Prosím, o kontrolu logu. Byl indokován malware minred.exe ( SpyHunter ). Odstraněn, ale obám se, zda tam něco nenapáchal. Děkuji.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Bruja at 2014-10-26 18:51:46
Microsoft Windows 8.1 Pro
System drive C: has 128 GB (54%) free of 238 GB
Total RAM: 8155 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:51:48, on 26. 10. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Bruja.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Windows\game.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10850 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
atieclxx
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
dashost.exe {df5c46c1-98e6-486a-9bac7981d5ace1b4}
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"F:\Nero\Nero MediaHome 4\NMMediaServerService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
taskhostex.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\PixArt\Pac7302\Monitor.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2976.0.1118692603\2039761950" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17 --gpu-vendor-id=0x1002 --gpu-device-id=0x683d --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2976.2.1869462711\792359276" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2976.7.2036519284\743233936" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2976.19.707792153\270455990" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PasswordManagerUI/Bubble/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2976.20.971750169\1468090491" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PasswordManagerUI/Bubble/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_28/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="2976.42.464965203\995749805" /prefetch:673131151
"C:\totalcmd\TOTALCMD64.EXE"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Users\Bruja\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-19 612248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-19 457712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 123400]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-07 2114376]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"=F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-12-20 5179880]
"Plex Media Server"=C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2013-12-18 4277384]
"f.lux"=C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-23 1017224]
"Windows"=C:\Users\Public\Windows\game.vbs [2014-06-30 77]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-08 4085896]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"Nero MediaHome 4"=F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [2012-12-20 5179880]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-12-06 766208]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=F:\Quicktime\QTTask.exe [2014-01-17 421888]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-08-19 448856]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-10-24 15:55:42 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2014-10-24 15:55:31 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 15:55:31 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2014-10-24 15:55:31 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-10-24 15:55:31 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-10-24 12:46:31 ----ASH---- C:\hiberfil.sys
2014-10-24 12:24:24 ----D---- C:\rsit
2014-10-24 12:24:24 ----D---- C:\Program Files\trend micro
2014-10-24 09:41:08 ----A---- C:\WINDOWS\SYSWOW64\sh4native.exe
2014-10-23 22:43:43 ----D---- C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-23 21:35:03 ----D---- C:\Program Files (x86)\Enigma Software Group
2014-10-23 21:10:59 ----D---- C:\sh4ldr
2014-10-23 21:10:46 ----A---- C:\WINDOWS\system32\drivers\EsgScanner.sys
2014-10-23 20:45:07 ----D---- C:\Program Files (x86)\Trend Micro
2014-10-23 19:18:46 ----D---- C:\ProgramData\Max Secure
2014-10-23 18:44:47 ----D---- C:\Users\Bruja\AppData\Roaming\GetRightToGo
2014-10-23 17:18:13 ----A---- C:\autoexec.bat
2014-10-23 17:17:29 ----D---- C:\Program Files\Enigma Software Group
2014-10-23 17:17:11 ----D---- C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-17 16:38:57 ----D---- C:\Program Files (x86)\SpeedFan
2014-10-16 14:53:17 ----D---- C:\Program Files (x86)\Sony Mobile
2014-10-16 14:53:16 ----D---- C:\ProgramData\Sony Mobile
2014-09-30 20:01:26 ----D---- C:\Users\Bruja\AppData\Roaming\DivX
2014-09-30 20:01:25 ----D---- C:\Program Files\DivX
2014-09-30 20:00:49 ----D---- C:\Program Files (x86)\DivX
2014-09-30 20:00:20 ----D---- C:\ProgramData\DivX
2014-09-30 18:12:03 ----D---- C:\Users\Bruja\AppData\Roaming\FlvPlayer
======List of files/folders modified in the last 1 month======
2014-10-26 18:43:38 ----D---- C:\WINDOWS\Temp
2014-10-26 18:18:51 ----RD---- C:\WINDOWS\System32
2014-10-26 18:18:51 ----D---- C:\WINDOWS\Inf
2014-10-26 18:18:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-24 18:00:00 ----D---- C:\WINDOWS\system32\sru
2014-10-24 16:20:05 ----RD---- C:\Program Files (x86)
2014-10-24 16:20:01 ----D---- C:\WINDOWS\system32\drivers
2014-10-24 16:20:01 ----D---- C:\WINDOWS\Camera
2014-10-24 16:19:15 ----HD---- C:\ProgramData
2014-10-24 16:19:15 ----D---- C:\Program Files (x86)\Settings Manager
2014-10-24 16:19:15 ----D---- C:\Program Files (x86)\globalUpdate
2014-10-24 16:19:10 ----D---- C:\WINDOWS\system32\Tasks
2014-10-24 15:55:31 ----D---- C:\ProgramData\Malwarebytes
2014-10-24 12:24:24 ----D---- C:\Program Files
2014-10-24 09:47:36 ----D---- C:\WINDOWS\debug
2014-10-24 09:41:08 ----D---- C:\WINDOWS\SysWOW64
2014-10-24 08:39:33 ----D---- C:\WINDOWS\Microsoft.NET
2014-10-23 22:49:18 ----SHD---- C:\WINDOWS\Installer
2014-10-23 22:43:43 ----D---- C:\Windows
2014-10-23 21:30:14 ----D---- C:\WINDOWS\system32\catroot2
2014-10-23 21:05:54 ----RD---- C:\Users
2014-10-23 20:39:31 ----D---- C:\Users\Bruja\AppData\Roaming\Wise Care 365
2014-10-23 20:33:44 ----D---- C:\WINDOWS\Minidump
2014-10-23 20:07:56 ----D---- C:\WINDOWS\system32\drivers\etc
2014-10-23 19:57:37 ----RSD---- C:\WINDOWS\Fonts
2014-10-23 18:43:38 ----D---- C:\WINDOWS\system32\appmgmt
2014-10-23 17:17:09 ----D---- C:\Program Files (x86)\Common Files
2014-10-23 13:05:19 ----SHD---- C:\System Volume Information
2014-10-23 12:05:07 ----D---- C:\WINDOWS\system32\config
2014-10-23 11:50:13 ----D---- C:\Users\Bruja\AppData\Roaming\Origin
2014-10-23 11:50:13 ----D---- C:\ProgramData\Origin
2014-10-23 11:45:37 ----D---- C:\WINDOWS\AppReadiness
2014-10-23 11:37:44 ----D---- C:\WINDOWS\WinSxS
2014-10-23 09:37:08 ----D---- C:\WINDOWS\Tasks
2014-10-22 19:15:42 ----D---- C:\ProgramData\sAve. nnet
2014-10-22 10:09:02 ----HD---- C:\Program Files\WindowsApps
2014-10-17 17:37:42 ----D---- C:\Users\Bruja\AppData\Roaming\Skype
2014-10-17 16:33:18 ----D---- C:\WINDOWS\system32\catroot
2014-10-16 14:53:29 ----D---- C:\WINDOWS\system32\DriverStore
2014-10-16 14:48:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-10-15 16:45:47 ----D---- C:\WINDOWS\CbsTemp
2014-10-14 13:31:33 ----SD---- C:\ProgramData\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-07-19 65776]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-07-19 224896]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2014-07-19 93568]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-07-19 1041168]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-07-19 427360]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-07-19 29208]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-07-19 79184]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2014-07-19 92008]
R2 speedfan;speedfan; \??\C:\WINDOWS\SysWOW64\speedfan.sys [2012-12-29 28664]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2013-12-13 13207552]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2013-12-13 626176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2014-10-01 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2014-10-01 64216]
R3 MEIx64;@oem2.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 PAC7302;@oem8.inf,%str_Description%;iSlim 300X; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-10-29 527360]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 WmBEnum;@oem69.inf,%WmBEnum.SVCDESC%;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 22024]
S2 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2014-10-23 22704]
S3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwnx.sys [2013-06-18 3680256]
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\syswow64\epmntdrv.sys [2012-12-21 14920]
S3 esgiguard;esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 14872]
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\syswow64\EuGdiDrv.sys [2012-12-21 9160]
S3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\WINDOWS\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]
S3 WmFilter;@oem67.inf,%WmFilter.SvcDesc%;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 34440]
S3 WmHidLo;@oem67.inf,%WmHidLo.SvcDesc%;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-01-13 36360]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2013-12-13 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-19 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
R2 NeroMediaHomeService.4;Nero MediaHome 4 Service; F:\Nero\Nero MediaHome 4\NMMediaServerService.exe [2012-12-20 518632]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 WiseBootAssistant;Wise Boot Assistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2012-07-17 580648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 267440]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-16 194032]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu RSIT
Zdravim 
v jakem presnem umisteni byl tento nalez?
vidim nainstalovany MBAM... nechal jste jim projet PC? Poslete log s jeho nalezy.
odinstalujte Skype Click to Call
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Stahnete a ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/,
Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
v jakem presnem umisteni byl tento nalez? vidim nainstalovany MBAM... nechal jste jim projet PC? Poslete log s jeho nalezy. odinstalujte Skype Click to Call V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Stahnete a ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/,
- ukoncete vsechny programy,
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem),
- kliknete na Scan, pote na Clean,
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi.
Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
- spustte jako spravce
- do velkeho okna zkopirujte script uvedeny nize
- kliknete na Run script
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
Zdravím a díky za zájem.
- umístění minred.exe: c:\Users\Administrator\AppData\Local\
- MBAM log: první test ( druhý dnes naprosto čistý )
Malwarebytes Anti-Malware 2.0.3.1025
New Features:
• Scans may now be set to run as lower priority processes to improve multi-tasking under Advanced Settings
• Added support for keyboard navigation of user interface
• Added support for JAWS and Windows Narrator screenreaders
Improvements:
• Malwarebytes Chameleon enhanced to be more effective against active malware infections in getting Malwarebytes Anti-Malware running
• Notification for outdated databases now configured to 7 days by default rather than 1 per user feedback
• All scans with Malwarebytes Anti-Malware now create an entry in protection logs
• Failed update checks are now logged in protection logs
• Updating Malwarebytes Anti-Malware should now function even when the Scan tab is awaiting action from the user
• Support for scanning encrypted drives improved when rootkit scanning is enabled
Issues Fixed:
• Google Chrome users should no longer experience Malwarebytes Anti-Malware getting stuck or hanging during heuristics scans with Malwarebytes Anti-Malware
• Scans should no longer hang during filesystem objects scan on some systems
• Several crashes in Malwarebytes Anti-Malware fixed
• Runtime errors during installation or upgrade of Malwarebytes Anti-Malware should no longer occur
• Rootkit scanning should no longer flag sectors on non-system volumes as forged when those volumes are encrypted
• Rootkit scanning should now work properly on Bitlocker encrypted drives
• Scanning TruCrypt encrypted system volumes with rootkit scanning disabled no longer results in the filesystem not being scanned
• Issue with repairing rootkit infected drivers on Windows 8 and Windows 8.1 fixed
• BSOD when using Driver Verifier software on a system running Malwarebytes Anti-Malware fixed
• BSOD when using Boxcryptor software fixed
• BSOD when using Malwarebytes Chameleon or self-protection in Malwarebytes Anti-Malware under certain conditions fixed
• Malwarebytes Anti-Malware should no longer crash when using the "Copy to Clipboard" function under certain circumstances
• Dashboard banner text should now reflect language changes in Malwarebytes Anti-Malware instantly
• Several issues with tray notifications fixed
• Display problems with some languages fixed
• Malware Exclusions and Web Exclusions should no longer display duplicate entries following database updates
• Occasional crash of MBAMService when upgrading from version 1.75 of Malwarebytes Anti-Malware should no longer occur
• Several issues with the right-click "Scan with Malwarebytes Anti-Malware" function fixed
• Several problems with access policies fixed
• Several UI performance issues fixed
• Several UI and user experience enhancements implemented
• More than one Malwarebytes Anti-Malware tray icon should no longer be displayed on system start under some circumstances
• Issue with Malicious Website Protection not enabling after install under some circumstances on Windows Vista fixed
• Minor display issues with tables within the UI fixed
- Skype Clik to Call odinstalován
- AdwCleaner:
# AdwCleaner v4.002 - Report created 27/10/2014 at 10:43:41
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Bruja - ADMIN-PC
# Running from : C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Bruja\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Bruja\Favorites\Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Bruja\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Bruja\AppData\Roaming\DriverCure
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\Users\Bruja\AppData\Roaming\FlvPlayer
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Bruja\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Bruja\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Bruja\AppData\Local\PackageAware
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Bruja\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Bruja\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\torch
Folder Deleted : C:\ProgramData\sAve. nnet
Folder Deleted : C:\Program Files (x86)\sAve. nnet
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\FlvPlayer.lnk
File Deleted : C:\WINDOWS\SysWOW64\EsgScanner.sys
File Deleted : C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R1].txt - [8001 octets] - [27/10/2014 10:37:15]
AdwCleaner[R2].txt - [8061 octets] - [27/10/2014 10:40:40]
AdwCleaner[S0].txt - [7992 octets] - [27/10/2014 10:43:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8052 octets] ##########
- zoek log :
Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Bruja on po 27. 10. 2014 at 11:44:44,18.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bruja\Downloads\zoek.exe [Scan all users] [Deep Scan]
==== System Restore Info ======================
27. 10. 2014 11:46:27 Zoek.exe System Restore Point Created Succesfully.
==== Running Processes ======================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bruja\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8155 MB
CPU Info: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
CPU Speed: 3300,2 MHz
Sound Card: Reproduktory (Realtek High Defi |
Digitální zvuk (HDMI) (Zvukové |
Realtek Digital Output (Realtek |
Display Adapters: AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Řadič Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NS90
Ports: COM1 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 232,9GB | E: 100,0MB | F: 122,5GB | G: 1740,4GB
Hard Disks - Free: C: 124,2GB | E: 65,5MB | F: 88,0GB | G: 1394,5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 07/02/12 | ALASKA - 1072009
Time Zone: Střední Evropa (běžný čas)
Motherboard *: MSI H61MA-E35 (MS-7740)
Country: ¬esk ˙republika
Language: CSY
==== System Specs (Software) ======================
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 38.0.2125.104
Internet Explorer Version: 11.0.9600.17239
Google Chrome version: 38.0.2125.104
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_60 (32-bit)
Flash Player version: 15.0.0.152
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\Users\Bruja\AppData\Local\Temp ====
2014-10-24 14:41:44 51151D3AD8DA0DFA0E7A681AA2FF8870 158720 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sfareca00001.dll
2014-10-23 21:29:39 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sfamcc00001.dll
2014-10-19 20:58:16 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-10-24 08:41:08 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\WINDOWS\SysWOW64\sh4native.exe
2014-10-14 11:33:44 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\WINDOWS\SysWOW64\initdebug.nfo
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-10-24 14:55:42 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-24 14:55:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-10-24 14:55:31 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-10-24 14:55:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-10-23 20:10:46 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\WINDOWS\Sysnative\drivers\EsgScanner.sys
====== C:\WINDOWS\Tasks ======
2014-10-23 10:06:14 C1298639F3F68DCDF94BE9414643D810 4972 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for ADMIN-PC-Bruja Admin-PC
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-10-24 11:24:24 -------- d-----w- C:\Program Files\trend micro
2014-10-23 16:17:29 -------- d-----w- C:\Program Files\Enigma Software Group
2014-09-30 19:01:25 -------- d-----w- C:\Program Files\DivX
======= C:\PROGRA~2 =====
2014-10-23 20:35:03 -------- d-----w- C:\PROGRA~2\Enigma Software Group
2014-10-23 19:45:07 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-10-23 16:17:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-10-17 15:38:57 -------- d-----w- C:\PROGRA~2\SpeedFan
2014-10-16 13:53:17 -------- d-----w- C:\PROGRA~2\Sony Mobile
2014-09-30 19:01:12 -------- d-----w- C:\PROGRA~2\COMMON~1\DivX Shared
2014-09-30 19:00:49 -------- d-----w- C:\PROGRA~2\DivX
======= C: =====
2014-10-24 08:41:08 E72F70455334B2F8E475F28BE6C1F861 597707 ----a-w- C:\spyhunter.fix
2014-10-23 16:18:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Bruja\AppData\Roaming ======
2014-10-23 20:35:04 -------- d-----w- C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-23 17:44:47 -------- d-----w- C:\Users\Bruja\AppData\Roaming\GetRightToGo
2014-10-23 11:21:01 -------- d-----w- C:\Users\Bruja\AppData\Local\Microsoft_Corporation
2014-10-17 15:38:57 -------- d-----w- C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-30 19:01:26 -------- d-----w- C:\Users\Bruja\AppData\Roaming\DivX
====== C:\Users\Bruja ======
