddr=c8844714b554
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Program Files (x86)\Adanak\bin\utilAdanak.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Renca\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\RegClean Pro_DEFAULT.job - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe -default
C:\Windows\tasks\RegClean Pro_UPDATES.job - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe -updatecheck

=========Mozilla firefox=========

ProfilePath - C:\Users\Renca\AppData\Roaming\Mozilla\Firefox\Profiles\o86nuz98.default

prefs.js - "browser.startup.homepage" - "http://mystart.incredimail.com/english/"
prefs.js - "keyword.URL" - "http://mystart.incredimail.com/?loc=ff_ ... fs&search="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@lastpass.com/NPLastPass]
"Description"=
"Path"=C:\Program Files (x86)\LastPass\nplastpass.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@lastpass.com/NPLastPass]
"Description"=
"Path"=C:\Program Files (x86)\LastPass\nplastpass64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Users\Renca\AppData\Roaming\Mozilla\Firefox\Profiles\o86nuz98.default\extensions\
foxmarks@kei.com
staged
support@lastpass.com
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
{0b457cAA-602d-484a-8fe7-c1d894a011ba}

C:\Users\Renca\AppData\Roaming\Mozilla\Firefox\Profiles\o86nuz98.default\searchplugins\
MyStart Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-12-31 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3479F92-6C4F-CD97-611F-3B614C4EF10B}]
cosstminn - C:\Program Files (x86)\cosstminn\wJQPbZZWej.x64.dll [2014-07-14 521728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31 433944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-31 1138536]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3479F92-6C4F-CD97-611F-3B614C4EF10B}]
cosstminn - C:\Program Files (x86)\cosstminn\wJQPbZZWej.dll [2013-07-14 467456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}]
Logitech SetPoint - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31 364824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef05f09c-9b2a-43a0-8155-fab1d641215a}]
Adanak - C:\Program Files (x86)\Adanak\Adanakbho.dll [2014-07-14 249624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-12-31 1372864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-12-31 1138536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1234216]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2013-07-31 3091224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StickIt"=C:\Program Files (x86)\StickIt\StickIt3.exe [2010-06-22 344064]
"WinOrganizer"=C:\Program Files (x86)\WinOrganizer\WinOrganizer.exe [2011-08-08 3629568]
"Boxoft Tools"=C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]
"T-Mobile CManager"=C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2013-10-31 2166552]
"AtomicAlarmClock6"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2013-12-20 1609728]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2014-06-27 24477056]
"uTorrent"=C:\Users\Renca\AppData\Roaming\uTorrent\uTorrent.exe [2014-07-03 1326672]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-12-31 3764024]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Install LastPass FF RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
Nástroj schránky Logitech Media Server.lnk - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe

