Dobrý den,
prosím o pomoc s PC
log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ondra at 2014-08-24 09:42:24
Microsoft Windows 8
System drive C: has 256 GB (56%) free of 460 GB
Total RAM: 3976 MB (58% free)
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
"C:\Program Files (x86)\StartW8\bin\StartW8Service.exe"
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
dashost.exe {bc281a7c-d0b9-4752-82f7966f84b9ad61}
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\SysWOW64\nethtsrv.exe
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Defender\MsMpEng.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-daf4929f-834e-49cd-9cb4-50505e3d41ab -SystemEventPortName:HostProcess-cc5abe2e-5d44-4dce-b257-a6242eb7ceab -IoCancelEventPortName:HostProcess-8e521259-85e1-4d60-b9f7-b706404f974e -NonStateChangingEventPortName:HostProcess-11228c10-f7ff-4032-b3f2-38d83d28328a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ad9b499e-6152-4a75-8861-6569d2f1e5ea -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7076a277-c6c0-4355-b318-9993b157425e -SystemEventPortName:HostProcess-ecf6e400-19f1-46e1-ad79-b383ec5b54ea -IoCancelEventPortName:HostProcess-ba8cf9a5-e3d3-4189-a4b4-eeae80d95580 -NonStateChangingEventPortName:HostProcess-e0603b72-53e2-47f7-809a-240392c69c57 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a8cdbd22-634d-4df4-a97f-36dcba79a170 -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files (x86)\StartW8\bin\StartW8Button.exe"
taskeng.exe {1A797B2E-5E48-46A5-A74B-5098E6390B12}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
taskeng.exe {415B50BD-1D49-4AA1-B6A0-03D004AC9928}
"C:\Program Files (x86)\Internet Speed Checker\fce8c2d7-5c51-4c23-8076-a0d9f3f93126.exe" /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.inputgenserv.com /runfrom='task' /externallog=''
"C:\Program Files (x86)\HD-V1.9\1ce23471-b063-47c0-b9e9-1e097165ae0e.exe" 001859 FB0DDE01630548B0830C83CEAC89CD38IE 61792 1407870751 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 HD-V1.9
"C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-6.exe" /agentregpath='Internet Speed Checker-nv' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /codedownloaddomain=http://js.inputgenserv.com /defbro=ie /DllName32ToInjectToChrome='06b91407-0a48-4b8e-a4f9-82c2cafd9212.dll' /DllName64ToInjectToChrome='091546db-0528-41cf-80e6-13ccee56baa9.dll' /nova64bitexe='010aae86-234a-482b-8ed2-17e286f2bce4-64.exe' /browsername='nova' /usehklm /crregname='Internet Speed Checker' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[0, 549453825, 0],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputgenserv.com/novarun/ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5148.0.2042445093\1013029140" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,5,16 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2843 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --channel="5148.2.34947003\1525040390" /prefetch:673131151
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --channel="5148.3.557024039\833090031" /prefetch:673131151
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
taskeng.exe {56EA45B4-566B-440D-9BD5-CFFF19358878}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5148.9.870741712\455876867" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
"C:\program files (x86)\internet speed checker\internet speed checker-bg.exe" /createbg
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --channel="5148.11.2105841948\1185481559" /prefetch:673131151
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4012 CREDAT:2888974 /prefetch:2
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
C:\Windows\system32\msiexec.exe /V
taskeng.exe {16B0C311-27F0-404B-A259-633A67931BC9}
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-pinch --enable-threaded-compositing --enable-delegated-renderer --channel="5148.13.849433845\1150659063" /prefetch:673131151
"C:\Users\Ondra\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-1.job - C:\Program Files (x86)\Internet Speed Checker\Internet Speed Checker-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /codedownloaddomain=http://js.inputgenserv.com /defbro=ie /crregname='Internet Speed Checker' /fbcodedownloaddomain=http://js.clientdemocloud.com /allusers /addinfojson='{"asw":[0, 549453825, 0],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputgenserv.com/ie_code_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-11.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-11.exe /rawdata=ont1yOYfonaJRj5RfBZxfd71Rq6RrGsDtHV4pZjQOAV3vzf/K7/Ct8NJyNuZD7ANP0slRv4N1XkEfm3dM3zL/wg5JWYxr8N5BVGfVQC0cr/i9AOwhSAucUqjVYYRmtNJR+CPmXcoSQjrlGQAEeT3vgLsnKEBDL5WlSzH4s2COtye7w4g1QVz9aLs6ZmN/kD2fevPujTkhFI1KER4WuBd8ly0SsVCctzhngRgWYE2FzMUJw3mnaZfCsTrzlkjh6aiHGepAALEMCEyOS+eXNFG3djcX1biqd8/qjZ1iaQNyI5RDF3cU/peEhewmrPs2ztuBC+O84fR4fLwQpRU7czTzKyW5RS+rniGXqvx6R+t/dD+zOE1oKcQTDyaZSZd0amj0LyKFelzf/4XbqMYGfwxOrBczQZGjT63og9Zgguvvi/tmBKXq2+37SGN92e+xooqtt01MSWFTzQW7DHaD83abppvjk8o02ApSRn2No/BjBDZ8vifl3FVdUFZ+btXeYGMuD2ESz1DzgWxjekrw3WdR5NEx9qhOX2UpEiBHd+8uAOJWwJdH0ZZ3uV8St1fUIphLm2QXPC2gPPS4aPucuiFr6dqwCFW3Xdi1IanDR5lD5pVQe1LkF0/+dWCffIhbqaYYi0UoQ9zkDeFRX8VUJ8ohs1BYTvGFBER0X8AQFWSw2pytmtUWDsZoCI8PovTo4LqL9qwC+hUrF0awRc+y7+WDv0blqVlnwwPuVSTUq35xXANnRQ4oASbuve5N1nWOaMMp4h8oBJ7dDlybNnGxwFYXN++m55x4eawUyt7pwL+RSpL+tH2MGidN+3elxUfv/ElFNRcY8p9srwkIiv1BgFSNA8Ay1sVgsB7+pJPe+9+CTxnv5t0dswKYAe80w0XFcsMFsTZ7wxtI63KVIyP6A+HRqu3PnV4/zwXXsuUQGmfeKWK19cEUc22vMBm2wtCAaQ27W92El8o3jcJT0zjh0Wnd3eGdiKcUaRqkW/yxud5Re6YSGBvoFiulYYmVVtPiFFoUSaDs8Xjz6Vt9c1PAUiZSPuHncWCP7+Vh/NnG+zciJYHdrFOLny57+ghdkOl0V+VqwMdCCe8PkjBTEPzd8HFQUD8j2BeVAKecf/MpA16T/7z1fqDbHws5mbGLwptIou1ZbcFiod+J488FfM5dfgmi9bYoTYXddjt0GZbjAWWhtYUudLx3aucHa1PrMLMDKuc7VEqJTs4urFYjuCndGHuFfRxGOrtClL97YssWlNgVeGp7fko4ulw/bKcrGm2OelXek7DACnWeTohqFwcu8wBuyIo4hxhel+XtLUkq3+VYRJ6t9ydISH4UH7UPVok2pAz4SUm2QmHUJ2h4aGFo1rHdlaikya4xZ4JF9k1BM7Hyt3mczc8WmmZ7YsL9oSLscVHpZBK04xnfTMDQkLRfrrxmY7Q2MBZQg3DXiKie4lMHoGsL4rJNH5GEUbTrw+lMY95Wb4HWYyYnFhTFSyRG31dzJGmrIgOSnAF6jHdvXYJaVbxxgaJLL4SWB2dIGeg86Chndtt7NcDJg4kDTr9JBWaSyv+G7COMU80gV6yTlHwqq97idYXNQoubu8UXQ/FfnDTUbA5A7HADxYdpUQN4MDIT/UrZiXoK/IaJfH08Km1UyurG5pbpmKuzuq/jA0Cte7L0clLm1IgrOVZbDQbcVUE0rsDx23nSEzkG2nlj8JKu6+0zgqrSMBU7UquhDqBBfopDQ/KwnVXTCDPfWMBiwBuU/GrdZ7hqaG8XL+rnxDXMCQYP2TpUc7UQhBxRTXnJClEl6eW9Q8ZocUPS2bk51PvrucJ5VnHrQaJxP4sK7A0cGO5Bxt7JJSJFMwCgFwqm7aYGu8SAk2L2o9jrmL165RyoArnp0IQhM/6+QWDUygzZTeyF/lWa+SD8wtcTJ9OMUEcRtEnjcoWz9qAwV1EX1/KtzFVylDBBiz6WAbtM1zLuMsEc13jFCDuv6jg76AH/vtAtsDzaL8DTxv/Z2N4K2EsqrBCwAOrCEEMt16K0O/F3+numuEXhWjX7A6PXGljyZut
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-2.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-2.exe /enablebho /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /bhoguid=11111111-1111-1111-1111-110611171152 /defbro=ie /allusers /autoupdateulr='http://update.inputgenserv.com/ie_enabl ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-4.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-4.exe /installxpi /agentregpath='Internet Speed Checker' /extensionfilepath='C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4.xpi' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /waitforbrowser=300 /extensionid=sepherdwilbur@aol.com /extensionversion=0.95 /prefsbranch=asepherdwilburaolcom61752 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /61752.rdf /extensionname='Internet Speed Checker' /extensiondesc='Test your internet speed with 1-click' /publishername='Speedchecker' /defbro=ie /sid=S-1-5-21-2315802412-815962061-3052649632-1002 /addinfojson='{"asw":[0, 549453825, 0],"browser_name":"__BROWSER_NAME__"}' /allusers /allprofiles /checkfflist /autoupdateulr='http://update.inputgenserv.com/ff_agent ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-5.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-5.exe /runupdater /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.inputgenserv.com /sid=S-1-5-21-2315802412-815962061-3052649632-1002 /updaterversion=6 /monetizationdomain=http://logs.inputgenserv.com /autoupdateulr='http://update.inputgenserv.com/updater_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-5_user.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-5.exe /runupdater /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /geoserviceurl=http://ipgeoapi.com/ /updatejsondomain=http://update.inputgenserv.com /sid=S-1-5-21-2315802412-815962061-3052649632-1002 /updaterversion=6 /monetizationdomain=http://logs.inputgenserv.com /autoupdateulr='http://update.inputgenserv.com/updater_ ... pdate.json' /usertask /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-6.