2014-10-27 09:35:21 FF33D8CDF04B1D15F3808D49406BEA43 1998336 ----a-w- C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-24 14:54:12 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 11:21:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-23 20:11:03 -------- d-----w- C:\Users\Bruja\Start Menu
2014-10-23 20:10:10 0289AA4DF64B6030E5BFB3AAC36AD501 2998656 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 20:06:16 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 20:06:16 -------- d-----w- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch
2014-10-23 19:44:31 AB1C4DEAB684B0D883CFAA82C7BC6D19 812344 ----a-w- C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 19:12:11 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 18:18:46 -------- d-----w- C:\ProgramData\Max Secure
2014-10-23 17:00:36 78939A0FADBAB1BA3FD30C8A00A8648B 368256 ----a-w- C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 16:54:53 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-10-23 16:16:31 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-22 17:14:37 FA4ADAB03346845021BCD313AC3035A9 697152 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\libeay32.dll
2014-10-22 17:14:37 DA1393C757B3B04195F7A5503C4EDF4C 3949376 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_bench64.dll
2014-10-22 17:14:37 D22C973EAF938AC493967B5297592DC4 164672 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\ssleay32.dll
2014-10-22 17:14:37 CE831A6B5FE676D472969B673285AE2C 3833144 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_uires.dll
2014-10-22 17:14:37 7E932F37D13755630917D25845A7098A 86840 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_helper64.dll
2014-10-22 17:14:37 7E142D59D3626377A633BD092B9AEAEE 54088 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_update.dll
2014-10-22 17:14:37 712A05A258F2747A703AE8D41C7AB541 308016 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_icons7.dll
2014-10-22 17:14:37 5483838D8B6201A0EED74E40EEF4B72B 162616 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_icons2k.dll
2014-10-22 17:14:37 53E1AD380C8C210B4AB6B6AFC3A18220 1121088 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_diskbench.dll
2014-10-22 17:14:37 4405257AB55A623B3CB07A4328998CF4 3611456 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida64.exe
2014-10-22 17:14:37 3ED631CE3190ED873CAE3C184B01E206 1073480 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_mondiag.dll
2014-10-22 17:14:37 26649C34DE626A390FBCB85E1EFDA785 240432 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_iconsxp.dll
2014-10-22 17:14:37 21D48D79F9316867721BC64C08A4CE03 2806592 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_bench32.dll
2014-10-22 17:14:37 -------- d-----w- C:\Users\64AIDA\AIDA64 4.70.3206
2014-10-17 15:38:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 15:25:12 BE4CB65CA589721F90EC9C0BD8F913F9 2174848 ----a-w- C:\Users\Bruja\Downloads\instsf450.exe
2014-10-16 13:53:16 -------- d-----w- C:\ProgramData\Sony Mobile
2014-10-14 11:33:01 C170D331ACF1129F0DBF1F3941078946 8611804 ----a-w- C:\Users\Bruja\Downloads\installspeedfan.exe
2014-09-30 19:01:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-09-30 19:00:20 -------- d-----w- C:\ProgramData\DivX
====== C: exe-files ==
2014-10-27 09:35:21 FF33D8CDF04B1D15F3808D49406BEA43 1998336 ----a-w- C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-26 17:42:27 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe
2014-10-24 14:54:12 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 11:24:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Bruja.exe
2014-10-24 11:21:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-24 08:41:08 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\Windows\SysWOW64\sh4native.exe
2014-10-23 21:43:43 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe
2014-10-23 21:43:43 2349274E327CAC32501C93AE37E16B48 180934 ----a-w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-10-23 20:20:21 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\sh4ldr\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 20:20:21 8949BF1C06605F61B463AC61B53489B4 259584 ----a-r- C:\sh4ldr\SpyHunter 4.17.6.4336+patch\patch\spyhunter.4.3.32-patch.exe
2014-10-23 20:10:10 0289AA4DF64B6030E5BFB3AAC36AD501 2998656 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 20:06:16 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 19:44:31 AB1C4DEAB684B0D883CFAA82C7BC6D19 812344 ----a-w- C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 19:12:11 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 17:42:45 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe
2014-10-23 17:42:45 15E51E8ADDED68AE73CD46AE671923E2 190437 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla36.exe
2014-10-23 17:00:36 78939A0FADBAB1BA3FD30C8A00A8648B 368256 ----a-w- C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 16:16:31 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-23 08:37:07 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-23 08:37:07 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-23 08:37:07 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-23 08:37:07 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-23 08:37:07 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-23 08:37:07 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-23 08:37:07 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-23 08:37:05 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-22 17:14:37 9B4CA977C5822243222AEFD3FAF1FE9E 267264 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\Keygen-ZWT\keygen.exe
2014-10-22 17:14:37 4405257AB55A623B3CB07A4328998CF4 3611456 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida64.exe
2014-10-22 16:21:26 9B4CA977C5822243222AEFD3FAF1FE9E 267264 ----a-w- C:\Users\Bruja\Music\AIDA64 4.70.3206\Keygen-ZWT\keygen.exe
=== C: other files ==
2014-10-24 14:55:42 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-24 14:55:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-24 14:55:31 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-24 14:55:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-23 20:10:46 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-10-23 18:34:22 6FBBB02A1A5998CC8B8AE9AA19702F52 16638903 ----a-w- C:\Users\Bruja\Downloads\aida64extreme_build_3211_m4wrgf1cnu.zip
2014-10-23 16:18:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"f.lux"="C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="F:\Quicktime\QTTask.exe -atboottime"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"f.lux"="C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10. 09. 2014 16:17]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16. 12. 2013 21:04]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16. 12. 2013 21:04]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Trigger KMS Activation" ["C:\Users\Bruja\Downloads\Aktivator Microsoft Office Professional Plus 2013 (32-64bit)\KMSnano Final\TriggerKMS.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A15A15C8-979B-4C1E-A4D0-8B8F3F7AEBDE}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2E5D12E3-2B9B-4301-8546-23CE638AA673}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\WINDOWS\SysNative\tasks\{8787D75F-262C-4269-903F-DD4D2839EEB2}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19. 07. 2014 19:47]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19. 07. 2014 19:47]
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Learn French - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
Google Docs - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
WGT Golf Challenge - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg
TV program - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo
LE Learn English Cloud - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig
MapsGalaxy - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij
Stopwatch - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh
Cycling the Alps - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh
Google Play - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
France TV - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod
ButtonBass Player Piano - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi
Google Maps - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
French Dictionary - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn
Google Wallet - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Chrome to Phone Extension - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco
Gmail - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YoutubeAdblocker - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://about:Tabs"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{EE7F2520-3571-458A-AC55-D0B691A4C694} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Windows\game.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on po 27. 10. 2014 at 11:49:37,46 ======================
Jěště jednou díky.
