lookinglink Ads

Zpráva

boueskova · #1 Příspěvek od **boueskova** » 18 zář 2014 22:35

Dobrý den, pravděpodobně mám v NB virus /pokud se nejedná o vir na routeru??/ NB se strašně zpomalil, stále mi vyhazuje okna s reklamami - po bocích s textem lookinglink Ads - objevují se ve spodní třetině stránky. Antivir mi však nezjistil vir žádný, ale velmi často mi nyní naskakují hlášky od Avastu - URL:Mal - z adresy: iphone5. Chtěla jsem sem dát log dle Vaší instrukce, ale i při této činnosti miAvast nahlásil tuto hlášku - proto se raději ptám, zda můžu log dát ? děkuji moc

#2 Příspěvek od **Márty84** » 19 zář 2014 01:55

Zdravim

boueskova píše:proto se raději ptám, zda můžu log dát ?

Jasne, hodte ho sem. Kdyby to Avast nechtel dovolit, na chvilku ho vypnete.

boueskova · #3 Příspěvek od **boueskova** » 19 zář 2014 20:18

Dobrý večer, díky - tak tady zasílám:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Lenovo at 2014-09-19 21:07:43
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 240 GB (50%) free of 477 GB
Total RAM: 3892 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:53, on 19.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\lookinglink\bin\lookinglink.BrowserAdapter.exe
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Program Files\trend micro\Lenovo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: lookinglink - {84dfb3ca-9212-4fba-bf3a-a66c4a02a48f} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SMART Floating Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
O4 - HKLM\..\Run: [SMART Tray Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe"
O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
O4 - HKLM\..\Run: [sbsdk-server] "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
O4 - HKLM\..\Run: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update lookinglink - Unknown owner - C:\Program Files (x86)\lookinglink\updatelookinglink.exe
O23 - Service: Util lookinglink - Unknown owner - C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11392 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\lookinglink\updatelookinglink.exe"
"C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-130f8794-6c76-4cf8-9669-9225e164d1d3 -SystemEventPortName:HostProcess-dcf806b9-f9c0-4008-b520-beb2ed058bd0 -IoCancelEventPortName:HostProcess-00eccfd0-3977-4cac-91ab-36e6cbfaab21 -NonStateChangingEventPortName:HostProcess-f633b301-171f-4437-b404-5bf9997fea82 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:118231ab-d87f-42ae-ba3a-458ec7e495c8 -DeviceGroupId:
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\lookinglink\bin\lookinglink.PurBrowse64.exe" /l false /s false /c "lookinglink" /t "C:\Program Files (x86)\lookinglink\bin\TEMP" /i "http://apilookinglinkin-a.akamaihd.net/ ... 0000000000" /d {7f6d153f-9819-4c98-96fb-5c6aa213f0ea}w64 /p ce2d7832-c7a0-4905-8e9b-c8d550c38f4e:firefox /p 3c889e49-8842-4ec0-b26a-bca9b0f77dec:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 3 "C:\Program Files (x86)\lookinglink\bin\bau" true
\??\C:\Windows\system32\conhost.exe "-10331938-2419801781444726844-109655526-1160845300-958534473-510309484708487154
/i 3c889e49-8842-4ec0-b26a-bca9b0f77dec /f ce2d7832-c7a0-4905-8e9b-c8d550c38f4e /z "n=lookinglink&is=cbslugp10&dpt=20"
/i 3c889e49-8842-4ec0-b26a-bca9b0f77dec /f ce2d7832-c7a0-4905-8e9b-c8d550c38f4e /z "n=lookinglink&is=cbslugp10&dpt=20"
"C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe"
"C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
"C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
"C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe" "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\sbsdk-server.js"
\??\C:\Windows\system32\conhost.exe "-103044780817917745051921560471-18696732851289648758-1051462332-18261839221066348561
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3816.19c8ee10.920335815 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3816 "\\.\pipe\gecko-crash-server-pipe.3816" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe" --proxy-stub-channel=Flash5984.636A0D80.11656 --host-broker-channel=Flash5984.636A0D80.31225 --host-pid=5984 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe" --channel=6024.0028F5C0.404984337 --proxy-stub-channel=Flash5984.636A0D80.11656 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll" --host-npapi-version=27 --type=renderer
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Lenovo\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default

prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\searchplugins\
ask-search.xml
askcom.xml
bingp.xml
dsrlte.xml
yahoo.xml
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-25 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-07 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-25 211368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-11-27 375600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-07 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-31 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-31 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-31 417560]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2013-10-28 384296]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-15 307768]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2013-05-29 60920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-10-14 2392872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-07-30 467680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
C:\Program Files (x86)\Gameforge4D\4Story_CZ\PrePatch.exe [2013-02-19 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Lenovo\AppData\Roaming\Seznam.cz\szninstall.exe -c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Lenovo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtection]
C:\Users\Lenovo\AppData\Roaming\Search Protection\SearchProtection.EXE [2014-06-18 847208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMARTNotification]
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [2014-02-12 204592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItupFree]
C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2014-08-28 1939136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\385C9A~1.150\SSSCHE~1.EXE [2014-04-09 332016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk]
C:\PROGRA~2\SIMPLI~1\SIMPLI~1\SIMPLI~1.EXE [2012-10-22 2936168]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-05-03 111928]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-07 4085896]
""= []
"SMART Floating Tools"=C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [2013-11-20 9024304]
"SMART Tray Tools"=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [2014-02-12 744752]
"SMART Board Service"=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2014-02-12 1933616]
"sbsdk-server"=C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [2013-08-22 62768]
"SMART Ink"=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [2013-10-31 147248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-09-19 21:07:44 ----D---- C:\Program Files\trend micro
2014-09-19 21:07:43 ----D---- C:\rsit
2014-09-18 17:17:34 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-09-18 17:17:34 ----A---- C:\Windows\system32\ieui.dll
2014-09-18 17:17:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-09-18 17:17:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-09-18 17:17:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\jscript9diag.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\ieUnatt.exe
2014-09-18 17:17:32 ----A---- C:\Windows\system32\iernonce.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\dxtrans.dll
2014-09-18 17:17:32 ----A---- C:\Windows\system32\dxtmsft.dll
2014-09-18 17:17:31 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-09-18 17:17:31 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-09-18 17:17:31 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-09-18 17:17:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-09-18 17:17:31 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-09-18 17:17:31 ----A---- C:\Windows\system32\vbscript.dll
2014-09-18 17:17:31 ----A---- C:\Windows\system32\msrating.dll
2014-09-18 17:17:31 ----A---- C:\Windows\system32\mshtmled.dll
2014-09-18 17:17:31 ----A---- C:\Windows\system32\jsproxy.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-09-18 17:17:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-09-18 17:17:30 ----A---- C:\Windows\system32\msfeeds.dll
2014-09-18 17:17:30 ----A---- C:\Windows\system32\iesetup.dll
2014-09-18 17:17:30 ----A---- C:\Windows\system32\iedkcs32.dll
2014-09-18 17:17:30 ----A---- C:\Windows\system32\ie4uinit.exe
2014-09-18 17:17:29 ----A---- C:\Windows\system32\mshtml.dll
2014-09-18 17:17:28 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-09-18 17:17:28 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-09-18 17:17:28 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-09-18 17:17:28 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 17:17:28 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-09-18 17:17:28 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-09-18 17:17:28 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-09-18 17:17:28 ----A---- C:\Windows\system32\ieapfltr.dll
2014-09-18 17:17:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-09-18 17:17:26 ----A---- C:\Windows\system32\wininet.dll
2014-09-18 17:17:26 ----A---- C:\Windows\system32\iertutil.dll
2014-09-18 17:17:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-09-18 17:17:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-09-18 17:17:25 ----A---- C:\Windows\system32\jscript9.dll
2014-09-18 17:17:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-09-18 17:17:24 ----A---- C:\Windows\system32\urlmon.dll
2014-09-18 17:17:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-09-18 17:17:22 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-09-18 17:17:22 ----A---- C:\Windows\system32\ieframe.dll
2014-09-18 15:59:13 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-09-18 15:59:13 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-09-18 07:45:01 ----A---- C:\Windows\system32\drivers\{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}w64.sys
2014-09-18 01:15:21 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-09-18 01:15:21 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-09-18 01:15:01 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-09-18 01:15:01 ----A---- C:\Windows\system32\d3d10warp.dll
2014-09-18 01:14:32 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-09-18 01:14:32 ----A---- C:\Windows\system32\lsasrv.dll
2014-09-18 01:14:32 ----A---- C:\Windows\system32\kerberos.dll
2014-09-18 01:14:31 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-09-18 01:14:31 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-09-18 01:12:34 ----A---- C:\Windows\system32\aepdu.dll
2014-09-18 01:12:33 ----A---- C:\Windows\system32\aeinv.dll
2014-09-18 00:54:53 ----D---- C:\ProgramData\AskPartnerNetwork
2014-09-15 15:02:24 ----D---- C:\Users\Lenovo\AppData\Roaming\Publish Providers
2014-09-15 15:02:13 ----AD---- C:\ProgramData\TEMP
2014-09-15 14:54:06 ----D---- C:\ProgramData\Pinnacle VideoSpin
2014-09-15 14:54:06 ----D---- C:\Program Files (x86)\Pinnacle
2014-09-15 14:51:45 ----D---- C:\ProgramData\Pinnacle
2014-09-15 14:35:03 ----D---- C:\Program Files (x86)\Shotcut
2014-09-15 14:19:35 ----D---- C:\Program Files (x86)\Vstplugins
2014-09-15 14:14:07 ----D---- C:\Program Files (x86)\Sony Setup
2014-09-15 13:51:45 ----D---- C:\Users\Lenovo\AppData\Roaming\Audacity
2014-09-15 13:51:31 ----D---- C:\Program Files (x86)\Audacity
2014-09-13 21:29:04 ----D---- C:\Fraps
2014-09-13 08:38:14 ----D---- C:\Program Files (x86)\Dxtory Software
2014-09-10 20:20:03 ----D---- C:\ProgramData\Package Cache
2014-08-28 07:32:21 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 07:32:20 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-28 07:32:20 ----A---- C:\Windows\system32\gdi32.dll
2014-08-25 11:15:16 ----D---- C:\Users\Lenovo\AppData\Roaming\Sony
2014-08-25 11:15:16 ----D---- C:\Program Files (x86)\Sony Media Go Install