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-6.exe /agentregpath='Internet Speed Checker-nv' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /codedownloaddomain=http://js.inputgenserv.com /defbro=ie /DllName32ToInjectToChrome='06b91407-0a48-4b8e-a4f9-82c2cafd9212.dll' /DllName64ToInjectToChrome='091546db-0528-41cf-80e6-13ccee56baa9.dll' /nova64bitexe='010aae86-234a-482b-8ed2-17e286f2bce4-64.exe' /browsername='nova' /usehklm /crregname='Internet Speed Checker' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[0, 549453825, 0],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputgenserv.com/novarun/ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\010aae86-234a-482b-8ed2-17e286f2bce4-7.job - C:\Program Files (x86)\Internet Speed Checker\010aae86-234a-482b-8ed2-17e286f2bce4-7.exe /updateapp /agentregpath='Internet Speed Checker-nv' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /codedownloaddomain=http://js.inputgenserv.com /defbro=ie /DllName32ToInjectToChrome='06b91407-0a48-4b8e-a4f9-82c2cafd9212.dll' /DllName64ToInjectToChrome='091546db-0528-41cf-80e6-13ccee56baa9.dll' /nova64bitexe='010aae86-234a-482b-8ed2-17e286f2bce4-64.exe' /browsername='nova' /usehklm /crregname='Internet Speed Checker' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[0, 549453825, 0],"browser_name":"__BROWSER_NAME__"}' /runfrom=task /autoupdateulr='http://update.inputgenserv.com/novacode ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\0864773b-cee5-4aba-a445-37192f97832a.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-4.exe /rawdata=coQqJR3R6G/r2cIkA3u1rfTruTM58QXIaHg0LwVGCDbEndgvI74tR/ivgKZiuruPwfuNPZ4uAipo9QU0geesfOmkDJn3j92V8dmFLuX1717m+QP6xAYVtZVfIQz5PID5OrXZEVeHZjZDDcOVQReTzWJVxB4zNmTXX0EsYumsjpqAjChBs7IIVHS2N9upQIVa6xZ2Y4s/XZye754nammM7I54+3Ug12BDR7wm5fveR1gnXM5vtLIFsbLGUMTxwIrRG+r7/h9HK7rJkXAxu3LaVx+f3CdvOnNszN+ONWEkMLrmQEWjuor2N++uM4PrifOktYkfCedN0XxvyJYhsXqpa5jNh2CbLpw+lIKHAzYlVZxHVZ6LMTWbclx46xTLsgBoFJbyC48NALSXWRXNEMGORb48YcSEeslkT3QfvX3xXHqZPo38UqMGszSiUQ5vpsHWeOpnwvWUD3mErVeIUbNIzh3Rr6xy4vQVheV20M2f3MUpv0CXVVPX/wgzVSg1Q/3yx9u5l0ejkOREoa9izYQdJCor6CRIgsl51SUT62XFe1bxXpWHn40ift2GcM3QTX1IlHqWhxZ8L8wLBGEQvWuWDxRjc8r/LytPAjtf4ASxgzHovbgpylFdW5pcUxY8apGnqrwV0rPOECyt0esh3kop7Wv7OSpykNh/VnfBLb7Ks7ZHRAzajPhytbwb8J4IqNNFt/2Mdnfd0ustijIy+ktrirAyVa+59oXG0q4Z5pEmtWRnQHIadSQMgO68aLclpQmj2//WP1KuPK4OsiVn0tW4G73SjKOp0QNWGxSWebJIsQQTAOgbv9zPp+VzNWwCh5avlAwllzTdU5Qnv++5U6Gs7pdk7RZic+aMEsRujBlH73/GM8VEnvjZGv3nEDB/mwVrwTExwBhmoNmt2fVrZS78x3b4X4xKbktG5JItEAN7Kjd4vrHqbrU3R4YQQ46E6PuA7MgiIiyFAKsogMUMOkYD2MDL7o9l2lubbAcO8IErJxuDtSdk5fqVtPhOtf/R9b5NHYr+9dzRHkA6hAIh33DBKKM+BkBzWfHlqpkLsw/pXDyA7yDKRAz/JmLIe0qxaN59BqRKPUwCeqm49PNm0oFoUfn1bnfZzXi/6e37yFdWWexibrTVe38Bc9i7QvjNIyxWJOzTx+F+PbDZDSlXv73Q5WCt+bWbryDpYfDwG7p8Reu/WkF3GQkhfX4tIXI5LJtSUzQlw8KqIWhAn8VWDYeFQ3rhSBCeMncVpNDuFU3ItLwDYE+pJpWREKo2UqWBn2t1qb/mdoF4zcJChl56JPXTGiaycwmV5z4ajtP5n1Tw5oD9eGWBZb3fNtjtdQP3cdu7aATxSONigfFYleABlae1+S91YsWES2IkV8cEwpOOWz1ccQ2VNb0tRGQWlvCnfKrtHGRdqxEaXRHcAo+o9pFkz/wEQbsV0dcw0Pc+Y5PJOUAvWmBOfYeopm1w6jWhGfeJHexgTy4vYyxcF/poeQjVm9yVRN2hjZfoCE9GjottFnozMcZs2KcZyKaEpD1VRGUUq8NiUZGBIGt1EC0njCkknXuZtVuLjh/8OjHhZ/xvx8K5RAIhheFt+W/C9JflnPi8hmWRGzBLjRMehvQzXlRZ98BiWTl05uQBnxzjImqgYJFa3xkP82th1w2qKA3At/lgv9TCZVn4dCpcCWyqBjb3c4t2s6jr065YQ6yjB9XK7pU=
C:\Windows\tasks\1ce23471-b063-47c0-b9e9-1e097165ae0e.job - C:\Program Files (x86)\HD-V1.9\1ce23471-b063-47c0-b9e9-1e097165ae0e.exe 001859 FB0DDE01630548B0830C83CEAC89CD38IE 61792 1407870751 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 HD-V1.9
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-1.job - C:\Program Files (x86)\HD-V1.9\HD-V1.9-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installerfullversion=1.34.7.29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /allusers /addinfojson='{"asw":[32768, 536870913, 0],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputdatacloud.com/ie_cod ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-11.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-11.exe /rawdata=Tza0lMhJ8Q9Su8qWas4+uLwxZqQWLC4/1InhtQhw7lxkKyPM5Q4y694qR6l2ZM+UAfZD5qw0vMI+FAmnhtBcjfxvE4aIxvHZqSRoCqPm7alFDSINfhZ7FUB1QhBWKN9mc+h03/grr7FaWsJVlynx7/7tbeZsCWZdw4RohexIko1a59hDGRNRbhhNq1IQ1yYjGKEPr4Kt+QskhEp/IMl0JhXgZyNCM16IKXKd8Y407lH9amsCwAm0Tvt8xq4lWmolkOMi3Dzd2xiHDVbYo7olDdRbg1eTtseL1GP806cT05zsNs23i3aBD+4KjqqyBueW3ySgUQo/Ib5UXVIXTlNcKyaU5ZJeSMHb+WW5iRfcQ7LyIAwOeSuAPzVPPYmGqpQckcS7xrPPfF5neu3H/hOxHQPPc3t6MSHbYXhi9Yu6KazzQ+0IKwJpDyNLKuHQC1e3yjgtWgqqzHmVDqKoIQcuS46k7ovKsUyoCnSHch29Y59nML7W8X4V7CyZuS/+d6qPStQneGKMbb6s/rEAFWSPETX9CTSGa4Rc4YKpvZdjdQOnSWXYSDh322C/PkR5MiiXwefzNp21dleYBByImOHS58I7cDA/M1jvBuruR7j3WANhD+rQL+CqiNcq+RRGzqUkpTaT/N0ST2qrYMFGPQz4UZqJpLW1jiNtLnbHp3EsF9sHI/lI4ke2BaJTl6nAnvkvqPxp5eMeN4856zNvyrr5i0HPhC2hPdADBpzJkswEgK3LSV0lifFfJDnzzukJKmESnRFT+m9anIM0Ntb/+IY/teQHOfHK0fP/vzK66cthOG6KMy/GL5SFSWdubiMSP724zzEP7Wr9twPtHr2TBPsigzzvh0TpNy5UeCPnxLyIOZTuB5lPhJelpsMLISkJEPVZ+zyjuzUAINlLqoRsf5GTDtRF/e0dZreFMUQwFM/eSKOAMArQmmtw1XXOdqHvJ31MkuO6O8a1VXte0jNmYRLUPRKB65JecAujxG4pr23cXxKwAfZhHGuvCHYj47n3K+0pYaSWvCXQr0+knC3549LSsPT2LIRpRD+qU76tdEwTBActVnTHEf3GDmC8qRTXjT7fsOktIgvFdLUEg10nWgy3Qtgo+Y4wjpdq/9HcX3/2/gBGp8eKMr9jmJ3Yh2HrQyDh0SXoNV303B6mfNfP81W1RHsP07tr70ggYFKMxfyGf6uhyaCCHWhVYAG/17Pw2CtJMe34cI2+oob2sTQTGtS06uaQxJpHAvaFCbt1Dn+PzA6beE0lGTqb7d/1FiExlsI2atV2luvh/Va8K8waMQ3NhGs6MM2cx8wOIrlMo1Vdbst9iBHWrmuCLz74X3WpUNGf0y0DGkblxIcbtYavCQSxB2IspJZnhp57BD1a9ETtUZ/d94OgRIvVirwJrfdDUKAVHNtGfWCXiPhyCEe6yYnPdGW7AfmU8e3AIa1YiKLYJv7hkCsWXjDsTW01He6ph7WNLfiO6JLYphhctKoprZcO8t5D8X7WDBD/Bcs+G6czWseiKGIZ/vOiskVrt1Zw4i9kfIH7iTWwnGbzQtmjQMS1vrGjrKttnTI1WYlieGkTIv3HxVGeAFbaqcwd+EJUx5hVWV30CCqO9M0/c+CoyolnyQuwVpSHCN++2fZScZ5hBbyXfJft0coCIZglLh6oPhUPrJEz2AHCDqVvpHY8dpfFPaX3AuK/UiORTHIduNcX/+F+EakiE76t4HpZpFbnYjaack/UWNBp1U+OOQuvaxR6RblxjhbsP8v0yEScKFZO2BX43t4OKt02d8ED60WzKNGfv+hVTGCpspkys3CqAmt2M4gJPaGu5CCBkMlPHaZJeBbiaHAfh9sRYdI2BSOVKpPUHAhsw5wPdEUYzFEghO8vWQilY3P+biLR6SZOP2eOu1ZixMiHaoCN0xL6LWWGc5pQ74Wrll7xA5lLsL5V97QuPdVRNs0Pqnz6kR+uattZRnvbVzgDhD3u4Dl6aAaq1ZpZM/LmH2XV47N8aKW/xHfL3vmJCAMxKjtl+TtO5kvKLrRTcSqjJzAxmmAGpuHndyNW
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2.exe /enablebho /agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /bhoguid=11111111-1111-1111-1111-110611171192 /defbro=ie /useiepol /allusers /autoupdateulr='http://update.inputdatacloud.com/ie_ena ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-3.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-3.exe /rawdata=go7k9f7VxdWYa2I76pt8zKqvkYAWXoSwTCh7ZxFS6MGnEDxjV8bmha2q+xpGTmtWR9zCte8ByPxk165K1lMHNxX2t9QkCNJ0TKiALx50dY5/rmeUQ2vXuQYaB+DioCMy0kWLcDwi0g44yH9OJyan494gFrffUBYwh2jnzjdiQa4gQQo8zQaS/atMHLLWHtg3yq1OoYGQ9Ef6iMe6k+r9BeMg+IkPoJ6/FMgoZlYeldVdeYrfvgdrvpSK8Z1CYjXrOCfZrWcYgqJyUKTL2e5drJ9jaKaQuL/xknAOIVCM+LBg+Tnyms2ulWyOTSXij8OlBwTvtvqH7ksuGy7QMiFJaqZkdcnvXaUBVSjb0W3ydx828/hkC1zbpdAsPnSWW48Gp/0VH/tEo7AjCxhQiwKuMXp8cSQ+OKfG3EH4NThWhYkL9KLG5aYscVAS6k3DXc/rm8MYM0jytYzH4XunA75EfkRyk460VBO4X5lXVv9X1ihxbv1cMwHI6KgAIu5TV9k1xxCCSk4inALHG79CDC/4Y/uRHKaula0bKXBRpEGw/nB4XtHu+AuiT8wJkhKc/NOYUIgkfdzf3ccZ54WLJu2jSvEjEkpRZlw3vwJRkOM7OlClAxjDn7p7tgm74rFUvPdOrs/t2sipHlXRw5/fNuzMTSvaToqj+cN75VcwqPBMtoqjWlcLBJbO3TrWxZvO1xUiPi8F2sdSpF96nEl+O3LyG9LmQmA67ux3k1hXndw/7fkwhqt4e8f3qviO4yrr7N8GAiD9TqASTxfqhuh+1dQPviZ0uq+8iQQKRDMURgWA7UPdT4IJnq2m/W1bC7oi9c18R3+XgNB1TRima/PyDu3dMIZU4aKW1d70Oah9Ji6ahR94OszPHHd+8bk4mmE/VRz+yklhHyZdm78LdRGBiXTRKmz1MfyX6BifysV/mT+CEK5VczUsb78wdtOXmUZexwU9uAYShT5qWUWs1Ztr+citUOoUEweaoHrmIX/UOLHrSmTEVudmpHJ/q4IbPEDer/MYKbqS3csHgKZUp6QpnkP5MSDjXtiN/lpFTAJAz+eA5JKzTVO6ElqlEvPvdseUCmPYJQs3c7Di1FhVlxnB8R5ke1HNgddCUhez2xzCzY+fNmZv/3IMPcKp/3zPj2MvlDa2cs8NsrM2tc6CV2RoJ20lfWTOMsQsAPvWrN6RKX+VRyJklBiIQiB6BMtP3qp5MzCig/DoSiASSjG4eLCWPOnf1ajxkpMZOOwVacGwtgDTF3hYG4hMnpG/A0P2J9CxzkvsugJRtJl5VwPyrA9o2Csse64DZtb10I/aGnmfy78x3PFnuYS4ZQwsnYjlgGvTab0TC9M+YerbC5dOxNRYo4W9cMIzus05yKb2DGzJg2KGSaRjfDovoMn3ac8dMXHcv36FHQ9zNVRSWaqub87HLiLe+LcnA9qzO/SJPqRvrFSRYZZxaBaHUTfSOXLSKrx1YRetTcdYCO5wUpIEX67ay7SX3yN++KqIzs94Gr1/aJy/uOKw3KRaS/iSfJDSllGNyHah
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-4.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-4.exe /installxpi /agentregpath='HD-V1.9' /extensionfilepath='C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7.xpi' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installerfullversion=1.34.7.29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /waitforbrowser=300 /extensionid=UIMGMKB37220652@DPOEER3647180.com /extensionversion=0.95 /prefsbranch=aUIMGMKB37220652DPOEER3647180com61792 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /61792.rdf /extensionname='HD-V1.9' /extensiondesc='Lights out for YouTube' /publishername='InfoHD-V1.8' /defbro=ie /sid=S-1-5-21-2315802412-815962061-3052649632-1002 /addinfojson='{"asw":[32768, 536870913, 0],"browser_name":"__BROWSER_NAME__"}' /allusers /allprofiles /checkfflist /autoupdateulr='http://update.inputdatacloud.com/ff_age ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-6.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-6.exe /agentregpath='HD-V1.9-4c7d' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installerfullversion=1.34.7.29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /DllName32ToInjectToChrome='1a8f1759-2cf9-4675-92e5-640cca9d7335.dll' /DllName64ToInjectToChrome='d638262c-7acd-4f09-8222-71364042d272.dll' /nova64bitexe='4c7d9f47-8186-4362-9bc8-2636ef05d9a7-64.exe' /browsername='nova' /usehklm /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[32768, 536870913, 0],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputdatacloud.com/novaru ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-7.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-7.exe /updateapp /agentregpath='HD-V1.9-4c7d' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installerfullversion=1.34.7.29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /DllName32ToInjectToChrome='1a8f1759-2cf9-4675-92e5-640cca9d7335.dll' /DllName64ToInjectToChrome='d638262c-7acd-4f09-8222-71364042d272.dll' /nova64bitexe='4c7d9f47-8186-4362-9bc8-2636ef05d9a7-64.exe' /browsername='nova' /usehklm /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[32768, 536870913, 0],"browser_name":"__BROWSER_NAME__"}' /runfrom=task /autoupdateulr='http://update.inputdatacloud.com/novaco ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\59f45487-2a6b-4d4b-9794-785c25a397ec.job - C:\Program Files (x86)\Internet Speed Checker\59f45487-2a6b-4d4b-9794-785c25a397ec.exe 001726 F232D3DBE71140B3916C8E89EEEA99F6IE 61752 1408799368 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 Internet Speed Checker