- umístění minred.exe: c:\Users\Administrator\AppData\Local\
- MBAM log: první test ( druhý dnes naprosto čistý )
Malwarebytes Anti-Malware 2.0.3.1025
New Features:
• Scans may now be set to run as lower priority processes to improve multi-tasking under Advanced Settings
• Added support for keyboard navigation of user interface
• Added support for JAWS and Windows Narrator screenreaders
Improvements:
• Malwarebytes Chameleon enhanced to be more effective against active malware infections in getting Malwarebytes Anti-Malware running
• Notification for outdated databases now configured to 7 days by default rather than 1 per user feedback
• All scans with Malwarebytes Anti-Malware now create an entry in protection logs
• Failed update checks are now logged in protection logs
• Updating Malwarebytes Anti-Malware should now function even when the Scan tab is awaiting action from the user
• Support for scanning encrypted drives improved when rootkit scanning is enabled
Issues Fixed:
• Google Chrome users should no longer experience Malwarebytes Anti-Malware getting stuck or hanging during heuristics scans with Malwarebytes Anti-Malware
• Scans should no longer hang during filesystem objects scan on some systems
• Several crashes in Malwarebytes Anti-Malware fixed
• Runtime errors during installation or upgrade of Malwarebytes Anti-Malware should no longer occur
• Rootkit scanning should no longer flag sectors on non-system volumes as forged when those volumes are encrypted
• Rootkit scanning should now work properly on Bitlocker encrypted drives
• Scanning TruCrypt encrypted system volumes with rootkit scanning disabled no longer results in the filesystem not being scanned
• Issue with repairing rootkit infected drivers on Windows 8 and Windows 8.1 fixed
• BSOD when using Driver Verifier software on a system running Malwarebytes Anti-Malware fixed
• BSOD when using Boxcryptor software fixed
• BSOD when using Malwarebytes Chameleon or self-protection in Malwarebytes Anti-Malware under certain conditions fixed
• Malwarebytes Anti-Malware should no longer crash when using the "Copy to Clipboard" function under certain circumstances
• Dashboard banner text should now reflect language changes in Malwarebytes Anti-Malware instantly
• Several issues with tray notifications fixed
• Display problems with some languages fixed
• Malware Exclusions and Web Exclusions should no longer display duplicate entries following database updates
• Occasional crash of MBAMService when upgrading from version 1.75 of Malwarebytes Anti-Malware should no longer occur
• Several issues with the right-click "Scan with Malwarebytes Anti-Malware" function fixed
• Several problems with access policies fixed
• Several UI performance issues fixed
• Several UI and user experience enhancements implemented
• More than one Malwarebytes Anti-Malware tray icon should no longer be displayed on system start under some circumstances
• Issue with Malicious Website Protection not enabling after install under some circumstances on Windows Vista fixed
• Minor display issues with tables within the UI fixed
- Skype Clik to Call odinstalován
- AdwCleaner:
# AdwCleaner v4.002 - Report created 27/10/2014 at 10:43:41
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Bruja - ADMIN-PC
# Running from : C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Bruja\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Bruja\Favorites\Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Bruja\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Bruja\AppData\Roaming\DriverCure
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\Users\Bruja\AppData\Roaming\FlvPlayer
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Bruja\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Bruja\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Bruja\AppData\Local\PackageAware
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\Bruja\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Bruja\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\torch
Folder Deleted : C:\ProgramData\sAve. nnet
Folder Deleted : C:\Program Files (x86)\sAve. nnet
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Folder Deleted : C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
[!] Folder Deleted : C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\FlvPlayer.lnk
File Deleted : C:\WINDOWS\SysWOW64\EsgScanner.sys
File Deleted : C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : EPUpdater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF549236-6258-4AC6-A043-5B5B89C6EB61}
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R1].txt - [8001 octets] - [27/10/2014 10:37:15]
AdwCleaner[R2].txt - [8061 octets] - [27/10/2014 10:40:40]
AdwCleaner[S0].txt - [7992 octets] - [27/10/2014 10:43:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8052 octets] ##########
- zoek log :
Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Bruja on po 27. 10. 2014 at 11:44:44,18.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bruja\Downloads\zoek.exe [Scan all users] [Deep Scan]
==== System Restore Info ======================
27. 10. 2014 11:46:27 Zoek.exe System Restore Point Created Succesfully.
==== Running Processes ======================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bruja\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8155 MB
CPU Info: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
CPU Speed: 3300,2 MHz
Sound Card: Reproduktory (Realtek High Defi |
Digitální zvuk (HDMI) (Zvukové |
Realtek Digital Output (Realtek |
Display Adapters: AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series | AMD Radeon HD 7700 Series
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: Řadič Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH24NS90
Ports: COM1 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 232,9GB | E: 100,0MB | F: 122,5GB | G: 1740,4GB
Hard Disks - Free: C: 124,2GB | E: 65,5MB | F: 88,0GB | G: 1394,5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 07/02/12 | ALASKA - 1072009
Time Zone: Střední Evropa (běžný čas)
Motherboard *: MSI H61MA-E35 (MS-7740)
Country: ¬esk ˙republika
Language: CSY
==== System Specs (Software) ======================
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 38.0.2125.104
Internet Explorer Version: 11.0.9600.17239
Google Chrome version: 38.0.2125.104
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_60 (32-bit)
Flash Player version: 15.0.0.152
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\Users\Bruja\AppData\Local\Temp ====
2014-10-24 14:41:44 51151D3AD8DA0DFA0E7A681AA2FF8870 158720 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sfareca00001.dll
2014-10-23 21:29:39 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sfamcc00001.dll
2014-10-19 20:58:16 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Bruja\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-10-24 08:41:08 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\WINDOWS\SysWOW64\sh4native.exe
2014-10-14 11:33:44 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\WINDOWS\SysWOW64\initdebug.nfo
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2014-10-24 14:55:42 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-24 14:55:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2014-10-24 14:55:31 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-10-24 14:55:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-10-23 20:10:46 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\WINDOWS\Sysnative\drivers\EsgScanner.sys
====== C:\WINDOWS\Tasks ======
2014-10-23 10:06:14 C1298639F3F68DCDF94BE9414643D810 4972 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for ADMIN-PC-Bruja Admin-PC
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-10-24 11:24:24 -------- d-----w- C:\Program Files\trend micro
2014-10-23 16:17:29 -------- d-----w- C:\Program Files\Enigma Software Group
2014-09-30 19:01:25 -------- d-----w- C:\Program Files\DivX
======= C:\PROGRA~2 =====
2014-10-23 20:35:03 -------- d-----w- C:\PROGRA~2\Enigma Software Group
2014-10-23 19:45:07 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-10-23 16:17:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-10-17 15:38:57 -------- d-----w- C:\PROGRA~2\SpeedFan
2014-10-16 13:53:17 -------- d-----w- C:\PROGRA~2\Sony Mobile
2014-09-30 19:01:12 -------- d-----w- C:\PROGRA~2\COMMON~1\DivX Shared
2014-09-30 19:00:49 -------- d-----w- C:\PROGRA~2\DivX
======= C: =====
2014-10-24 08:41:08 E72F70455334B2F8E475F28BE6C1F861 597707 ----a-w- C:\spyhunter.fix
2014-10-23 16:18:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Bruja\AppData\Roaming ======
2014-10-23 20:35:04 -------- d-----w- C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-23 17:44:47 -------- d-----w- C:\Users\Bruja\AppData\Roaming\GetRightToGo
2014-10-23 11:21:01 -------- d-----w- C:\Users\Bruja\AppData\Local\Microsoft_Corporation
2014-10-17 15:38:57 -------- d-----w- C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-30 19:01:26 -------- d-----w- C:\Users\Bruja\AppData\Roaming\DivX
====== C:\Users\Bruja ======
2014-10-27 09:35:21 FF33D8CDF04B1D15F3808D49406BEA43 1998336 ----a-w- C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-24 14:54:12 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 11:21:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-23 20:11:03 -------- d-----w- C:\Users\Bruja\Start Menu
2014-10-23 20:10:10 0289AA4DF64B6030E5BFB3AAC36AD501 2998656 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 20:06:16 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 20:06:16 -------- d-----w- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch
2014-10-23 19:44:31 AB1C4DEAB684B0D883CFAA82C7BC6D19 812344 ----a-w- C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 19:12:11 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 18:18:46 -------- d-----w- C:\ProgramData\Max Secure
2014-10-23 17:00:36 78939A0FADBAB1BA3FD30C8A00A8648B 368256 ----a-w- C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 16:54:53 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-10-23 16:16:31 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-22 17:14:37 FA4ADAB03346845021BCD313AC3035A9 697152 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\libeay32.dll