======List of files/folders modified in the last 1 month======

2014-09-19 21:07:49 ----D---- C:\Windows\Temp
2014-09-19 21:07:44 ----D---- C:\Program Files
2014-09-19 20:08:37 ----A---- C:\Windows\SYSWOW64\log.txt
2014-09-19 20:07:20 ----A---- C:\Windows\win.ini
2014-09-19 20:00:45 ----D---- C:\Windows\system32\config
2014-09-19 12:01:09 ----D---- C:\Windows
2014-09-19 09:48:37 ----D---- C:\Windows\Microsoft.NET
2014-09-19 09:47:14 ----RSD---- C:\Windows\assembly
2014-09-18 22:33:51 ----SHD---- C:\System Volume Information
2014-09-18 22:29:27 ----D---- C:\Windows\system32\catroot2
2014-09-18 22:13:05 ----D---- C:\Windows\System32
2014-09-18 22:13:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-18 22:13:04 ----D---- C:\Windows\inf
2014-09-18 20:20:10 ----D---- C:\Windows\system32\drivers
2014-09-18 20:20:09 ----D---- C:\Windows\system32\catroot
2014-09-18 20:20:08 ----D---- C:\Windows\system32\DriverStore
2014-09-18 20:02:04 ----RD---- C:\Program Files (x86)
2014-09-18 19:59:37 ----D---- C:\Program Files (x86)\lookinglink
2014-09-18 18:33:07 ----D---- C:\Windows\system32\Tasks
2014-09-18 18:33:07 ----D---- C:\Program Files (x86)\Google
2014-09-18 18:33:05 ----SHD---- C:\Windows\Installer
2014-09-18 18:33:05 ----D---- C:\Windows\Tasks
2014-09-18 17:33:35 ----D---- C:\Windows\winsxs
2014-09-18 17:31:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-09-18 17:31:13 ----D---- C:\Windows\SysWOW64
2014-09-18 17:31:13 ----D---- C:\Windows\system32\cs-CZ
2014-09-18 17:31:13 ----D---- C:\Program Files\Internet Explorer
2014-09-18 17:31:12 ----D---- C:\Windows\SYSWOW64\en-US
2014-09-18 17:31:12 ----D---- C:\Windows\system32\en-US
2014-09-18 17:31:10 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-18 17:16:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-09-18 17:15:00 ----D---- C:\Windows\system32\MRT
2014-09-18 17:12:48 ----D---- C:\Windows\debug
2014-09-18 17:12:46 ----A---- C:\Windows\system32\MRT.exe
2014-09-18 15:59:00 ----SD---- C:\Windows\system32\CompatTel
2014-09-18 14:10:10 ----D---- C:\Users\Lenovo\AppData\Roaming\Skype
2014-09-18 01:45:57 ----D---- C:\totalcmd
2014-09-18 01:45:57 ----D---- C:\Program Files (x86)\WinRAR
2014-09-18 01:45:57 ----D---- C:\Program Files (x86)\IrfanView
2014-09-18 01:45:57 ----D---- C:\Program Files (x86)\DownLite
2014-09-18 01:45:49 ----D---- C:\Program Files (x86)\VNT
2014-09-18 00:54:53 ----HD---- C:\ProgramData
2014-09-18 00:51:28 ----D---- C:\Windows\system32\wbem
2014-09-18 00:50:31 ----D---- C:\Windows\SYSWOW64\wbem
2014-09-18 00:50:31 ----D---- C:\Windows\system32\wfp
2014-09-18 00:50:31 ----D---- C:\Windows\PolicyDefinitions
2014-09-18 00:50:29 ----D---- C:\Windows\system32\NDF
2014-09-18 00:50:29 ----D---- C:\Windows\schemas
2014-09-18 00:50:00 ----D---- C:\Windows\AppCompat
2014-09-18 00:49:57 ----D---- C:\Users\Lenovo\AppData\Roaming\SMART Technologies
2014-09-18 00:49:56 ----D---- C:\Users\Lenovo\AppData\Roaming\IrfanView
2014-09-18 00:49:56 ----D---- C:\Users\Lenovo\AppData\Roaming\GHISLER
2014-09-18 00:49:53 ----D---- C:\ProgramData\Skype
2014-09-18 00:49:53 ----D---- C:\ProgramData\McAfee Security Scan
2014-09-18 00:49:53 ----D---- C:\ProgramData\FLEXnet
2014-09-18 00:49:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-09-18 00:49:51 ----RD---- C:\Program Files (x86)\Skype
2014-09-18 00:49:51 ----D---- C:\Program Files (x86)\Steam
2014-09-18 00:49:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 00:49:51 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-18 00:49:50 ----D---- C:\Program Files (x86)\Common Files