C:\Windows\tasks\fce8c2d7-5c51-4c23-8076-a0d9f3f93126.job - C:\Program Files (x86)\Internet Speed Checker\fce8c2d7-5c51-4c23-8076-a0d9f3f93126.exe /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=F232D3DBE71140B3916C8E89EEEA99F6IE /verifier=405c04a15dcfddc2a55fb1a9922e4e6d /installerversion=1_34_08_12 /installationtime=1408799368 /statsdomain=http://stats.inputgenserv.com /errorsdomain=http://errors.inputgenserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.inputgenserv.com /runfrom='task' /externallog=''
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\temp_4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2.job - C:\Program Files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2.exe /enablebho /agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=FB0DDE01630548B0830C83CEAC89CD38IE /verifier=69634112e9f0ef161ca634971d02e1b8 /installerversion=1_34_07_29 /installationtime=1407870751 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /bhoguid=11111111-1111-1111-1111-110611171192 /defbro=ie /useiepol /allusers /autoupdateulr='http://update.inputdatacloud.com/ie_ena ... pdate.json' /runfrom='installer' /externallog='C:\Users\Ondra\AppData\Local\Temp\HD-V1.9Installer_1407870751.log'
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}]
Internet Speed Checker - C:\Program Files (x86)\Internet Speed Checker\Internet Speed Checker-bho64.dll [2014-08-23 791912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-07-27 218776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}]
Internet Speed Checker - C:\Program Files (x86)\Internet Speed Checker\Internet Speed Checker-bho.dll [2014-08-23 586600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27 1730256]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10 351136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-25 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-25 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-25 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-08-06 1425408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"HP HD Webcam Driver_Monitor"=C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [2012-07-26 303480]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"StartW8Button"=C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [2012-12-19 52224]
"mnchwgqSrv"=C:\Windows\system32\mnchwgq.vbe []
"MSStp"=C:\Windows\system32\msstp.vbe []
"mnchnuqcwSrv"=C:\Windows\inf\mnchnuqcw.vbe [2014-01-19 1342]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-08-24 09:42:24 ----D---- C:\rsit
2014-08-24 09:42:24 ----D---- C:\Program Files\trend micro
2014-08-24 09:38:32 ----A---- C:\awhC887.tmp
2014-08-23 15:16:47 ----A---- C:\awh26F8.tmp
2014-08-23 15:15:13 ----A---- C:\Windows\system32\sdnclean64.exe
2014-08-23 15:15:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-08-23 15:15:05 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-23 15:09:35 ----D---- C:\Program Files (x86)\Internet Speed Checker
2014-08-23 13:28:25 ----D---- C:\Program Files (x86)\ESET
2014-08-16 19:58:29 ----A---- C:\awh9C18.tmp
2014-08-16 19:54:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-16 14:25:05 ----D---- C:\Windows\SoftwareDistribution
2014-08-15 22:04:16 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2014-08-15 21:58:17 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-15 21:58:17 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-15 07:34:42 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-15 07:34:40 ----A---- C:\Windows\system32\cdd.dll
2014-08-15 07:34:10 ----A---- C:\Windows\system32\mshtml.dll
2014-08-15 07:34:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-15 07:33:59 ----A---- C:\Windows\system32\ieframe.dll
2014-08-15 07:33:56 ----A---- C:\Windows\system32\jscript9.dll
2014-08-15 07:33:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-15 07:33:55 ----A---- C:\Windows\system32\iertutil.dll
2014-08-15 07:33:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-15 07:33:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-15 07:33:53 ----A---- C:\Windows\system32\urlmon.dll
2014-08-15 07:33:52 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-15 07:33:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-15 07:33:51 ----A---- C:\Windows\system32\wininet.dll
2014-08-15 07:33:50 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-15 07:33:49 ----A---- C:\Windows\system32\jscript.dll
2014-08-15 07:33:49 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-15 07:33:48 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-15 07:33:47 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-15 07:33:46 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-15 07:33:46 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-15 07:33:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-15 07:33:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-08-15 07:33:45 ----A---- C:\Windows\system32\uxtheme.dll
2014-08-15 07:33:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-15 07:33:44 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-08-15 07:33:44 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-15 07:33:44 ----A---- C:\Windows\system32\iesysprep.dll
2014-08-15 07:33:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-15 07:33:43 ----A---- C:\Windows\system32\msrating.dll
2014-08-15 07:33:43 ----A---- C:\Windows\system32\iernonce.dll
2014-08-15 07:33:43 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-15 07:33:43 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-15 07:33:42 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-08-15 07:33:42 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-15 07:33:42 ----A---- C:\Windows\system32\UXInit.dll
2014-08-15 07:33:41 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-08-15 07:33:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-15 07:33:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-15 07:33:41 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-15 07:33:41 ----A---- C:\Windows\system32\iesetup.dll
2014-08-15 07:33:15 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-15 07:33:15 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-15 07:33:09 ----A---- C:\Windows\system32\win32k.sys
2014-08-15 07:33:08 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-15 07:33:08 ----A---- C:\Windows\system32\gdi32.dll
2014-08-15 07:33:04 ----A---- C:\Windows\system32\twinui.dll
2014-08-15 07:33:03 ----A---- C:\Windows\SYSWOW64\twinui.dll
2014-08-15 07:33:02 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-15 07:33:02 ----A---- C:\Windows\system32\msi.dll
2014-08-15 07:33:02 ----A---- C:\Windows\system32\actxprxy.dll
2014-08-15 07:33:01 ----A---- C:\Windows\system32\authui.dll
2014-08-15 07:32:59 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-15 07:32:59 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-15 07:32:59 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2014-08-15 07:32:59 ----A---- C:\Windows\system32\msihnd.dll
2014-08-15 07:32:59 ----A---- C:\Windows\system32\consent.exe
2014-08-15 07:32:42 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2014-08-15 07:32:42 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2014-08-13 09:21:21 ----A---- C:\awh5A3A.tmp
2014-08-12 21:12:40 ----D---- C:\Program Files (x86)\globalUpdate
2014-08-12 21:12:37 ----D---- C:\Program Files (x86)\HD-V1.9
2014-08-12 21:12:14 ----D---- C:\Users\Ondra\AppData\Roaming\Seznam.cz
2014-08-12 13:34:06 ----A---- C:\Windows\system32\drivers\nethfdrv.sys
2014-08-12 13:33:46 ----A---- C:\Windows\SYSWOW64\netupdsrv.exe
2014-08-12 13:33:38 ----A---- C:\Windows\SYSWOW64\installd.exe
2014-08-12 13:33:26 ----A---- C:\Windows\SYSWOW64\nethtsrv.exe
2014-08-12 13:33:18 ----A---- C:\Windows\SYSWOW64\hfnapi.dll
2014-08-12 13:33:10 ----A---- C:\Windows\SYSWOW64\hfpapi.dll
2014-07-27 08:41:16 ----D---- C:\ProgramData\Bitstream
2014-07-27 08:28:19 ----A---- C:\Windows\system32\FNTCACHE.DAT
======List of files/folders modified in the last 1 month======
2014-08-24 09:42:24 ----RD---- C:\Program Files
2014-08-24 09:42:09 ----D---- C:\Windows\Temp
2014-08-24 09:41:18 ----D---- C:\Windows\Prefetch
2014-08-24 09:35:40 ----A---- C:\Windows\SYSWOW64\log.txt
2014-08-24 09:33:59 ----D---- C:\ProgramData\PDFC