2014-10-22 17:14:37 DA1393C757B3B04195F7A5503C4EDF4C 3949376 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_bench64.dll
2014-10-22 17:14:37 D22C973EAF938AC493967B5297592DC4 164672 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\ssleay32.dll
2014-10-22 17:14:37 CE831A6B5FE676D472969B673285AE2C 3833144 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_uires.dll
2014-10-22 17:14:37 7E932F37D13755630917D25845A7098A 86840 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_helper64.dll
2014-10-22 17:14:37 7E142D59D3626377A633BD092B9AEAEE 54088 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_update.dll
2014-10-22 17:14:37 712A05A258F2747A703AE8D41C7AB541 308016 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_icons7.dll
2014-10-22 17:14:37 5483838D8B6201A0EED74E40EEF4B72B 162616 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_icons2k.dll
2014-10-22 17:14:37 53E1AD380C8C210B4AB6B6AFC3A18220 1121088 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_diskbench.dll
2014-10-22 17:14:37 4405257AB55A623B3CB07A4328998CF4 3611456 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida64.exe
2014-10-22 17:14:37 3ED631CE3190ED873CAE3C184B01E206 1073480 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_mondiag.dll
2014-10-22 17:14:37 26649C34DE626A390FBCB85E1EFDA785 240432 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_iconsxp.dll
2014-10-22 17:14:37 21D48D79F9316867721BC64C08A4CE03 2806592 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida_bench32.dll
2014-10-22 17:14:37 -------- d-----w- C:\Users\64AIDA\AIDA64 4.70.3206
2014-10-17 15:38:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 15:25:12 BE4CB65CA589721F90EC9C0BD8F913F9 2174848 ----a-w- C:\Users\Bruja\Downloads\instsf450.exe
2014-10-16 13:53:16 -------- d-----w- C:\ProgramData\Sony Mobile
2014-10-14 11:33:01 C170D331ACF1129F0DBF1F3941078946 8611804 ----a-w- C:\Users\Bruja\Downloads\installspeedfan.exe
2014-09-30 19:01:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-09-30 19:00:20 -------- d-----w- C:\ProgramData\DivX
====== C: exe-files ==
2014-10-27 09:35:21 FF33D8CDF04B1D15F3808D49406BEA43 1998336 ----a-w- C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-26 17:42:27 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe
2014-10-24 14:54:12 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 11:24:25 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Bruja.exe
2014-10-24 11:21:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-24 08:41:08 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\Windows\SysWOW64\sh4native.exe
2014-10-23 21:43:43 6B110E925294547A7D288F26DA19D199 179687 ----a-w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe
2014-10-23 21:43:43 2349274E327CAC32501C93AE37E16B48 180934 ----a-w- C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-10-23 20:35:04 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Bruja\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-10-23 20:20:21 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\sh4ldr\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 20:20:21 8949BF1C06605F61B463AC61B53489B4 259584 ----a-r- C:\sh4ldr\SpyHunter 4.17.6.4336+patch\patch\spyhunter.4.3.32-patch.exe
2014-10-23 20:10:10 0289AA4DF64B6030E5BFB3AAC36AD501 2998656 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 20:06:16 CD523CE6F211FB60C3FDE8FA058972CA 46175312 ----a-r- C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch\spyhunterS4.exe
2014-10-23 19:44:31 AB1C4DEAB684B0D883CFAA82C7BC6D19 812344 ----a-w- C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 19:12:11 EB40DC01EF0D0D91F13AABA0FE1FC0CA 1962496 ----a-w- C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 17:42:45 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe
2014-10-23 17:42:45 15E51E8ADDED68AE73CD46AE671923E2 190437 ----a-w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla36.exe
2014-10-23 17:00:36 78939A0FADBAB1BA3FD30C8A00A8648B 368256 ----a-w- C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 16:16:31 58CFEB24D4AC902D42EB2D15E18C3110 728960 ----a-w- C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-23 08:37:07 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-23 08:37:07 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-23 08:37:07 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-23 08:37:07 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-23 08:37:07 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-23 08:37:07 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-23 08:37:07 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-23 08:37:05 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe
2014-10-22 17:14:37 9B4CA977C5822243222AEFD3FAF1FE9E 267264 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\Keygen-ZWT\keygen.exe
2014-10-22 17:14:37 4405257AB55A623B3CB07A4328998CF4 3611456 ----a-w- C:\Users\64AIDA\AIDA64 4.70.3206\aida64.exe
2014-10-22 16:21:26 9B4CA977C5822243222AEFD3FAF1FE9E 267264 ----a-w- C:\Users\Bruja\Music\AIDA64 4.70.3206\Keygen-ZWT\keygen.exe
=== C: other files ==
2014-10-24 14:55:42 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-24 14:55:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-24 14:55:31 D1F2D4DF0A5D3B700794E26356A55B44 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-24 14:55:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-23 20:10:46 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-10-23 18:34:22 6FBBB02A1A5998CC8B8AE9AA19702F52 16638903 ----a-w- C:\Users\Bruja\Downloads\aida64extreme_build_3211_m4wrgf1cnu.zip
2014-10-23 16:18:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"f.lux"="C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="F:\Quicktime\QTTask.exe -atboottime"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="F:\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"f.lux"="C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10. 09. 2014 16:17]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16. 12. 2013 21:04]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16. 12. 2013 21:04]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Trigger KMS Activation" ["C:\Users\Bruja\Downloads\Aktivator Microsoft Office Professional Plus 2013 (32-64bit)\KMSnano Final\TriggerKMS.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A15A15C8-979B-4C1E-A4D0-8B8F3F7AEBDE}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\{2E5D12E3-2B9B-4301-8546-23CE638AA673}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\WINDOWS\SysNative\tasks\{8787D75F-262C-4269-903F-DD4D2839EEB2}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19. 07. 2014 19:47]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19. 07. 2014 19:47]
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Learn French - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
Google Docs - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
WGT Golf Challenge - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg
TV program - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo
LE Learn English Cloud - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig
MapsGalaxy - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij
Stopwatch - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh
Cycling the Alps - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh
Google Play - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
France TV - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod
ButtonBass Player Piano - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi
Google Maps - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
French Dictionary - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn
Google Wallet - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Chrome to Phone Extension - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco
Gmail - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YoutubeAdblocker - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://about:Tabs"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{EE7F2520-3571-458A-AC55-D0B691A4C694} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Nero MediaHome 4] "F:\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Windows\game.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on po 27. 10. 2014 at 11:49:37,46 ======================
Jěště jednou díky.
Re: Kontrola logu RSIT
SpyHunter odinstalujte zoek neudelal co mel, protoze jste do nej nezkopiroval script, takze prosim znovu a presne podle navodu 
Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
- spustte jako spravce
- do velkeho okna zkopirujte script uvedeny nize
- kliknete na Run script
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
- SpyHunter odinstalován
- log zonek :
Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Bruja on po 27. 10. 2014 at 16:37:25,54.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bruja\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27. 10. 2014 16:39:11 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Bruja\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\Bruja\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\6e8643bb141d51f0\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\6e8643bb141d51f0\{7DD5E91C-3864-77EC-7635-D14910C2A03E}" deleted
"C:\PROGRA~3\6e8643bb141d51f0\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old" deleted
"C:\PROGRA~3\6e8643bb141d51f0" deleted
"C:\Users\Bruja\AppData\Roaming\Origin" deleted
"C:\PROGRA~2\Windows Portable Devices" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19. 07. 2014 19:47]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19. 07. 2014 19:47]
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Learn French - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
TV program - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo
LE Learn English Cloud - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig
MapsGalaxy - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij
Google Play - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
France TV - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod
ButtonBass Player Piano - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi
YoutubeAdblocker - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