C:\Users\Renca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-13 66328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fsproflt2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2014-07-14 16:27:08 ----D---- C:\Program Files (x86)\Supporter
2014-07-14 16:27:03 ----D---- C:\ProgramData\259d42d7d7337449
2014-07-14 16:27:02 ----D---- C:\ProgramData\cosstminn
2014-07-14 16:27:01 ----D---- C:\Program Files (x86)\cosstminn
2014-07-14 16:26:46 ----D---- C:\Program Files (x86)\Adanak
2014-07-14 16:26:44 ----D---- C:\Users\Renca\AppData\Roaming\YourFileDownloader
2014-07-14 16:26:44 ----D---- C:\Program Files (x86)\YourFileDownloader Updater
2014-07-11 18:56:24 ----D---- C:\Program Files (x86)\Advanced System Protector
2014-07-11 18:56:09 ----D---- C:\Program Files (x86)\RegClean Pro
2014-07-11 17:40:51 ----D---- C:\Users\Renca\AppData\Roaming\Systweak
2014-07-11 17:40:48 ----A---- C:\Windows\system32\roboot64.exe
2014-07-09 14:45:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-09 14:45:47 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-09 14:45:47 ----A---- C:\Windows\system32\iernonce.dll
2014-07-09 14:45:46 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-09 14:45:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-09 14:45:44 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-09 14:45:44 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-09 14:45:44 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-09 14:45:44 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-09 14:45:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-09 14:45:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-09 14:45:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 14:45:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-09 14:45:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-09 14:45:40 ----A---- C:\Windows\system32\urlmon.dll
2014-07-09 14:45:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-09 14:45:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-09 14:45:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 14:45:37 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-09 14:45:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-09 14:45:37 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-09 14:45:37 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-09 14:45:36 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-09 14:45:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-09 14:45:36 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-09 14:45:35 ----A---- C:\Windows\system32\iesetup.dll
2014-07-09 14:45:35 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-09 14:45:33 ----A---- C:\Windows\system32\iertutil.dll
2014-07-09 14:45:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-09 14:45:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-09 14:45:31 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-09 14:45:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-09 14:45:29 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-09 14:45:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-09 14:45:29 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-09 14:45:28 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-09 14:45:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-09 14:45:25 ----A---- C:\Windows\system32\ieui.dll
2014-07-09 14:45:25 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-09 14:45:24 ----A---- C:\Windows\system32\ieframe.dll
2014-07-09 14:45:23 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-09 14:45:22 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-09 14:45:21 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-09 14:45:21 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-09 14:45:19 ----A---- C:\Windows\system32\jscript9.dll
2014-07-09 14:45:17 ----A---- C:\Windows\system32\vbscript.dll
2014-07-09 14:45:17 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-09 14:45:16 ----A---- C:\Windows\system32\wininet.dll
2014-07-09 14:45:13 ----A---- C:\Windows\system32\msrating.dll
2014-07-09 14:45:13 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-09 14:45:11 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 14:45:09 ----A---- C:\Windows\system32\mshtml.dll
2014-07-09 06:55:35 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-09 06:55:35 ----A---- C:\Windows\system32\qedit.dll
2014-07-09 06:53:53 ----A---- C:\Windows\system32\win32k.sys
2014-07-09 06:53:51 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-09 06:53:50 ----A---- C:\Windows\system32\osk.exe
2014-07-09 06:53:48 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-09 06:53:41 ----A---- C:\Windows\system32\schannel.dll
2014-07-09 06:53:40 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-09 06:53:40 ----A---- C:\Windows\system32\kerberos.dll
2014-07-09 06:53:39 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-09 06:53:39 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-09 06:53:39 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-09 06:53:38 ----A---- C:\Windows\system32\wdigest.dll
2014-07-09 06:53:38 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-09 06:53:37 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-09 06:53:37 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-09 06:53:35 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-09 06:53:35 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-09 06:53:33 ----A---- C:\Windows\system32\credssp.dll
2014-07-09 06:53:32 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-09 06:49:36 ----A---- C:\Windows\system32\lsasrv.dll
2014-07-09 06:49:34 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-09 06:49:34 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-08 07:15:54 ----D---- C:\ProgramData\IM
2014-07-08 07:15:50 ----D---- C:\ProgramData\IncrediMail
2014-06-16 19:36:34 ----D---- C:\ProgramData\GRETECH