2014-08-24 09:33:23 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2014-08-24 09:33:19 ----A---- C:\Windows\SYSWOW64\bscs.ini
2014-08-23 22:00:01 ----D---- C:\Windows\system32\sru
2014-08-23 18:08:15 ----D---- C:\Windows\system32\config
2014-08-23 17:15:34 ----D---- C:\Program Files\PCDApp
2014-08-23 17:14:19 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2014-08-23 15:15:26 ----D---- C:\Windows\system32\Tasks
2014-08-23 15:15:13 ----RD---- C:\Windows\System32
2014-08-23 15:15:12 ----HD---- C:\ProgramData
2014-08-23 15:15:05 ----RD---- C:\Program Files (x86)
2014-08-23 15:11:21 ----D---- C:\Windows\system32\Drivers
2014-08-23 15:10:33 ----D---- C:\Windows\Tasks
2014-08-23 15:09:46 ----SHD---- C:\Windows\Installer
2014-08-23 15:07:13 ----D---- C:\Firefox
2014-08-23 15:02:20 ----D---- C:\Windows\Microsoft.NET
2014-08-23 14:55:56 ----D---- C:\Program Files (x86)\FLVM Player
2014-08-23 14:55:55 ----D---- C:\Program Files (x86)\demoni 2013 horor avi cz dabing cely film
2014-08-23 14:12:44 ----SHD---- C:\System Volume Information
2014-08-23 13:28:43 ----D---- C:\Users\Ondra\AppData\Roaming\Oxy
2014-08-20 19:58:08 ----RSD---- C:\Windows\assembly
2014-08-20 19:14:38 ----D---- C:\ProgramData\Microsoft Help
2014-08-17 20:37:49 ----D---- C:\Users\Ondra\AppData\Roaming\Skype
2014-08-17 19:24:43 ----D---- C:\Windows\rescache
2014-08-17 09:55:30 ----D---- C:\Users\Ondra\AppData\Roaming\uTorrent
2014-08-16 20:00:41 ----D---- C:\Windows\Inf
2014-08-16 20:00:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-16 19:56:50 ----D---- C:\Users\Ondra\AppData\Roaming\QuickScan
2014-08-16 19:54:13 ----D---- C:\Windows\WinSxS
2014-08-16 19:54:10 ----D---- C:\Windows\SysWOW64
2014-08-16 19:51:31 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-16 19:51:31 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-16 19:51:31 ----D---- C:\Windows\system32\en-US
2014-08-16 19:51:31 ----D---- C:\Windows\system32\cs-CZ
2014-08-16 19:51:30 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-16 19:51:28 ----D---- C:\Program Files\Internet Explorer
2014-08-16 19:50:57 ----RD---- C:\Windows\ToastData
2014-08-16 19:50:46 ----D---- C:\Windows\system32\DriverStore
2014-08-16 17:33:52 ----HD---- C:\Program Files\WindowsApps
2014-08-16 16:07:04 ----D---- C:\Windows\AUInstallAgent
2014-08-16 14:25:05 ----D---- C:\Windows
2014-08-16 11:45:51 ----D---- C:\Windows\CbsTemp
2014-08-16 10:26:44 ----D---- C:\Windows\system32\MRT
2014-08-15 22:16:19 ----A---- C:\Windows\system32\MRT.exe
2014-08-15 22:11:21 ----D---- C:\Windows\system32\catroot2
2014-08-13 19:31:55 ----RD---- C:\Program Files (x86)\Skype
2014-08-12 21:11:59 ----D---- C:\Program Files (x86)\Common Files
2014-07-27 08:41:23 ----D---- C:\ProgramData\Corel
2014-07-27 08:28:35 ----D---- C:\Windows\Minidump
2014-07-26 23:41:59 ----A---- C:\SROF.ini
2014-07-26 20:26:11 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-26 20:26:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-07-31 645952]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 dtsoftbus01;@oem30.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2013-04-14 283200]
R1 nethfdrv;nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [2014-08-12 46160]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
R3 IntcDAud;@oem20.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2012-07-31 175928]
R3 MEIx64;@oem29.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2013-01-11 64624]
R3 netr28x;@oem34.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem33.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SPUVCbv;@oem21.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2012-08-03 1062008]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-08-06 540160]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-26 11926528]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-06-29 360448]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNe64.sys [2012-06-02 11400192]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-08-15 85504]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 NetHttpService;Network HTTP Support Service; C:\Windows\SysWOW64\nethtsrv.exe [2014-08-12 179712]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 ServiceUpdater;Network Support Service Updater; C:\Windows\SysWOW64\netupdsrv.exe [2014-08-12 162304]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-08-06 321536]
R2 StartW8Service;StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [2012-12-19 51200]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-11 1001376]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23 68608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-25 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-23 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 116648]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys [2012-11-27 29952]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
v prohlížeči mi vyskakuje stále nějaké okna
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: v prohlížeči mi vyskakuje stále nějaké okna
Zdravim 
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Udelejte MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam Udelejte MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
skoušel jsem to dvakrát ale pokaždé když dám exportovat log tak se program kousne a vypne
pokaždé sken trval cca 2 hod. a našlo to okolo 1000 hrozeb
pokaždé sken trval cca 2 hod. a našlo to okolo 1000 hrozeb
Re: v prohlížeči mi vyskakuje stále nějaké okna
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
# AdwCleaner v3.308 - Report created 24/08/2014 at 16:12:14
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Ondra - ONDRA-NTB
# Running from : C:\Users\Ondra\Downloads\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\FLVM Player
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Internet Speed Checker
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Users\Ondra\AppData\Local\GCC
Folder Deleted : C:\Users\Ondra\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Ondra\AppData\Local\Oxy
Folder Deleted : C:\Users\Ondra\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Ondra\AppData\LocalLow\Internet Speed Checker
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\Users\Ondra\Documents\PCSpeedUp
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\SysWOW64\nethtsrv.exe
File Deleted : C:\Windows\SysWOW64\netupdsrv.exe
File Deleted : C:\Windows\System32\drivers\nethfdrv.sys
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : BitGuard
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : Oxy
Task Deleted : PC SpeedUp Service Deactivator
Task Deleted : PileFile logon
Task Deleted : PileFile reminder
Task Deleted : Windows Updater
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-1
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-11
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-2
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-4
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-5
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-5_user
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-6
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-7
Task Deleted : 0864773b-cee5-4aba-a445-37192f97832a
Task Deleted : 1ce23471-b063-47c0-b9e9-1e097165ae0e
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-1
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-11
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-3
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-4
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-6
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-7
Task Deleted : 59f45487-2a6b-4d4b-9794-785c25a397ec
Task Deleted : fce8c2d7-5c51-4c23-8076-a0d9f3f93126
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mihecgifecjdmjjmkgnobfpladefgige
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\a53dfdde239bd13
Key Deleted : HKLM\SOFTWARE\a53dfdde239bd13
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171192}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17054
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v36.0.1985.143
[ File : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Homepage] : hxxp://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=AE146894230BC30A
Deleted [Extension] : flcjcajklmlbpmgckpcmnampagbhhmcp
Deleted [Extension] : mihecgifecjdmjjmkgnobfpladefgige
*************************
AdwCleaner[R0].txt - [19064 octets] - [24/08/2014 15:33:41]
AdwCleaner[S0].txt - [18531 octets] - [24/08/2014 16:12:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18592 octets] ##########
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Ondra - ONDRA-NTB
# Running from : C:\Users\Ondra\Downloads\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\FLVM Player
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Internet Speed Checker
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Users\Ondra\AppData\Local\GCC
Folder Deleted : C:\Users\Ondra\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Ondra\AppData\Local\Oxy