2014-09-18 00:48:21 ----D---- C:\Windows\registration
2014-09-18 00:44:44 ----D---- C:\Users\Lenovo\AppData\Roaming\.minecraft
2014-09-18 00:44:24 ----D---- C:\ProgramData\Sony
2014-09-18 00:44:20 ----D---- C:\ProgramData\Battle.net
2014-09-18 00:43:40 ----D---- C:\Counter-Strike 1.6
2014-09-15 19:10:57 ----D---- C:\Windows\Prefetch
2014-09-01 18:30:25 ----D---- C:\ProgramData\NCH Software
2014-08-27 13:50:12 ----D---- C:\ProgramData\Lenovo
2014-08-26 19:44:30 ----D---- C:\Users\Lenovo\AppData\Roaming\NCH Software
2014-08-25 17:17:50 ----D---- C:\Program Files (x86)\NCH Software
2014-08-25 06:53:42 ----N---- C:\Windows\system32\MpSigStub.exe
2014-08-22 15:52:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-07 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-07 224896]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2013-08-06 152832]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2013-08-06 28928]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-07 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-07 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-07 427360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-07 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-07 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-07 92008]
R2 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-05-23 167040]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-04-09 54824]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 98344]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-15 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 21288]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-08-25 682624]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-02-19 57848]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2013-09-05 54528]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SMARTMouseFilterx64;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2014-02-12 10240]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2014-02-12 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-10-14 1395760]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-08-07 44640]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2014-02-12 22184]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-07 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-01-24 915232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2013-09-05 66344]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2013-05-29 44024]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-05-29 62456]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-05-03 325432]
R2 SMARTHelperService;SMART Helper Service; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2014-02-12 538416]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-05-03 2497848]
R2 Update lookinglink;Update lookinglink; C:\Program Files (x86)\lookinglink\updatelookinglink.exe [2014-09-19 325408]
R2 Util lookinglink;Util lookinglink; C:\Program Files (x86)\lookinglink\bin\utillookinglink.exe [2014-09-19 325408]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2014-03-03 1074480]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-07-31 119408]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-28 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2014-02-21 24120]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2013-08-06 47400]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-21 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#4 Příspěvek od **Márty84** » 19 zář 2014 21:12