======List of files/folders modified in the last 1 month======

2014-07-14 17:31:28 ----D---- C:\Users\Renca\AppData\Roaming\uTorrent
2014-07-14 17:31:27 ----D---- C:\Program Files\trend micro
2014-07-14 17:01:55 ----D---- C:\ProgramData\Boxtools
2014-07-14 16:47:53 ----D---- C:\Windows\system32\config
2014-07-14 16:43:02 ----RD---- C:\Program Files (x86)
2014-07-14 16:35:40 ----D---- C:\Users\Renca\AppData\Roaming\Dropbox
2014-07-14 16:34:49 ----D---- C:\Windows\Microsoft.NET
2014-07-14 16:34:20 ----D---- C:\Users\Renca\AppData\Roaming\DropboxMaster
2014-07-14 16:31:32 ----D---- C:\Windows\SysWOW64
2014-07-14 16:29:43 ----AD---- C:\Windows
2014-07-14 16:29:05 ----D---- C:\Windows\Temp
2014-07-14 16:28:39 ----D---- C:\Users\Renca\AppData\Roaming\Aegisub
2014-07-14 16:27:03 ----D---- C:\ProgramData
2014-07-14 16:27:00 ----HD---- C:\Windows\system32\GroupPolicy
2014-07-14 16:27:00 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-07-14 16:27:00 ----D---- C:\Program Files (x86)\Google
2014-07-14 16:26:58 ----AD---- C:\Users
2014-07-14 16:26:45 ----D---- C:\Windows\system32\Tasks
2014-07-14 15:57:34 ----SHD---- C:\System Volume Information
2014-07-14 11:07:53 ----D---- C:\Windows\system32\catroot2
2014-07-14 11:07:26 ----D---- C:\Program Files (x86)\StickIt
2014-07-12 12:39:40 ----SHD---- C:\Windows\Installer
2014-07-12 12:39:35 ----D---- C:\Program Files (x86)\ASUS
2014-07-12 12:26:57 ----D---- C:\Windows\inf
2014-07-11 19:38:01 ----D---- C:\Users\Renca\AppData\Roaming\AIMP3
2014-07-11 18:56:23 ----D---- C:\Windows\Tasks
2014-07-11 18:34:23 ----D---- C:\Windows\rescache
2014-07-11 18:04:13 ----D---- C:\Windows\Panther
2014-07-11 18:04:13 ----D---- C:\Windows\ModemLogs
2014-07-11 18:04:11 ----D---- C:\Windows\Logs
2014-07-11 18:04:11 ----D---- C:\Windows\debug
2014-07-11 17:42:17 ----D---- C:\Program Files (x86)\CCleaner
2014-07-11 17:40:48 ----D---- C:\Windows\System32
2014-07-10 10:37:04 ----D---- C:\Windows\winsxs
2014-07-10 10:33:15 ----D---- C:\Program Files\Windows Journal
2014-07-10 10:33:14 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-10 10:33:14 ----D---- C:\Windows\system32\Dism
2014-07-10 10:33:13 ----D---- C:\Windows\system32\drivers
2014-07-10 10:33:13 ----D---- C:\Windows\ehome
2014-07-10 10:33:12 ----D---- C:\Windows\system32\cs-CZ
2014-07-10 10:33:12 ----D---- C:\Program Files\Internet Explorer
2014-07-10 10:33:11 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-10 10:33:11 ----D---- C:\Windows\system32\en-US
2014-07-10 10:33:10 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-10 10:13:38 ----D---- C:\Windows\system32\MRT
2014-07-10 10:13:28 ----A---- C:\Windows\system32\MRT.exe
2014-07-09 11:26:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-09 06:49:52 ----D---- C:\Windows\system32\catroot
2014-07-08 09:53:23 ----RSD---- C:\Windows\Fonts
2014-06-27 21:46:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-27 12:26:19 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 08:21:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-16 19:48:48 ----D---- C:\Program Files (x86)\The KMPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-22 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-12-31 207904]
R0 FSProFilter2;FSPro File Filter 2; C:\Windows\System32\Drivers\FSPFltd2.sys [2011-06-04 57648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-22 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-12-31 1034464]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-12-31 422216]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-12-31 78648]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-04-24 402432]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [2014-03-25 34136]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-21 3535872]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-07-08 2769400]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 19000]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 90112]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2013-05-23 76568]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2013-05-23 59160]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2013-12-31 79672]
S3 ATICDSDr;ATICDSDr; \??\C:\Users\Renca\AppData\Local\Temp\ATICDSDr.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 14336]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 104960]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2012-12-03 241152]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; C:\Windows\system32\DRIVERS\LEqdUsb.Sys [2013-05-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; C:\Windows\system32\DRIVERS\LHidEqd.Sys [2013-05-23 13080]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2011-04-13 11776]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 324656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 80384]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-07-21 787968]
R2 AtomicAlarmClock;Atomic Alarm Clock Time; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2013-04-24 2007040]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-31 50344]
R2 be0fb33b;Supporter; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 fsproflt2;FSPro Filter Service 2; C:\Windows\SysWOW64\fsproflt2.exe [2012-07-12 49512]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2012-07-05 66560]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-10-20 130024]
R2 Update Adanak;Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [2014-07-14 321816]
R2 Util Adanak;Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [2014-07-14 321816]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2013-06-13 357144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-18 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-05 87728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Ivošisko · #2 Příspěvek od **Ivošisko** » 14 črc 2014 17:03