==== Chromium Fix ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fhndhalcfnmpglbelaejgmjlialaopij_0.localstorage deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fhndhalcfnmpglbelaejgmjlialaopij_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://about:Tabs"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://about:Tabs"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{EE7F2520-3571-458A-AC55-D0B691A4C694} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bruja\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NEROME~1.4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=367 folders=170 91355603 bytes)
==== Empty Temp Folders ======================
C:\Users\Bruja\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp emptied successfully
C:\Users\NEROME~1.4\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Bruja\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 27. 10. 2014 at 16:58:52,69 ======================
- log zonek :
Zoek.exe v5.0.0.0 Updated 26-10-2014
Tool run by Bruja on po 27. 10. 2014 at 16:37:25,54.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bruja\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27. 10. 2014 16:39:11 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Bruja\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\Bruja\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\6e8643bb141d51f0\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\6e8643bb141d51f0\{7DD5E91C-3864-77EC-7635-D14910C2A03E}" deleted
"C:\PROGRA~3\6e8643bb141d51f0\{7DD5E91C-3864-77EC-7635-D14910C2A03E}.old" deleted
"C:\PROGRA~3\6e8643bb141d51f0" deleted
"C:\Users\Bruja\AppData\Roaming\Origin" deleted
"C:\PROGRA~2\Windows Portable Devices" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19. 07. 2014 19:47]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19. 07. 2014 19:47]
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
Learn French - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
TV program - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo
LE Learn English Cloud - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig
MapsGalaxy - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij
Google Play - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
France TV - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod
ButtonBass Player Piano - Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi
YoutubeAdblocker - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
YoutubeAdblocker - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej
save net - NEROME~1.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg
==== Chromium Fix ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hgpnjjjkodochfoigpmmmdekkbmiegej deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmpmonigmnpjdnciacdghdepnpafgpjg deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhndhalcfnmpglbelaejgmjlialaopij deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fhndhalcfnmpglbelaejgmjlialaopij_0.localstorage deleted successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fhndhalcfnmpglbelaejgmjlialaopij_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://about:Tabs"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://about:Tabs"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{EE7F2520-3571-458A-AC55-D0B691A4C694} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"
==== Reset Google Chrome ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bruja\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NEROME~1.4\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=367 folders=170 91355603 bytes)
==== Empty Temp Folders ======================
C:\Users\Bruja\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp emptied successfully
C:\Users\NEROME~1.4\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Bruja\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 27. 10. 2014 at 16:58:52,69 ======================
Re: Kontrola logu RSIT
Dejte log FRST, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
log FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Bruja (administrator) on ADMIN-PC on 28-10-2014 09:42:51
Running from C:\Users\Bruja\Desktop
Loaded Profiles: Bruja & NeroMediaHomeUser.4 (Available profiles: Bruja & NeroMediaHomeUser.4)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\Bruja\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-07] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nero MediaHome 4] => F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => F:\Quicktime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Nero MediaHome 4] => F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4277384 2013-12-18] (Plex, Inc.)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [f.lux] => C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Windows] => C:\Users\Public\Windows\game.vbs [77 2014-06-30] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> F:\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-16]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://www.google.cz/", "", "", "hxxp://search.ividi.org/?src=tbhp&id=a2bae7a900000000000016700281c1f3&affilt=3", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 3&tsp=5244", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-12-18]
CHR Extension: (Prezentace Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-27]
CHR Extension: (Learn French - Très Bien) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2013-12-18]
CHR Extension: (Dokumenty Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-18]
CHR Extension: (Disk Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-18]
CHR Extension: (YouTube) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-18]
CHR Extension: (WGT Golf Challenge) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2013-12-18]
CHR Extension: (TV program) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo [2013-12-18]
CHR Extension: (LE Learn English Cloud) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig [2013-12-18]
CHR Extension: (Tabulky Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-27]
CHR Extension: (Stopky / časovač) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2013-12-18]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-12-18]
CHR Extension: (Cycling the Alps) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh [2013-12-18]
CHR Extension: (Google Play) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-05-13]
CHR Extension: (France TV) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod [2013-12-18]
CHR Extension: (ButtonBass Player Piano) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2013-12-18]
CHR Extension: (Mapy Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-18]
CHR Extension: (Francouzský slovník) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2014-05-13]
CHR Extension: (Peněženka Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-18]
CHR Extension: (Gmail) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NeroMediaHomeService.4; F:\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-19] ()
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-23] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [527360 2007-10-29] (PixArt Imaging Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 09:42 - 2014-10-28 09:43 - 00021466 _____ () C:\Users\Bruja\Desktop\FRST.txt
2014-10-28 09:42 - 2014-10-28 09:42 - 00000000 ____D () C:\FRST
2014-10-28 09:41 - 2014-10-28 09:41 - 00112640 _____ (forum.viry.cz) C:\Users\Bruja\Desktop\FRSTLauncher.exe
2014-10-28 09:28 - 2014-10-28 09:28 - 02113024 _____ (Farbar) C:\Users\Bruja\Desktop\FRST64.exe
2014-10-27 16:59 - 2014-10-27 16:59 - 00014679 _____ () C:\Users\Bruja\Documents\zoek-results.txt
2014-10-27 16:57 - 2014-10-27 16:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-10-27 16:39 - 2014-10-27 16:58 - 00014679 _____ () C:\zoek-results.log
2014-10-27 16:37 - 2014-10-27 16:37 - 04114148 _____ () C:\Users\Bruja\Downloads\zoek.zip
2014-10-27 16:37 - 2014-10-27 16:37 - 01290752 _____ () C:\Users\Bruja\Downloads\zoek.exe
2014-10-27 16:11 - 2014-10-27 16:11 - 00003584 ___SH () C:\Users\Bruja\Desktop\Thumbs.db
2014-10-27 15:51 - 2014-10-28 09:34 - 00085501 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-27 15:50 - 2014-10-27 16:58 - 00000668 _____ () C:\WINDOWS\PFRO.log
2014-10-27 11:44 - 2014-10-27 16:55 - 00000000 ____D () C:\zoek_backup
2014-10-27 11:25 - 2014-10-27 11:25 - 00012521 _____ () C:\Users\Bruja\Documents\Malware.txt
2014-10-27 10:35 - 2014-10-27 10:55 - 00000000 ____D () C:\AdwCleaner
2014-10-27 10:35 - 2014-10-27 10:35 - 01998336 _____ () C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-24 15:55 - 2014-10-28 09:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 15:55 - 2014-10-24 15:56 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 15:55 - 2014-10-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 15:55 - 2014-10-24 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 15:55 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-24 15:55 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-24 15:55 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-24 15:54 - 2014-10-24 15:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 12:24 - 2014-10-26 18:51 - 00000000 ____D () C:\Program Files\trend micro
2014-10-24 12:24 - 2014-10-24 12:24 - 00000000 ____D () C:\rsit
2014-10-24 12:21 - 2014-10-24 12:21 - 01222144 _____ () C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-24 09:41 - 2014-10-24 12:18 - 00597707 _____ () C:\spyhunter.fix
2014-10-24 09:41 - 2010-05-13 16:34 - 00014232 _____ () C:\WINDOWS\SysWOW64\sh4native.exe
2014-10-23 22:43 - 2014-10-23 22:49 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-23 21:10 - 2014-10-27 16:32 - 00000000 ____D () C:\sh4ldr
2014-10-23 21:10 - 2014-10-23 21:10 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 21:10 - 2014-10-23 21:10 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-10-23 21:06 - 2014-10-23 22:11 - 00000000 ____D () C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch
2014-10-23 21:05 - 2014-10-23 21:06 - 00000000 ____D () C:\Users\SpyHunter
2014-10-23 21:04 - 2014-10-23 21:04 - 46454701 _____ () C:\Users\Bruja\Downloads\SpyHunter 4.17.6.4336+patch.rar
2014-10-23 20:45 - 2014-10-23 20:45 - 00002113 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\HijackThis.lnk