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

boueskova · #5 Příspěvek od **boueskova** » 19 zář 2014 22:09

Dobrý večer, děkuji za rychlou odpověď, provedla jsem dle instrukcí a tady je log:

# AdwCleaner v3.310 - Report created 19/09/2014 at 23:04:08
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lenovo - LENOVO-PC
# Running from : C:\Users\Lenovo\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update lookinglink
[#] Service Deleted : Util lookinglink
Service Deleted : {7f6d153f-9819-4c98-96fb-5c6aa213f0ea}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\simplitec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Folder Deleted : C:\Program Files (x86)\DownLite
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\simplitec
Folder Deleted : C:\Program Files (x86)\SpeedItup Free
Folder Deleted : C:\Program Files (x86)\VNT
[!] Folder Deleted : C:\Program Files (x86)\lookinglink
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Guest\AppData\Local\VNT
Folder Deleted : C:\Users\Guest\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Lenovo\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Lenovo\AppData\Local\VNT
Folder Deleted : C:\Users\Lenovo\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lenovo\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Lenovo\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Lenovo\AppData\Roaming\simplitec
Folder Deleted : C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Windows\System32\drivers\{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}w64.sys
File Deleted : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\searchplugins\bingp.xml
File Deleted : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatelookinglink_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatelookinglink_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utillookinglink_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utillookinglink_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update lookinglink
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util lookinglink
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB317E41-9AA7-487A-8060-B81657E8D68A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB317E41-9AA7-487A-8060-B81657E8D68A}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\lookinglink
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\simplitec
Key Deleted : HKLM\SOFTWARE\lookinglink
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.SGT-V7.DataStore.toolbar", "{\"BLACKLIST_SUBDOMAINS_OF\":[\"join.me\",\"Bing.com\",\"Hotmail.com\",\"Live.com\",\"ebay.com\",\"bing.com\",\"yahoo.com\",\"cnn.com\",\"live.com\",\[...]
Line Deleted : user_pref("extensions.SGT-V7.domain", "\"www.search.ask.com\"");
Line Deleted : user_pref("extensions.SGT-V7.hpr_cr", "\"hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11 ... _dbr=ff_28[...]
Line Deleted : user_pref("extensions.SGT-V7.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11 ... _dbr=ff_28[...]
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("extensions.toolbar_SGT-V7@apn.ask.com.install-event-fired", true);

-\\ Google Chrome v

[ File : C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=MGX&o=15355&locale=en_EU&apn_uid=&apn_ptnrs=%5EJP&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5ECZ&psv=&q={searchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=SGT-V7&o=AP ... earchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=SGT-V7&o=AP ... earchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

*************************

AdwCleaner[R0].txt - [13264 octets] - [19/09/2014 23:02:23]
AdwCleaner[S0].txt - [12797 octets] - [19/09/2014 23:04:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12858 octets] ##########

#6 Příspěvek od **Márty84** » 20 zář 2014 06:03

Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu

Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu

Probehne vytvoreni zalohy a nasledne prohledavani

Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

boueskova · #7 Příspěvek od **boueskova** » 20 zář 2014 08:20

Dobrý den, pokud jsem správně pochopila - mám zvolit oba programy ? Díky za info - tady je log JRT, dát tedy i druhý program ?