Navíc mě v Thunderbirdu začala otravovat tato hláška:

#3 Příspěvek od **Rudy** » 14 črc 2014 17:32

Zdravím!
Jak to vypadá s legalitou vašeho OS?

Ivošisko · #4 Příspěvek od **Ivošisko** » 14 črc 2014 17:36

Zdravím Rudy, už jsme to tu několikrát řešili a nechával jsem OS prověřit na stránkách, které jsi mi doporučil a jejich verdikt byl, že OS je OK. Musel bych to pohledat ve starších příspěvcích (z hlavy si to už nepamatuji)...

#5 Příspěvek od **Rudy** » 14 črc 2014 17:48

OK. Chrome zazálohujte pomocí Chrome Backup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Chrome pak odinstalujte vč. jeho profilu. Znovu nainstalujte a ze zálohy zpět nakopírujte pouze záložky, příp. hesla.

Ivošisko · #6 Příspěvek od **Ivošisko** » 14 črc 2014 18:42

Aha, takže něco jsem asi udělal špatně - chrome jsem zabackupoval, odinstalil, nainstalil a když jsem ho spustil, tak záložky už tam byly a za chvíli zase dole vyjeli ty okna

To vypadá, že se mi neodinstaloval profil

#7 Příspěvek od **Rudy** » 14 črc 2014 18:56

Asi ano. Odinstalátor by vám měl dát možnost odinstalovat pouze aplikaci Chrome, nebo vše, vč. nastavení. Bylo by třeba odinstalovat vše komplet.

Ivošisko · #8 Příspěvek od **Ivošisko** » 14 črc 2014 19:24

Tak jsem to zkusil znovu - při odinstalování se nabídne možnost odinstalovat i data procházení (nevím co to je, ale dal jsem tam tentokrát fajfku) a druhá možnost fajfkování je možnost zvolit si výchozí prohlížeč (asi to nabídne to, co je v compu nainstalováno - nevolil jsem nic).

Po nové instalaci mi Chrome opět načetl záložky a tentokrát i "pozadí". Chvíli se choval "normálně", ale po chvilce opět vypluly okna s reklamou. V Thunderbirdu neustále otravuje okno s výjimkou

#9 Příspěvek od **Rudy** » 14 črc 2014 19:27

Zkuste Junkware removal tool:

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Ivošisko · #10 Příspěvek od **Ivošisko** » 15 črc 2014 15:49