2014-10-23 20:45 - 2014-10-23 20:45 - 00002113 _____ () C:\Users\Bruja\Desktop\HijackThis.lnk
2014-10-23 20:45 - 2014-10-23 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
2014-10-23 20:45 - 2014-10-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-23 20:44 - 2014-10-23 20:44 - 00812344 _____ (Trend Micro Inc.) C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 20:43 - 2014-10-23 20:43 - 04321132 _____ (Swearware) C:\Users\Bruja\Downloads\Nepotvrzeno 464782.crdownload
2014-10-23 20:12 - 2014-10-23 20:12 - 01962496 _____ () C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 19:34 - 2014-10-23 19:34 - 16638903 _____ () C:\Users\Bruja\Downloads\aida64extreme_build_3211_m4wrgf1cnu.zip
2014-10-23 19:18 - 2014-10-23 19:57 - 00000000 ____D () C:\ProgramData\Max Secure
2014-10-23 18:00 - 2014-10-23 18:00 - 00368256 _____ (RegNow.com) C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 17:18 - 2014-10-23 17:18 - 00000000 _____ () C:\autoexec.bat
2014-10-23 17:17 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-23 17:17 - 2014-10-23 18:43 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-23 17:16 - 2014-10-23 17:16 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-23 12:21 - 2014-10-23 12:21 - 00000000 ____D () C:\Users\Bruja\AppData\Local\Microsoft_Corporation
2014-10-23 11:06 - 2014-10-28 09:25 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADMIN-PC-Bruja Admin-PC
2014-10-22 18:14 - 2014-10-27 09:38 - 00000000 ____D () C:\Users\64AIDA\AIDA64 4.70.3206
2014-10-22 18:14 - 2014-10-22 18:14 - 00000000 ____D () C:\Users\64AIDA
2014-10-17 16:38 - 2014-10-27 21:50 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-10-17 16:38 - 2014-10-17 16:38 - 00001023 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\SpeedFan.lnk
2014-10-17 16:38 - 2014-10-17 16:38 - 00001023 _____ () C:\Users\Bruja\Desktop\SpeedFan.lnk
2014-10-17 16:38 - 2014-10-17 16:38 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 16:38 - 2014-10-17 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 16:25 - 2014-10-17 16:25 - 02174848 _____ () C:\Users\Bruja\Downloads\instsf450.exe
2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-10-14 12:33 - 2014-10-17 16:38 - 00000045 _____ () C:\WINDOWS\SysWOW64\initdebug.nfo
2014-10-14 12:33 - 2014-10-14 12:33 - 08611804 _____ () C:\Users\Bruja\Downloads\installspeedfan.exe
2014-10-12 18:00 - 2014-10-12 18:01 - 29018696 _____ () C:\Users\Bruja\Downloads\Havel,-Václav---Audience-[P.-Landovský,-V.-Havel].rar
2014-09-30 20:01 - 2014-09-30 20:01 - 00001635 _____ () C:\Users\Bruja\Desktop\DivX Movies.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00001147 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00001082 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\DivX
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\Program Files\DivX
2014-09-30 20:00 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\DivX
2014-09-30 20:00 - 2014-09-30 20:01 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-09-30 19:58 - 2014-09-30 19:58 - 00995648 _____ (DivX, LLC) C:\Users\Bruja\Downloads\DivXInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 09:42 - 2013-12-18 20:39 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 09:42 - 2013-12-16 21:04 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 09:35 - 2013-12-16 21:20 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A15A15C8-979B-4C1E-A4D0-8B8F3F7AEBDE}
2014-10-28 09:19 - 2013-12-16 18:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1654460239-3175241736-2090887362-1001
2014-10-28 09:17 - 2013-12-17 22:39 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-28 09:14 - 2014-02-06 17:11 - 00000436 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-10-28 09:14 - 2013-12-16 21:04 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 09:14 - 2013-12-16 20:31 - 00000000 ___DO () C:\Users\Bruja\SkyDrive
2014-10-28 09:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-27 15:55 - 2013-11-14 13:39 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-27 15:55 - 2013-11-14 13:24 - 00738682 _____ () C:\WINDOWS\system32\perfh005.dat
2014-10-27 15:55 - 2013-11-14 13:24 - 00151404 _____ () C:\WINDOWS\system32\perfc005.dat
2014-10-27 13:16 - 2013-12-17 22:17 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Wise Care 365
2014-10-27 09:57 - 2014-02-28 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-27 09:56 - 2013-12-27 10:12 - 00004150 _____ () C:\Users\Bruja\Desktop\button.bmp
2014-10-27 08:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-26 19:22 - 2013-12-16 21:34 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Skype
2014-10-24 19:49 - 2013-12-16 23:55 - 00007670 _____ () C:\Users\Bruja\AppData\Local\resmon.resmoncfg
2014-10-24 16:22 - 2014-07-21 22:08 - 00000000 ____D () C:\Users\Public\Windows
2014-10-24 16:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-24 15:55 - 2013-12-17 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 21:30 - 2013-12-16 20:17 - 00000000 ____D () C:\Users\Bruja
2014-10-23 21:30 - 2013-08-22 14:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2014-10-23 20:33 - 2014-02-27 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-23 20:18 - 2014-01-01 18:10 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-10-23 20:17 - 2013-08-22 15:44 - 00482840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-23 18:43 - 2014-02-27 20:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-10-23 11:50 - 2014-02-28 18:23 - 00000000 ____D () C:\ProgramData\Origin
2014-10-23 09:37 - 2013-12-16 21:04 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 09:37 - 2013-12-16 21:04 - 00003714 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 08:52 - 2013-12-16 17:58 - 00000000 ____D () C:\Users\Bruja\AppData\Local\Packages
2014-10-16 14:48 - 2013-12-17 10:24 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-16 14:48 - 2013-12-17 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-16 14:48 - 2013-12-16 21:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-15 16:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
Some content of TEMP:
====================
C:\Users\Bruja\AppData\Local\Temp\sfamcc00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-23 09:49
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.88 GB) (Free:124.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Aplikace) (Fixed) (Total:122.5 GB) (Free:87.96 GB) NTFS
Drive g: (Data) (Fixed) (Total:1740.41 GB) (Free:1394.54 GB) NTFS
Available physical RAM: 6433.83 MB
Total physical RAM: 8154.55 MB
Percentage of memory in use: 21%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CC014F2C)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B08F7401)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=122.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1740.4 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Bruja\SkyDrive:ms-properties
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Bruja\Desktop" je 6 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by Bruja (administrator) on ADMIN-PC on 28-10-2014 09:42:51
Running from C:\Users\Bruja\Desktop
Loaded Profiles: Bruja & NeroMediaHomeUser.4 (Available profiles: Bruja & NeroMediaHomeUser.4)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) F:\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\Bruja\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-07] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nero MediaHome 4] => F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => F:\Quicktime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Nero MediaHome 4] => F:\Nero\Nero MediaHome 4\NeroMediaHome.exe [5179880 2012-12-20] (Nero AG)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4277384 2013-12-18] (Plex, Inc.)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [f.lux] => C:\Users\Bruja\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Windows] => C:\Users\Public\Windows\game.vbs [77 2014-06-30] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bruja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> F:\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-16]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://www.google.cz/", "", "", "hxxp://search.ividi.org/?src=tbhp&id=a2bae7a900000000000016700281c1f3&affilt=3", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 3&tsp=5244", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-12-18]
CHR Extension: (Prezentace Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-27]
CHR Extension: (Learn French - Très Bien) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2013-12-18]
CHR Extension: (Dokumenty Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-18]
CHR Extension: (Disk Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-18]
CHR Extension: (YouTube) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-18]
CHR Extension: (WGT Golf Challenge) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2013-12-18]
CHR Extension: (TV program) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkgjblbjpigonjpmblphnackhfigbo [2013-12-18]
CHR Extension: (LE Learn English Cloud) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\enchfibknakkckielldbocdhhioohhig [2013-12-18]
CHR Extension: (Tabulky Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-27]
CHR Extension: (Stopky / časovač) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2013-12-18]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-12-18]
CHR Extension: (Cycling the Alps) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh [2013-12-18]
CHR Extension: (Google Play) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-05-13]
CHR Extension: (France TV) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdalaljnckdncaeeaiocldameonmjod [2013-12-18]
CHR Extension: (ButtonBass Player Piano) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmkonkgohgomnnkaclbiammkcjenfdi [2013-12-18]
CHR Extension: (Mapy Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-18]
CHR Extension: (Francouzský slovník) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhkhjchchenblaemilhmkbdkkdkdchn [2014-05-13]
CHR Extension: (Peněženka Google) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-18]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-12-18]