Folder Deleted : C:\Users\Ondra\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Ondra\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Ondra\AppData\LocalLow\Internet Speed Checker
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Oxy
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Folder Deleted : C:\Users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Deleted : C:\Users\Ondra\Documents\PCSpeedUp
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp
Folder Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihecgifecjdmjjmkgnobfpladefgige
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\SysWOW64\nethtsrv.exe
File Deleted : C:\Windows\SysWOW64\netupdsrv.exe
File Deleted : C:\Windows\System32\drivers\nethfdrv.sys
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.golsearch.com_0.localstorage-journal
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : BitGuard
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : Oxy
Task Deleted : PC SpeedUp Service Deactivator
Task Deleted : PileFile logon
Task Deleted : PileFile reminder
Task Deleted : Windows Updater
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-1
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-11
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-2
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-4
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-5
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-5_user
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-6
Task Deleted : 010aae86-234a-482b-8ed2-17e286f2bce4-7
Task Deleted : 0864773b-cee5-4aba-a445-37192f97832a
Task Deleted : 1ce23471-b063-47c0-b9e9-1e097165ae0e
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-1
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-11
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-2
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-3
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-4
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-6
Task Deleted : 4c7d9f47-8186-4362-9bc8-2636ef05d9a7-7
Task Deleted : 59f45487-2a6b-4d4b-9794-785c25a397ec
Task Deleted : fce8c2d7-5c51-4c23-8076-a0d9f3f93126
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\flcjcajklmlbpmgckpcmnampagbhhmcp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mihecgifecjdmjjmkgnobfpladefgige
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\a53dfdde239bd13
Key Deleted : HKLM\SOFTWARE\a53dfdde239bd13
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061752.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0CFBE80D-5608-4309-A0F5-3B1414833432}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171192}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171152}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171192}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171152}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Speed Checker
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17054
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Google Chrome v36.0.1985.143
[ File : C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Homepage] : hxxp://isearch.babylon.com/?affID=119816&babsrc=HP_ss_bayi&mntrId=AE146894230BC30A
Deleted [Extension] : flcjcajklmlbpmgckpcmnampagbhhmcp
Deleted [Extension] : mihecgifecjdmjjmkgnobfpladefgige
*************************
AdwCleaner[R0].txt - [19064 octets] - [24/08/2014 15:33:41]
AdwCleaner[S0].txt - [18531 octets] - [24/08/2014 16:12:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18592 octets] ##########
Re: v prohlížeči mi vyskakuje stále nějaké okna
Jeste poprosim o Zoek
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
ten nic nedela
je tam uz dlouho napsane tohle:
Zoek.exe v5.0.0.0 Updated 24-08-2014
Tool run by Ondra on ne 24. 08. 2014 at 16:20:03,75.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ondra\Desktop\zoek\zoek.com [Scan all users] [Script inserted]
===== Runcheck 16:21:13,04 =====
--- Create Environment Variables 16:21:14,65
--- Create System Restore Point 16:21:23,12
--- Checking Input 16:21:51,85
--- Reset Hosts File 16:21:58,71
--- AU AppData Check 16:21:59,63
--- Remove From Windows Installer 16:22:04,32
je tam uz dlouho napsane tohle:
Zoek.exe v5.0.0.0 Updated 24-08-2014
Tool run by Ondra on ne 24. 08. 2014 at 16:20:03,75.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ondra\Desktop\zoek\zoek.com [Scan all users] [Script inserted]
===== Runcheck 16:21:13,04 =====
--- Create Environment Variables 16:21:14,65
--- Create System Restore Point 16:21:23,12
--- Checking Input 16:21:51,85
--- Reset Hosts File 16:21:58,71
--- AU AppData Check 16:21:59,63
--- Remove From Windows Installer 16:22:04,32
Re: v prohlížeči mi vyskakuje stále nějaké okna
Tak Zoek ukoncete Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbar
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.17054
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4169371648, free: 2094444544
Downloaded database version: v2014.08.24.04
Downloaded database version: v2014.08.21.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1970434722
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid dbfecebe-cb20-4924-aac-795ede98e3c
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1970434722
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid dbfecebe-cb20-4924-aac-795ede98e3c
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e004c7bb-f548-474c-b845-f1455a47527b
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 54000ce6-364b-4d93-b333-aa90dae193c
FirstLBA 2050048 Last LBA 2254847
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b1c1f752-162d-4d3f-a776-96a9d2234a9b
FirstLBA 2254848 Last LBA 2516991
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 8ae41054-9494-4287-b6e8-1b3553e68ade
FirstLBA 2516992 Last LBA 945588223
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c32b45e-8eb9-40f3-abb6-3bcfda5934f
FirstLBA 945588224 Last LBA 972572671
Attributes 1
Partition Name Basic data partition
Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 43d31352-29a2-49fe-9d92-8934b8de9524
FirstLBA 972572672 Last LBA 976760831
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Infected: C:\Windows\SysWOW64\dcgmnchwgq.exe --> [Trojan.BitMiner]
Infected: C:\Users\Ondra\AppData\Local\Temp\dgen.exe --> [Riskware.BitcoinMiner]
Infected: C:\Users\Ondra\AppData\Local\Temp\tmp4DA6\SUpdater.exe --> [Trojan.Downloader]
Infected: C:\Users\Ondra\AppData\Local\Temp\tmp5656\SUpdater.exe --> [Trojan.Downloader]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup.exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (1).exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (2).exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (3).exe --> [Adware.Linkular]
Infected: C:\Windows\Inf\msstp.vbe --> [Trojan.Agent.SCR]
Infected: C:\PROGRAM FILES (X86)\Drakensang Online Hack Updated [29.12.2013] --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\Drakensang Online Hack Updated [29.12.2013].rar --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\unins000.dat --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\unins000.exe --> [Trojan.Agent.CK]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CF7CA903-C14D-8663-2AC7-6F5C2ED3AB1D}_is1 --> [Trojan.Agent.CK]
Infected: C:\Windows\Inf\mnchnuqcw --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\diablo130302.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\diakgcn121016.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\libidn-11.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\librtmp.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\libssh2.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\phatk121016.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\poclbm130302.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\scrypt130511.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\bitstreams --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\bitstreams\fpgaminer_top_fixed7_197MHz.ncd --> [Trojan.Agent.BCM]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.17054
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4169371648, free: 2094444544
Downloaded database version: v2014.08.24.04
Downloaded database version: v2014.08.21.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A50E1C7D
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1970434722
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid dbfecebe-cb20-4924-aac-795ede98e3c
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1970434722
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid dbfecebe-cb20-4924-aac-795ede98e3c
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e004c7bb-f548-474c-b845-f1455a47527b
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 54000ce6-364b-4d93-b333-aa90dae193c
FirstLBA 2050048 Last LBA 2254847
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b1c1f752-162d-4d3f-a776-96a9d2234a9b
FirstLBA 2254848 Last LBA 2516991
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 8ae41054-9494-4287-b6e8-1b3553e68ade
FirstLBA 2516992 Last LBA 945588223
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c32b45e-8eb9-40f3-abb6-3bcfda5934f
FirstLBA 945588224 Last LBA 972572671
Attributes 1
Partition Name Basic data partition
Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 43d31352-29a2-49fe-9d92-8934b8de9524
FirstLBA 972572672 Last LBA 976760831
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Infected: C:\Windows\SysWOW64\dcgmnchwgq.exe --> [Trojan.BitMiner]
Infected: C:\Users\Ondra\AppData\Local\Temp\dgen.exe --> [Riskware.BitcoinMiner]
Infected: C:\Users\Ondra\AppData\Local\Temp\tmp4DA6\SUpdater.exe --> [Trojan.Downloader]
Infected: C:\Users\Ondra\AppData\Local\Temp\tmp5656\SUpdater.exe --> [Trojan.Downloader]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup.exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (1).exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (2).exe --> [Adware.Linkular]
Infected: C:\Users\Ondra\Downloads\VLCPlus_Setup (3).exe --> [Adware.Linkular]
Infected: C:\Windows\Inf\msstp.vbe --> [Trojan.Agent.SCR]
Infected: C:\PROGRAM FILES (X86)\Drakensang Online Hack Updated [29.12.2013] --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\Drakensang Online Hack Updated [29.12.2013].rar --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\unins000.dat --> [Trojan.Agent.CK]
Infected: C:\Program Files (x86)\Drakensang Online Hack Updated [29.12.2013]\unins000.exe --> [Trojan.Agent.CK]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CF7CA903-C14D-8663-2AC7-6F5C2ED3AB1D}_is1 --> [Trojan.Agent.CK]
Infected: C:\Windows\Inf\mnchnuqcw --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\diablo130302.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\diakgcn121016.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\libidn-11.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\librtmp.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\libssh2.dll --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\phatk121016.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\poclbm130302.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\scrypt130511.cl --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\bitstreams --> [Trojan.Agent.BCM]
Infected: C:\Windows\Inf\mnchnuqcw\bitstreams\fpgaminer_top_fixed7_197MHz.ncd --> [Trojan.Agent.BCM]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Re: v prohlížeči mi vyskakuje stále nějaké okna
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/24/2014 07:50:46 PM in x64 mode.
Windows Version: Windows 8
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
Program finished at: 08/24/2014 07:52:31 PM
Execution time: 0 hours(s), 1 minute(s), and 45 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/24/2014 07:50:46 PM in x64 mode.
Windows Version: Windows 8
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
Program finished at: 08/24/2014 07:52:31 PM
Execution time: 0 hours(s), 1 minute(s), and 45 seconds(s)
Re: v prohlížeči mi vyskakuje stále nějaké okna
ComboFix 14-08-24.01 - Ondra . 08. 2014 19:56:23.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.2208 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ondra\ia_remove.sh9682.tmp
c:\windows\IsUn0405.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-24 do 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 18:06 . 2014-08-24 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 16:54 . 2014-08-24 17:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-24 14:19 . 2014-08-24 14:19 -------- d-----w- C:\zoek_backup
2014-08-24 13:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-24 13:33 . 2014-08-24 14:12 -------- d-----w- C:\AdwCleaner
2014-08-24 08:54 . 2014-08-24 08:54 687 ----a-w- C:\awh215A.tmp
2014-08-24 08:53 . 2014-08-24 17:35 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 08:53 . 2014-08-24 16:52 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\programdata\Malwarebytes
2014-08-24 08:53 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-24 08:53 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- C:\rsit
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- c:\program files\trend micro
2014-08-24 07:38 . 2014-08-24 07:38 687 ----a-w- C:\awhC887.tmp
2014-08-24 07:37 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{802C147F-4186-4933-9ECC-6757CD5CFE3D}\mpengine.dll
2014-08-23 13:16 . 2014-08-23 13:16 687 ----a-w- C:\awh26F8.tmp
2014-08-23 13:15 . 2014-08-24 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-23 13:15 . 2014-08-24 08:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-23 11:28 . 2014-08-23 11:28 -------- d-----w- c:\program files (x86)\ESET
2014-08-16 17:58 . 2014-08-16 17:58 687 ----a-w- C:\awh9C18.tmp
2014-08-16 17:54 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-16 17:54 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-16 12:25 . 2014-08-16 12:27 -------- d-----w- c:\users\Ondra\AppData\Local\ElevatedDiagnostics
2014-08-15 20:04 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-15 19:58 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 19:58 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 05:34 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 05:34 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-15 05:34 . 2014-07-24 12:09 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-08-15 05:32 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-15 05:32 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-15 05:32 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-15 05:32 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-15 05:32 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-13 07:21 . 2014-08-13 07:21 687 ----a-w- C:\awh5A3A.tmp
2014-08-12 19:12 . 2014-08-24 11:16 -------- d-----w- c:\program files (x86)\HD-V1.9
2014-08-12 19:12 . 2014-08-12 19:12 -------- d-----w- c:\users\Ondra\AppData\Roaming\Seznam.cz
2014-08-12 19:11 . 2014-08-12 19:12 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-12 11:33 . 2014-08-12 11:33 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-07-28 10:25 . 2014-07-28 10:25 3060920 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2014-07-27 09:45 . 2014-07-27 09:45 5532368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:45 . 2014-07-27 09:45 5233848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:45 . 2014-07-27 09:45 26273464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 3633848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 09:41 . 2014-07-27 09:41 7501528 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:41 . 2014-07-27 09:41 7259328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:41 . 2014-07-27 09:41 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 09:41 . 2014-07-27 09:41 36681400 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 197328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-07-27 06:41 . 2014-07-27 06:41 -------- d-----w- c:\programdata\Bitstream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 20:16 . 2013-04-09 07:17 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 19:09 . 2014-06-18 19:09 346144 ----a-w- c:\windows\SysWow64\WindowsUpdateKB12695__4914_il70.exe
2014-06-17 23:27 . 2014-07-09 20:19 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 20:20 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-09 20:19 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 20:19 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 20:18 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 20:19 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 20:19 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 20:19 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 20:19 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 20:19 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-07-17 684064]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-29 334240]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"HP HD Webcam Driver_Monitor"="c:\program files (x86)\HP HD Webcam Driver\monitor.exe" [2012-07-26 303480]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-24 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"StartW8Button"="c:\program files (x86)\StartW8\bin\StartW8Button.exe" [2012-12-19 52224]
"mnchwgqSrv"="c:\windows\system32\mnchwgq.vbe" [2014-03-05 7670]
"mnchnuqcwSrv"="c:\windows\inf\mnchnuqcw.vbe" [2014-01-19 1342]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 20:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 StartW8Service;StartW8Service;c:\program files (x86)\StartW8\bin\StartW8Service.exe;c:\program files (x86)\StartW8\bin\StartW8Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 13:41 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08 22:11]
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-06 1425408]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.enhanced-search.com/?affID=119816&b ... 94230BC30A
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
mStart Page = hxxp://www.bing.com?pc=CMNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-MSStp - c:\windows\system32\msstp.vbe
AddRemove-FLVM Player - c:\program files (x86)\FLVM Player\FLVPlayerUninstaller.exe
AddRemove-GigaClicks Crawler - c:\users\Ondra\AppData\Local\GCC\uninstall.exe
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-08-24 20:19:32
ComboFix-quarantined-files.txt 2014-08-24 18:19
.