Zde je log z JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Renca on Łt 15.07.2014 at 15:21:05,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-725503666-4252985257-3050127159-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_DEFAULT.job"
Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_UPDATES.job"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Renca\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Renca\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Renca\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"
Successfully deleted: [Folder] "C:\Program Files (x86)\regclean pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\regclean pro"

~~~ FireFox

Successfully deleted: [File] C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\o86nuz98.default\user.js
Successfully deleted: [File] C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\wpojyk64.Karla\user.js
Successfully deleted: [File] C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\o86nuz98.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\o86nuz98.default\extensions\staged
Successfully deleted: [Folder] C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\wpojyk64.Karla\extensions\staged
Successfully deleted the following from C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\o86nuz98.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://mystart.incredimail.com/english/");
user_pref("browser.search.selectedEngine", "MyStart Search");
user_pref("browser.search.defaultenginename", "MyStart Search");
user_pref("keyword.URL", "hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search=");
Emptied folder: C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\o86nuz98.default\minidumps [11 files]
Emptied folder: C:\Users\Renca\AppData\Roaming\mozilla\firefox\profiles\wpojyk64.Karla\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 15.07.2014 at 15:48:28,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 Příspěvek od **Rudy** » 15 črc 2014 16:14

Smazáno. Nastala nějaká změna?

Ivošisko · #12 Příspěvek od **Ivošisko** » 15 črc 2014 17:22

Změna žádná (v chromu stále vyjíždějí otravná reklamní okna a v thunderbirdu stále obtěžuje okno s výjimkou)......co bylo smazáno?

#13 Příspěvek od **Rudy** » 15 črc 2014 17:42

OpenCandy, MyStart a podobné AdWary. Ještě zkusíme ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Ivošisko · #14 Příspěvek od **Ivošisko** » 15 črc 2014 22:34

Při zběžné rychlé prohlídce se zatím v TB okno, požadující výjimku, neukázalo........v Chromu okna s reklamou vyjíždějí pořád (zkusím ještě jeden restart)

Zde je log z CF:

ComboFix 14-07-15.04 - Renca 15.07.2014 22:43:03.7.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2683 [GMT 2:00]
Spuštěný z: c:\users\Renca\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Supporter\Supporter.dll
c:\program files (x86)\Supporter\SupporterSvc.dll
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kcpghjjebdibocnpnlapilikkddddepl\2.0\re_IrPUhxZ7s.js
c:\users\Renca\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Renca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Adanak_iels
c:\users\Renca\AppData\Local\Temp\_MEI37682\_ctypes.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\_elementtree.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\_hashlib.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\_multiprocessing.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\_socket.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\_ssl.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\hashobjs_ext.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\pyexpat.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\pysqlite2._sqlite.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\python27.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\pythoncom27.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\PyWinTypes27.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\select.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\unicodedata.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32api.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32com.shell.shell.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32crypt.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32event.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32file.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32gui.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32inet.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32pdh.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32pipe.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32process.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32profile.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32security.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\win32ts.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\windows._lib_cacheinvalidation.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._animate.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._controls_.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._core_.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._gdi_.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._html2.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._misc_.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._windows_.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wx._wizard.pyd