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Professional x64
Ran by Lenovo on so 20.09.2014 at 8:58:22,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askToolbarInstaller-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askToolbarInstaller-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CCCAE29-8BD0-411E-817A-6BBB8D103E82}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ FireFox

Emptied folder: C:\Users\Lenovo\AppData\Roaming\mozilla\firefox\profiles\dys4y9ba.default\minidumps [429 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 20.09.2014 at 9:17:01,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

boueskova · #8 Příspěvek od **boueskova** » 20 zář 2014 08:42

Zoek - bohužel mi nejde podle Vašich rad - píše mi není platná aplikace typu Win32

boueskova · #9 Příspěvek od **boueskova** » 20 zář 2014 09:22

tak se mi přece jen podařilo i zoek rozjet, ale už 2x se mi staqlo, že ve stejném okamžiku při kontrole tímto programem systém uplně spadne, nejde o restart NB se vypne

boueskova · #10 Příspěvek od **boueskova** » 21 zář 2014 15:09

Zoek.exe v5.0.0.0 Updated 20-September-2014
Tool run by Lenovo on ne 21.09.2014 at 15:46:50,25.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lenovo\Desktop\zoek.exe [Scan current user] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-20-074645.log 1309 bytes
C:\zoek-results2014-09-20-075923.log 1276 bytes
C:\zoek-results2014-09-20-124717.log 7947 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.yahoo.com/search?fr=green ... =501549&p=");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.yahoo.com/search?fr=green ... =501549&p=\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.yahoo.com/search?fr=green ... =501549&p=");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.yahoo.com/search?fr=green ... =501549&p=\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

#11 Příspěvek od **Márty84** » 22 zář 2014 13:15

Te log ze ZOEK neni cely. Zkuste ho najit a zkopirovat ho cely. Jestli tam nic vic neni, dejte novy log z RSIT

boueskova · #12 Příspěvek od **boueskova** » 22 zář 2014 17:07

Zoek.exe v5.0.0.0 Updated 20-September-2014
Tool run by Lenovo on ne 21.09.2014 at 15:46:50,25.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lenovo\Desktop\zoek.exe [Scan current user] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-20-074645.log 1309 bytes
C:\zoek-results2014-09-20-075923.log 1276 bytes
C:\zoek-results2014-09-20-124717.log 7947 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.yahoo.com/search?fr=green ... =501549&p=");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.yahoo.com/search?fr=green ... =501549&p=\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.yahoo.com/search?fr=green ... =501549&p=");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.yahoo.com/search?fr=green ... =501549&p=\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [18.09.2014 00:56]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
65C1D9F74004E775F9A8598476ABE5EE - C:\Users\Lenovo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaailpifkkekipiachodfkfmgmiapmp - C:\ProgramData\AskPartnerNetwork\Toolbar\SGT-V7\CRX\ToolbarCR.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.08.2014 11:28]

Seznam Li\u0161ti\u010Dka - Email - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Li\u0161ti\u010Dka - Slovn\u00EDk - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
avast Online Security - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Seznam Lištička - Rychlá volba - Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaailpifkkekipiachodfkfmgmiapmp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaailpifkkekipiachodfkfmgmiapmp deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtection deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItupFree deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ027K09 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=188 folders=55 7064895 bytes)

==== Empty Temp Folders ======================

C:\Users\Lenovo\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Lenovo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ027K09" not found

==== EOF on ne 21.09.2014 at 16:01:15,17 ======================

#13 Příspěvek od **Márty84** » 22 zář 2014 17:28

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

boueskova · #14 Příspěvek od **boueskova** » 22 zář 2014 21:14

Díky moc za dosavadní pomoc - sice děsná doba než to NB přelouskal, ale vypadá to na pěknou havěť, po přečtení se vůbec divím, že ještě vůbec NB funguje

zasílám log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 22.9.2014
Čas skenování: 19:47:21
Protokol: Malwarebytes Anti-malware-log.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.09.22.06
Databáze rootkitů: v2014.09.19.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lenovo