Před spuštěním: 271 148 974 080 bytes free
Po spuštění: 271 568 846 848 bytes free
.
- - End Of File - - D836F1D5F83C7DCED21A31D78807DF2B
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.2208 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ondra\ia_remove.sh9682.tmp
c:\windows\IsUn0405.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-24 do 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 18:06 . 2014-08-24 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 16:54 . 2014-08-24 17:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-24 14:19 . 2014-08-24 14:19 -------- d-----w- C:\zoek_backup
2014-08-24 13:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-24 13:33 . 2014-08-24 14:12 -------- d-----w- C:\AdwCleaner
2014-08-24 08:54 . 2014-08-24 08:54 687 ----a-w- C:\awh215A.tmp
2014-08-24 08:53 . 2014-08-24 17:35 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 08:53 . 2014-08-24 16:52 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\programdata\Malwarebytes
2014-08-24 08:53 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-24 08:53 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- C:\rsit
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- c:\program files\trend micro
2014-08-24 07:38 . 2014-08-24 07:38 687 ----a-w- C:\awhC887.tmp
2014-08-24 07:37 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{802C147F-4186-4933-9ECC-6757CD5CFE3D}\mpengine.dll
2014-08-23 13:16 . 2014-08-23 13:16 687 ----a-w- C:\awh26F8.tmp
2014-08-23 13:15 . 2014-08-24 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-23 13:15 . 2014-08-24 08:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-23 11:28 . 2014-08-23 11:28 -------- d-----w- c:\program files (x86)\ESET
2014-08-16 17:58 . 2014-08-16 17:58 687 ----a-w- C:\awh9C18.tmp
2014-08-16 17:54 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-16 17:54 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-16 12:25 . 2014-08-16 12:27 -------- d-----w- c:\users\Ondra\AppData\Local\ElevatedDiagnostics
2014-08-15 20:04 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-15 19:58 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 19:58 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 05:34 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 05:34 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-15 05:34 . 2014-07-24 12:09 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-08-15 05:32 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-15 05:32 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-15 05:32 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-15 05:32 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-15 05:32 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-13 07:21 . 2014-08-13 07:21 687 ----a-w- C:\awh5A3A.tmp
2014-08-12 19:12 . 2014-08-24 11:16 -------- d-----w- c:\program files (x86)\HD-V1.9
2014-08-12 19:12 . 2014-08-12 19:12 -------- d-----w- c:\users\Ondra\AppData\Roaming\Seznam.cz
2014-08-12 19:11 . 2014-08-12 19:12 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-12 11:33 . 2014-08-12 11:33 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-07-28 10:25 . 2014-07-28 10:25 3060920 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2014-07-27 09:45 . 2014-07-27 09:45 5532368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:45 . 2014-07-27 09:45 5233848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:45 . 2014-07-27 09:45 26273464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 3633848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 09:41 . 2014-07-27 09:41 7501528 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:41 . 2014-07-27 09:41 7259328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:41 . 2014-07-27 09:41 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 09:41 . 2014-07-27 09:41 36681400 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 197328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-07-27 06:41 . 2014-07-27 06:41 -------- d-----w- c:\programdata\Bitstream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 20:16 . 2013-04-09 07:17 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 19:09 . 2014-06-18 19:09 346144 ----a-w- c:\windows\SysWow64\WindowsUpdateKB12695__4914_il70.exe
2014-06-17 23:27 . 2014-07-09 20:19 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 20:20 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-09 20:19 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 20:19 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 20:18 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 20:19 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 20:19 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 20:19 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 20:19 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 20:19 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-07-17 684064]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-29 334240]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"HP HD Webcam Driver_Monitor"="c:\program files (x86)\HP HD Webcam Driver\monitor.exe" [2012-07-26 303480]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-24 491120]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"StartW8Button"="c:\program files (x86)\StartW8\bin\StartW8Button.exe" [2012-12-19 52224]
"mnchwgqSrv"="c:\windows\system32\mnchwgq.vbe" [2014-03-05 7670]
"mnchnuqcwSrv"="c:\windows\inf\mnchnuqcw.vbe" [2014-01-19 1342]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 20:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 StartW8Service;StartW8Service;c:\program files (x86)\StartW8\bin\StartW8Service.exe;c:\program files (x86)\StartW8\bin\StartW8Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 13:41 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08 22:11]
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-06 1425408]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.enhanced-search.com/?affID=119816&b ... 94230BC30A
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
mStart Page = hxxp://www.bing.com?pc=CMNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-MSStp - c:\windows\system32\msstp.vbe
AddRemove-FLVM Player - c:\program files (x86)\FLVM Player\FLVPlayerUninstaller.exe
AddRemove-GigaClicks Crawler - c:\users\Ondra\AppData\Local\GCC\uninstall.exe
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-08-24 20:19:32
ComboFix-quarantined-files.txt 2014-08-24 18:19
.
Před spuštěním: 271 148 974 080 bytes free
Po spuštění: 271 568 846 848 bytes free
.
- - End Of File - - D836F1D5F83C7DCED21A31D78807DF2B
Re: v prohlížeči mi vyskakuje stále nějaké okna
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files (x86)\HD-V1.9 c:\program files (x86)\Skype\Toolbars Collect:: c:\windows\system32\mnchwgq.vbe c:\windows\inf\mnchnuqcw.vbe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"=- "CLVirtualDrive"=- "RemoteControl10"=- "mnchwgqSrv"=- "mnchnuqcwSrv"=- Driver:: c2cautoupdatesvc c2cpnrsvc File:: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job DDS:: uStart Page = hxxp://www.enhanced-search.com/?affID=1 ... 94230BC30A mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS mStart Page = hxxp://www.bing.com?pc=CMNTDFJS RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] RegNull:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: v prohlížeči mi vyskakuje stále nějaké okna
ComboFix 14-08-24.01 - Ondra . 08. 2014 20:37:54.2.2 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.2344 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HD-V1.9
c:\program files (x86)\HD-V1.9\1293297481.mxaddon
c:\program files (x86)\HD-V1.9\1a8f1759-2cf9-4675-92e5-640cca9d7335.crx
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7.crx
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7.xpi
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7_.xpi
c:\program files (x86)\HD-V1.9\b7216704-c920-4c7a-8d6e-071e3bd5d191.crx
c:\program files (x86)\HD-V1.9\bgNova.html
c:\program files (x86)\HD-V1.9\d638262c-7acd-4f09-8222-71364042d272.dll
c:\program files (x86)\HD-V1.9\Interop.IWshRuntimeLibrary.dll
c:\program files (x86)\HD-V1.9\Newtonsoft.Json.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Common.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Core.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Protocol.dll
c:\program files (x86)\HD-V1.9\Uninstall.exe
c:\program files (x86)\HD-V1.9\utils.exe
c:\program files (x86)\HD-V1.9\WebSocket4Net.dll
c:\program files (x86)\Skype\Toolbars
c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
c:\program files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\Internet Explorer\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\windows\inf\mnchnuqcw.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-24 do 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 18:47 . 2014-08-24 18:50 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2014-08-24 18:47 . 2014-08-24 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 16:54 . 2014-08-24 18:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-24 14:19 . 2014-08-24 14:19 -------- d-----w- C:\zoek_backup
2014-08-24 13:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-24 13:33 . 2014-08-24 14:12 -------- d-----w- C:\AdwCleaner
2014-08-24 08:54 . 2014-08-24 08:54 687 ----a-w- C:\awh215A.tmp
2014-08-24 08:53 . 2014-08-24 18:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 08:53 . 2014-08-24 16:52 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\programdata\Malwarebytes
2014-08-24 08:53 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-24 08:53 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- C:\rsit
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- c:\program files\trend micro
2014-08-24 07:38 . 2014-08-24 07:38 687 ----a-w- C:\awhC887.tmp
2014-08-24 07:37 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{802C147F-4186-4933-9ECC-6757CD5CFE3D}\mpengine.dll
2014-08-23 13:16 . 2014-08-23 13:16 687 ----a-w- C:\awh26F8.tmp
2014-08-23 13:15 . 2014-08-24 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-23 13:15 . 2014-08-24 08:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-23 11:28 . 2014-08-23 11:28 -------- d-----w- c:\program files (x86)\ESET
2014-08-16 17:58 . 2014-08-16 17:58 687 ----a-w- C:\awh9C18.tmp
2014-08-16 17:54 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-16 17:54 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-16 12:25 . 2014-08-16 12:27 -------- d-----w- c:\users\Ondra\AppData\Local\ElevatedDiagnostics
2014-08-15 20:04 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-15 19:58 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 19:58 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 05:34 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 05:34 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-15 05:34 . 2014-07-24 12:09 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-08-15 05:32 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-15 05:32 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-15 05:32 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-15 05:32 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-15 05:32 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-13 07:21 . 2014-08-13 07:21 687 ----a-w- C:\awh5A3A.tmp
2014-08-12 19:12 . 2014-08-12 19:12 -------- d-----w- c:\users\Ondra\AppData\Roaming\Seznam.cz
2014-08-12 19:11 . 2014-08-12 19:12 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-12 11:33 . 2014-08-12 11:33 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-07-28 10:25 . 2014-07-28 10:25 3060920 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2014-07-27 09:45 . 2014-07-27 09:45 5532368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:45 . 2014-07-27 09:45 5233848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:45 . 2014-07-27 09:45 26273464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 3633848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 09:41 . 2014-07-27 09:41 7501528 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:41 . 2014-07-27 09:41 7259328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:41 . 2014-07-27 09:41 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 09:41 . 2014-07-27 09:41 36681400 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 197328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-07-27 06:41 . 2014-07-27 06:41 -------- d-----w- c:\programdata\Bitstream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 20:16 . 2013-04-09 07:17 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 19:09 . 2014-06-18 19:09 346144 ----a-w- c:\windows\SysWow64\WindowsUpdateKB12695__4914_il70.exe
2014-06-17 23:27 . 2014-07-09 20:19 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 20:20 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-09 20:19 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 20:19 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 20:18 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 20:19 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 20:19 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 20:19 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 20:19 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 20:19 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-07-17 684064]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-29 334240]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"HP HD Webcam Driver_Monitor"="c:\program files (x86)\HP HD Webcam Driver\monitor.exe" [2012-07-26 303480]
"StartW8Button"="c:\program files (x86)\StartW8\bin\StartW8Button.exe" [2012-12-19 52224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 20:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 StartW8Service;StartW8Service;c:\program files (x86)\StartW8\bin\StartW8Service.exe;c:\program files (x86)\StartW8\bin\StartW8Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 13:41 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-06 1425408]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
mStart Page = hxxp://www.bing.com?pc=CMNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-FLVM Player - c:\program files (x86)\FLVM Player\FLVPlayerUninstaller.exe
AddRemove-GigaClicks Crawler - c:\users\Ondra\AppData\Local\GCC\uninstall.exe
AddRemove-HD-V1.9 - c:\program files (x86)\HD-V1.9\Uninstall.exe
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-08-24 21:01:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-24 19:01
ComboFix2.txt 2014-08-24 18:19
.