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxbase294u_net_vc90.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxbase294u_vc90.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxmsw294u_adv_vc90.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxmsw294u_core_vc90.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxmsw294u_html_vc90.dll
c:\users\Renca\AppData\Local\Temp\_MEI37682\wxmsw294u_webview_vc90.dll
c:\users\Renca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqswxme.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Renca\AppData\Local\Temp\pdk-Renca-3968\perl514.dll
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\07.05-15.50 - AG69 ALARM BEZDRÁTOVÝ ČIDLO POHYBU 2x OVLADAČ (4356619869).url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\07.06-15.36 - Rýsovací prkno (4378486759).url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\07.09-22.30 - nabíječka autobaterií 12 V, 6 V zn. Güde GL10 (4389056402).url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\07.14-20.20 - POSUV SUPORT FRÉZA SOUSTRUH FUNKČNÍ (4402564394).url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\DCF 77 Receiver Module DCF77 5 DCF 77 5 DCF Modul eBay.url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\NEW 2 PCS CAR Daytime Running Light 8 LED DRL Daylight KIT Super White Head Lamp eBay.url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\Practice Lock for Beginner Home Door and Car Locksmith Equipment Open Unlock eBay.url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\Practice Lock Set 2 3 4 5 6 Pin Locksmith Training Pick Comericial Grade eBay.url
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Recent\Practice Lock Southord Visible Cutaway w Spool Pins St 35 Locksmith Training eBay.url
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\skinboxer43.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-06-15 do 2014-07-15 )))))))))))))))))))))))))))))))
.
.
2014-07-15 20:59 . 2014-07-15 20:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-07-15 20:59 . 2014-07-15 20:59 -------- d-----w- c:\users\NB-IVO\AppData\Local\temp
2014-07-15 20:59 . 2014-07-15 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-14 17:34 . 2014-07-14 17:34 -------- d-sh--w- c:\users\Renca\AppData\Local\EmieUserList
2014-07-14 17:34 . 2014-07-14 17:34 -------- d-sh--w- c:\users\Renca\AppData\Local\EmieSiteList
2014-07-14 17:29 . 2014-07-14 17:31 -------- d-----w- c:\users\Renca\AppData\Roaming\Google Chrome Backup
2014-07-14 17:29 . 2014-07-14 17:29 -------- d-----w- c:\program files (x86)\Google Chrome Backup
2014-07-14 15:31 . 2014-07-08 16:42 61112 ----a-w- c:\windows\system32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-07-14 14:27 . 2014-07-15 20:57 -------- d-----w- c:\program files (x86)\Supporter
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\programdata\259d42d7d7337449
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\users\Renca\AppData\Local\Packages
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\programdata\cosstminn
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\program files (x86)\cosstminn
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\users\Renca\AppData\Local\Torch
2014-07-14 14:27 . 2014-07-14 14:27 -------- d-----w- c:\users\Renca\AppData\Local\Chromatic Browser
2014-07-14 14:26 . 2014-07-14 14:26 -------- d-----w- c:\users\HomeGroupUser$
2014-07-14 14:26 . 2014-07-14 14:26 -------- d-----w- c:\users\Guest
2014-07-14 14:26 . 2014-07-14 14:26 -------- d-----w- c:\users\Administrator
2014-07-14 14:26 . 2014-07-14 15:30 -------- d-----w- c:\program files (x86)\Adanak
2014-07-14 14:26 . 2014-07-14 14:26 -------- d-----w- c:\program files (x86)\YourFileDownloader Updater
2014-07-11 15:40 . 2013-02-28 14:27 20312 ----a-w- c:\windows\system32\roboot64.exe
2014-07-09 04:55 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 04:55 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-09 04:55 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 04:55 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 04:55 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 04:55 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 04:55 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 04:49 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 04:49 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 04:49 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-09 04:27 . 2014-07-09 04:27 -------- d-----w- c:\users\Default\AppData\Local\Google
2014-07-08 06:57 . 2014-07-15 00:00 -------- d-----w- c:\users\Renca\AppData\Local\Adobe
2014-07-08 05:15 . 2014-07-08 05:15 -------- d-----w- c:\programdata\IM
2014-07-08 05:15 . 2014-07-08 05:17 -------- d-----w- c:\users\Renca\AppData\Local\IM
2014-07-08 05:15 . 2014-07-08 05:15 -------- d-----w- c:\programdata\IncrediMail
2014-06-29 05:03 . 2014-07-15 13:15 -------- d-----r- c:\users\Renca\Disk Google
2014-06-16 17:36 . 2014-06-16 17:36 -------- d-----w- c:\programdata\GRETECH