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 556689
Uplynulý čas: 2 hod, 20 min, 2 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 0
(No malicious items detected)

Soubory: 22
Backdoor.Bot, C:\Users\Lenovo\Desktop\minecraft\Minecraft 1.7.2 by TeamExtremeMc.com\Minecraft-1.7.4 (1) (1).rar, , [58566d83d7a4fc3a46ed4704718f31cf],
Backdoor.Bot, C:\Users\Lenovo\Downloads\Minecraft-1.7.4.rar, , [129c8e6290eb2d09f93a9bb0916f0bf5],
PUP.Optional.Spigot.A, C:\Users\Lenovo\Downloads\YTDSetup.exe, , [fbb3826e7dfe9d99dfd94ed828d8aa56],
PUP.Optional.Amonetize, C:\Users\Lenovo\Downloads\Rychle A Zbesile 5.rar__3516_i374994465_il1761259.exe, , [d7d704ec2358c571e22cfd38907010f0],
Backdoor.Bot, C:\Users\Lenovo\Downloads\Minecraft-1.7.4 (1) (1).rar, , [2985777977044cead55ebe8d2fd1e020],
Backdoor.Bot, C:\Users\Lenovo\Downloads\Minecraft-1.7.4 (1).rar, , [04aa16da8cef82b4f142f85310f09a66],
PUP.Optional.Softonic.A, C:\Users\Lenovo\Downloads\SoftonicDownloader_for_fifa-12.exe, , [cce2638d1764eb4b13ff4ee37889d12f],
PUP.Optional.OptimumInstaller.A, C:\Users\Lenovo\Downloads\StartDownload(1).exe, , [d1dda24ebcbfa195c7e3302ecf3249b7],
PUP.Optional.OptimumInstaller.A, C:\Users\Lenovo\Downloads\StartDownload.exe, , [426c39b7502b3afc109a77e77e8315eb],
PUP.Optional.Lookinglink.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\updatelookinglink.exe.vir, , [ecc2757baecdf343438168fa768bb24e],
PUP.Optional.Lookinglink.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\utillookinglink.exe.vir, , [6f3f01eff08bd06616ae5e04ca37847c],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.Bromon.dll.vir, , [f8b6638d592286b0bd9d209c19e86799],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.BroStats.dll.vir, , [03abb23e6d0e112594c7f6c606fbd22e],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.BrowserAdapter.dll.vir, , [01adc12f196281b5e0ded6eb3ac7758b],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.CompatibilityChecker.dll.vir, , [822cca26a2d972c4134611abbe439b65],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.FFUpdate.dll.vir, , [a9058d63daa124123b1d7f3dce3328d8],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.IEUpdate.dll.vir, , [4f5f8769bdbe7cba64f3e7d54db41ee2],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.OfSvc.dll.vir, , [9717cb256f0c42f43fe5e8bb0bf69967],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\lookinglink\bin\plugins\lookinglink.PurBrowse.dll.vir, , [f0be7d732655e45298e72363cb3657a9],
PUP.Optional.Spigot, C:\AdwCleaner\Quarantine\C\Users\Lenovo\AppData\Roaming\Search Protection\SearchProtection.exe.vir, , [0ca21fd183f812240bbd664546bb36ca],
PUP.Optional.Spigot, C:\AdwCleaner\Quarantine\C\Users\Lenovo\AppData\Roaming\Search Protection\Uninstall.exe.vir, , [dad400f03e3d44f200c66249aa571ee2],
PUP.Optional.Dsrlte.A, C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\dys4y9ba.default\searchplugins\dsrlte.xml, , [8e20aa468af1f54128fded8a7f854fb1],

Fyzické sektory: 0
(No malicious items detected)

(end)

#15 Příspěvek od **Márty84** » 23 zář 2014 09:37

Vsechny nalezy hodte do karanteny. Pak restartujte pc a udelejte novy test, at vime, jestli se to nevraci. Napiste vysledek a podle toho zvolim dalsi postup.

VIRY.CZ

lookinglink Ads

lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads

Re: lookinglink Ads