Před spuštěním: 271 649 112 064 bytes free
Po spuštění: 270 917 931 008 bytes free
.
- - End Of File - - 8856DDDB32A6987AB527CCCEF3F11453
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.3976.2344 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HD-V1.9
c:\program files (x86)\HD-V1.9\1293297481.mxaddon
c:\program files (x86)\HD-V1.9\1a8f1759-2cf9-4675-92e5-640cca9d7335.crx
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7.crx
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7.xpi
c:\program files (x86)\HD-V1.9\4c7d9f47-8186-4362-9bc8-2636ef05d9a7_.xpi
c:\program files (x86)\HD-V1.9\b7216704-c920-4c7a-8d6e-071e3bd5d191.crx
c:\program files (x86)\HD-V1.9\bgNova.html
c:\program files (x86)\HD-V1.9\d638262c-7acd-4f09-8222-71364042d272.dll
c:\program files (x86)\HD-V1.9\Interop.IWshRuntimeLibrary.dll
c:\program files (x86)\HD-V1.9\Newtonsoft.Json.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Common.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Core.dll
c:\program files (x86)\HD-V1.9\SuperSocket.ClientEngine.Protocol.dll
c:\program files (x86)\HD-V1.9\Uninstall.exe
c:\program files (x86)\HD-V1.9\utils.exe
c:\program files (x86)\HD-V1.9\WebSocket4Net.dll
c:\program files (x86)\Skype\Toolbars
c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
c:\program files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\Internet Explorer\icon.ico
c:\program files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\windows\inf\mnchnuqcw.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-24 do 2014-08-24 )))))))))))))))))))))))))))))))
.
.
2014-08-24 18:47 . 2014-08-24 18:50 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2014-08-24 18:47 . 2014-08-24 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 16:54 . 2014-08-24 18:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-24 14:19 . 2014-08-24 14:19 -------- d-----w- C:\zoek_backup
2014-08-24 13:34 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-24 13:33 . 2014-08-24 14:12 -------- d-----w- C:\AdwCleaner
2014-08-24 08:54 . 2014-08-24 08:54 687 ----a-w- C:\awh215A.tmp
2014-08-24 08:53 . 2014-08-24 18:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-24 08:53 . 2014-08-24 16:52 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-24 08:53 . 2014-08-24 08:53 -------- d-----w- c:\programdata\Malwarebytes
2014-08-24 08:53 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-24 08:53 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- C:\rsit
2014-08-24 07:42 . 2014-08-24 07:42 -------- d-----w- c:\program files\trend micro
2014-08-24 07:38 . 2014-08-24 07:38 687 ----a-w- C:\awhC887.tmp
2014-08-24 07:37 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{802C147F-4186-4933-9ECC-6757CD5CFE3D}\mpengine.dll
2014-08-23 13:16 . 2014-08-23 13:16 687 ----a-w- C:\awh26F8.tmp
2014-08-23 13:15 . 2014-08-24 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-23 13:15 . 2014-08-24 08:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-23 11:28 . 2014-08-23 11:28 -------- d-----w- c:\program files (x86)\ESET
2014-08-16 17:58 . 2014-08-16 17:58 687 ----a-w- C:\awh9C18.tmp
2014-08-16 17:54 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-16 17:54 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-16 12:25 . 2014-08-16 12:27 -------- d-----w- c:\users\Ondra\AppData\Local\ElevatedDiagnostics
2014-08-15 20:04 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-08-15 19:58 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 19:58 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 05:34 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-15 05:34 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-15 05:34 . 2014-07-24 12:09 19279872 ----a-w- c:\windows\system32\mshtml.dll
2014-08-15 05:32 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-15 05:32 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-15 05:32 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-15 05:32 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-15 05:32 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-15 05:32 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-13 07:21 . 2014-08-13 07:21 687 ----a-w- C:\awh5A3A.tmp
2014-08-12 19:12 . 2014-08-12 19:12 -------- d-----w- c:\users\Ondra\AppData\Roaming\Seznam.cz
2014-08-12 19:11 . 2014-08-12 19:12 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-12 11:33 . 2014-08-12 11:33 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-07-28 10:25 . 2014-07-28 10:25 3060920 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2014-07-27 09:45 . 2014-07-27 09:45 5532368 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:45 . 2014-07-27 09:45 5233848 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:45 . 2014-07-27 09:45 26273464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 3633848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-07-27 09:41 . 2014-07-27 09:41 7501528 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-07-27 09:41 . 2014-07-27 09:41 7259328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-07-27 09:41 . 2014-07-27 09:41 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-07-27 09:41 . 2014-07-27 09:41 36681400 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-07-27 09:41 . 2014-07-27 09:41 197328 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2014-07-27 06:41 . 2014-07-27 06:41 -------- d-----w- c:\programdata\Bitstream
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 20:16 . 2013-04-09 07:17 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-18 19:09 . 2014-06-18 19:09 346144 ----a-w- c:\windows\SysWow64\WindowsUpdateKB12695__4914_il70.exe
2014-06-17 23:27 . 2014-07-09 20:19 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 20:20 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-09 20:19 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 20:19 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 20:18 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 20:19 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 20:19 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 20:19 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 20:19 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 20:19 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 09:45 1730256 ----a-w- c:\program files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-07-17 684064]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-29 334240]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-16 364032]
"HP HD Webcam Driver_Monitor"="c:\program files (x86)\HP HD Webcam Driver\monitor.exe" [2012-07-26 303480]
"StartW8Button"="c:\program files (x86)\StartW8\bin\StartW8Button.exe" [2012-12-19 52224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-08-01 20:56 75680 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNe64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwNe64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 StartW8Service;StartW8Service;c:\program files (x86)\StartW8\bin\StartW8Service.exe;c:\program files (x86)\StartW8\bin\StartW8Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys;c:\windows\SYSNATIVE\drivers\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SensorsServiceDriver;Služba Reflektor UMDF pro knihovnu SensorsServiceDriver;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\System32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 13:41 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-25 441152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-06 1425408]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
mStart Page = hxxp://www.bing.com?pc=CMNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-FLVM Player - c:\program files (x86)\FLVM Player\FLVPlayerUninstaller.exe
AddRemove-GigaClicks Crawler - c:\users\Ondra\AppData\Local\GCC\uninstall.exe
AddRemove-HD-V1.9 - c:\program files (x86)\HD-V1.9\Uninstall.exe
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-08-24 21:01:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-24 19:01
ComboFix2.txt 2014-08-24 18:19
.
Před spuštěním: 271 649 112 064 bytes free
Po spuštění: 270 917 931 008 bytes free
.
- - End Of File - - 8856DDDB32A6987AB527CCCEF3F11453
Re: v prohlížeči mi vyskakuje stále nějaké okna
Jak se chova PC???
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?