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 08:13 . 2012-08-15 16:02 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 09:26 . 2012-08-08 05:25 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:26 . 2012-08-08 05:25 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-27 19:41 . 2013-12-18 18:31 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-06-09 21:12 . 2014-06-09 21:12 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-06-09 21:12 . 2014-06-09 21:12 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2014-06-09 21:12 . 2014-06-09 21:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-05-30 07:52 . 2014-07-09 04:53 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-09 06:14 . 2014-05-14 17:00 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 17:00 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 09:32 . 2014-06-13 04:06 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-13 04:06 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-13 04:07 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-13 04:07 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-11-24 17:34 . 2013-11-24 17:34 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A3479F92-6C4F-CD97-611F-3B614C4EF10B}]
2013-07-14 14:27 467456 ----a-w- c:\program files (x86)\cosstminn\wJQPbZZWej.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ef05f09c-9b2a-43a0-8155-fab1d641215a}]
2014-07-14 01:59 249624 ----a-w- c:\program files (x86)\Adanak\AdanakBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StickIt"="c:\program files (x86)\StickIt\StickIt3.exe" [2010-06-22 344064]
"WinOrganizer"="c:\program files (x86)\WinOrganizer\WinOrganizer.exe" [2011-08-08 3629568]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
"T-Mobile CManager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-10-31 2166552]
"AtomicAlarmClock6"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2013-12-20 1609728]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
"uTorrent"="c:\users\Renca\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-03 1326672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-31 3764024]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
.
c:\users\Renca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-12 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-24 13024768]
Nástroj schránky Logitech Media Server.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2013-12-28 3051619]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt2]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 be0fb33b;Supporter;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 ATICDSDr;ATICDSDr;c:\users\Renca\AppData\Local\Temp\ATICDSDr.sys;c:\users\Renca\AppData\Local\Temp\ATICDSDr.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd2.sys [x]
S1 {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64;{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64;c:\windows\system32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys;c:\windows\SYSNATIVE\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe;c:\program files\Atomic Alarm Clock\timeserv.exe [x]
S2 fsproflt2;FSPro Filter Service 2;c:\windows\SysWOW64\fsproflt2.exe;c:\windows\SysWOW64\fsproflt2.exe [x]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 Update Adanak;Update Adanak;c:\program files (x86)\Adanak\updateAdanak.exe;c:\program files (x86)\Adanak\updateAdanak.exe [x]
S2 Util Adanak;Util Adanak;c:\program files (x86)\Adanak\bin\utilAdanak.exe;c:\program files (x86)\Adanak\bin\utilAdanak.exe [x]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AIDA64DRIVER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-14 18:02 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 09:26]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14 17:37]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3479F92-6C4F-CD97-611F-3B614C4EF10B}]
2014-07-14 14:27 521728 ----a-w- c:\program files (x86)\cosstminn\wJQPbZZWej.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-31 10:22 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Renca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{788A3804-7946-4A50-BB32-DCCADDAF9CDC}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{850A5427-2841-4C2E-A225-654A46031765}: NameServer = 93.153.117.1 93.153.117.33
TCP: Interfaces\{EEC97EFE-C21F-42EC-96A6-65F0D9E132BD}: NameServer = 93.153.117.1 93.153.117.33
FF - ProfilePath - c:\users\Renca\AppData\Roaming\Mozilla\Firefox\Profiles\o86nuz98.default\
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b} - c:\progra~2\SUPPOR~1\SUPPOR~1.DLL
AddRemove-{a742cecc-7f50-4aac-a250-b406935bbc24} - c:\programdata\Package Cache\{a742cecc-7f50-4aac-a250-b406935bbc24}\wdexpress_langpack.exe
AddRemove-{bec3d87e-1d6d-4b15-8383-29068c86b888} - c:\programdata\Package Cache\{bec3d87e-1d6d-4b15-8383-29068c86b888}\wdexpress_full.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hide Folders 2012\hf.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programdata\Boxtools\Toolbox.exe
c:\users\Renca\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
.
**************************************************************************
.
Celkový čas: 2014-07-15 23:14:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-07-15 21:14
.
Před spuštěním: Volných bajtů: 23 721 697 280
Po spuštění: Volných bajtů: 25 277 104 128
.
- - End Of File - - AE274396E0024AB657BCC4E3FBFE9F82
A36C5E4F47E84449FF07ED3517B43A31

Ivošisko · #15 Příspěvek od **Ivošisko** » 16 črc 2014 00:27

Po restartu se Chrome nezlepšil - stále se mi v dolní části displeje anebo na levém okraji zjevuji reklamy...
Co se týká Thuderbird, tak zatím se okno pochtívající výjimku neukázalo, jen stále vykazuje jakousi těžkopádnost (snažím se myším kolečkem odskrolovat zprávu směrem dolů, chvíli se nic neděje a pak to najednou skočí a zase je to na 1-2 sec ťuhyk a poté opět poskočí)...

Takže tak asi....

VIRY.CZ

Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.

Re: Nabouraný Chrome, zespodu vyjížděcí reklama aj.