CHR Extension: (Gmail) - C:\Users\Bruja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NeroMediaHomeService.4; F:\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-19] ()
S3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-10-23] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 PAC7302; C:\Windows\system32\DRIVERS\PAC7302.SYS [527360 2007-10-29] (PixArt Imaging Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 09:42 - 2014-10-28 09:43 - 00021466 _____ () C:\Users\Bruja\Desktop\FRST.txt
2014-10-28 09:42 - 2014-10-28 09:42 - 00000000 ____D () C:\FRST
2014-10-28 09:41 - 2014-10-28 09:41 - 00112640 _____ (forum.viry.cz) C:\Users\Bruja\Desktop\FRSTLauncher.exe
2014-10-28 09:28 - 2014-10-28 09:28 - 02113024 _____ (Farbar) C:\Users\Bruja\Desktop\FRST64.exe
2014-10-27 16:59 - 2014-10-27 16:59 - 00014679 _____ () C:\Users\Bruja\Documents\zoek-results.txt
2014-10-27 16:57 - 2014-10-27 16:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-10-27 16:39 - 2014-10-27 16:58 - 00014679 _____ () C:\zoek-results.log
2014-10-27 16:37 - 2014-10-27 16:37 - 04114148 _____ () C:\Users\Bruja\Downloads\zoek.zip
2014-10-27 16:37 - 2014-10-27 16:37 - 01290752 _____ () C:\Users\Bruja\Downloads\zoek.exe
2014-10-27 16:11 - 2014-10-27 16:11 - 00003584 ___SH () C:\Users\Bruja\Desktop\Thumbs.db
2014-10-27 15:51 - 2014-10-28 09:34 - 00085501 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-27 15:50 - 2014-10-27 16:58 - 00000668 _____ () C:\WINDOWS\PFRO.log
2014-10-27 11:44 - 2014-10-27 16:55 - 00000000 ____D () C:\zoek_backup
2014-10-27 11:25 - 2014-10-27 11:25 - 00012521 _____ () C:\Users\Bruja\Documents\Malware.txt
2014-10-27 10:35 - 2014-10-27 10:55 - 00000000 ____D () C:\AdwCleaner
2014-10-27 10:35 - 2014-10-27 10:35 - 01998336 _____ () C:\Users\Bruja\Downloads\adwcleaner_4.002.exe
2014-10-24 15:55 - 2014-10-28 09:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 15:55 - 2014-10-24 15:56 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 15:55 - 2014-10-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 15:55 - 2014-10-24 15:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 15:55 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-24 15:55 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-24 15:55 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-24 15:54 - 2014-10-24 15:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bruja\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-24 12:24 - 2014-10-26 18:51 - 00000000 ____D () C:\Program Files\trend micro
2014-10-24 12:24 - 2014-10-24 12:24 - 00000000 ____D () C:\rsit
2014-10-24 12:21 - 2014-10-24 12:21 - 01222144 _____ () C:\Users\Bruja\Desktop\RSITx64.exe
2014-10-24 09:41 - 2014-10-24 12:18 - 00597707 _____ () C:\spyhunter.fix
2014-10-24 09:41 - 2010-05-13 16:34 - 00014232 _____ () C:\WINDOWS\SysWOW64\sh4native.exe
2014-10-23 22:43 - 2014-10-23 22:49 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-10-23 21:10 - 2014-10-27 16:32 - 00000000 ____D () C:\sh4ldr
2014-10-23 21:10 - 2014-10-23 21:10 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
2014-10-23 21:10 - 2014-10-23 21:10 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-10-23 21:06 - 2014-10-23 22:11 - 00000000 ____D () C:\Users\SpyHunter\SpyHunter 4.17.6.4336+patch
2014-10-23 21:05 - 2014-10-23 21:06 - 00000000 ____D () C:\Users\SpyHunter
2014-10-23 21:04 - 2014-10-23 21:04 - 46454701 _____ () C:\Users\Bruja\Downloads\SpyHunter 4.17.6.4336+patch.rar
2014-10-23 20:45 - 2014-10-23 20:45 - 00002113 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\HijackThis.lnk
2014-10-23 20:45 - 2014-10-23 20:45 - 00002113 _____ () C:\Users\Bruja\Desktop\HijackThis.lnk
2014-10-23 20:45 - 2014-10-23 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
2014-10-23 20:45 - 2014-10-23 20:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-23 20:44 - 2014-10-23 20:44 - 00812344 _____ (Trend Micro Inc.) C:\Users\Bruja\Downloads\HJTInstall.exe
2014-10-23 20:43 - 2014-10-23 20:43 - 04321132 _____ (Swearware) C:\Users\Bruja\Downloads\Nepotvrzeno 464782.crdownload
2014-10-23 20:12 - 2014-10-23 20:12 - 01962496 _____ () C:\Users\Bruja\Downloads\AdwCleaner.exe
2014-10-23 19:34 - 2014-10-23 19:34 - 16638903 _____ () C:\Users\Bruja\Downloads\aida64extreme_build_3211_m4wrgf1cnu.zip
2014-10-23 19:18 - 2014-10-23 19:57 - 00000000 ____D () C:\ProgramData\Max Secure
2014-10-23 18:00 - 2014-10-23 18:00 - 00368256 _____ (RegNow.com) C:\Users\Bruja\Downloads\Download_MaxSDDMnew.exe
2014-10-23 17:18 - 2014-10-23 17:18 - 00000000 _____ () C:\autoexec.bat
2014-10-23 17:17 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-23 17:17 - 2014-10-23 18:43 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-10-23 17:16 - 2014-10-23 17:16 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Bruja\Downloads\SpyHunter-installer.exe
2014-10-23 12:21 - 2014-10-23 12:21 - 00000000 ____D () C:\Users\Bruja\AppData\Local\Microsoft_Corporation
2014-10-23 11:06 - 2014-10-28 09:25 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADMIN-PC-Bruja Admin-PC
2014-10-22 18:14 - 2014-10-27 09:38 - 00000000 ____D () C:\Users\64AIDA\AIDA64 4.70.3206
2014-10-22 18:14 - 2014-10-22 18:14 - 00000000 ____D () C:\Users\64AIDA
2014-10-17 16:38 - 2014-10-27 21:50 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-10-17 16:38 - 2014-10-17 16:38 - 00001023 _____ () C:\Users\NeroMediaHomeUser.4\Desktop\SpeedFan.lnk
2014-10-17 16:38 - 2014-10-17 16:38 - 00001023 _____ () C:\Users\Bruja\Desktop\SpeedFan.lnk
2014-10-17 16:38 - 2014-10-17 16:38 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 16:38 - 2014-10-17 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-10-17 16:25 - 2014-10-17 16:25 - 02174848 _____ () C:\Users\Bruja\Downloads\instsf450.exe
2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-10-14 12:33 - 2014-10-17 16:38 - 00000045 _____ () C:\WINDOWS\SysWOW64\initdebug.nfo
2014-10-14 12:33 - 2014-10-14 12:33 - 08611804 _____ () C:\Users\Bruja\Downloads\installspeedfan.exe
2014-10-12 18:00 - 2014-10-12 18:01 - 29018696 _____ () C:\Users\Bruja\Downloads\Havel,-Václav---Audience-[P.-Landovský,-V.-Havel].rar
2014-09-30 20:01 - 2014-09-30 20:01 - 00001635 _____ () C:\Users\Bruja\Desktop\DivX Movies.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00001147 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00001082 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\DivX
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-09-30 20:01 - 2014-09-30 20:01 - 00000000 ____D () C:\Program Files\DivX
2014-09-30 20:00 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\DivX
2014-09-30 20:00 - 2014-09-30 20:01 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-09-30 19:58 - 2014-09-30 19:58 - 00995648 _____ (DivX, LLC) C:\Users\Bruja\Downloads\DivXInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 09:42 - 2013-12-18 20:39 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-28 09:42 - 2013-12-16 21:04 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 09:35 - 2013-12-16 21:20 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A15A15C8-979B-4C1E-A4D0-8B8F3F7AEBDE}
2014-10-28 09:19 - 2013-12-16 18:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1654460239-3175241736-2090887362-1001
2014-10-28 09:17 - 2013-12-17 22:39 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-28 09:14 - 2014-02-06 17:11 - 00000436 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-10-28 09:14 - 2013-12-16 21:04 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 09:14 - 2013-12-16 20:31 - 00000000 ___DO () C:\Users\Bruja\SkyDrive
2014-10-28 09:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-27 15:55 - 2013-11-14 13:39 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-27 15:55 - 2013-11-14 13:24 - 00738682 _____ () C:\WINDOWS\system32\perfh005.dat
2014-10-27 15:55 - 2013-11-14 13:24 - 00151404 _____ () C:\WINDOWS\system32\perfc005.dat
2014-10-27 13:16 - 2013-12-17 22:17 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Wise Care 365
2014-10-27 09:57 - 2014-02-28 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-27 09:56 - 2013-12-27 10:12 - 00004150 _____ () C:\Users\Bruja\Desktop\button.bmp
2014-10-27 08:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-26 19:22 - 2013-12-16 21:34 - 00000000 ____D () C:\Users\Bruja\AppData\Roaming\Skype
2014-10-24 19:49 - 2013-12-16 23:55 - 00007670 _____ () C:\Users\Bruja\AppData\Local\resmon.resmoncfg
2014-10-24 16:22 - 2014-07-21 22:08 - 00000000 ____D () C:\Users\Public\Windows
2014-10-24 16:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-24 15:55 - 2013-12-17 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-23 21:30 - 2013-12-16 20:17 - 00000000 ____D () C:\Users\Bruja
2014-10-23 21:30 - 2013-08-22 14:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2014-10-23 20:33 - 2014-02-27 17:41 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-23 20:18 - 2014-01-01 18:10 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4
2014-10-23 20:17 - 2013-08-22 15:44 - 00482840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-23 18:43 - 2014-02-27 20:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-10-23 11:50 - 2014-02-28 18:23 - 00000000 ____D () C:\ProgramData\Origin
2014-10-23 09:37 - 2013-12-16 21:04 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 09:37 - 2013-12-16 21:04 - 00003714 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 08:52 - 2013-12-16 17:58 - 00000000 ____D () C:\Users\Bruja\AppData\Local\Packages
2014-10-16 14:48 - 2013-12-17 10:24 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-16 14:48 - 2013-12-17 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-16 14:48 - 2013-12-16 21:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-15 16:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
Some content of TEMP:
====================
C:\Users\Bruja\AppData\Local\Temp\sfamcc00001.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-23 09:49
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:232.88 GB) (Free:124.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Aplikace) (Fixed) (Total:122.5 GB) (Free:87.96 GB) NTFS
Drive g: (Data) (Fixed) (Total:1740.41 GB) (Free:1394.54 GB) NTFS
Available physical RAM: 6433.83 MB
Total physical RAM: 8154.55 MB
Percentage of memory in use: 21%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CC014F2C)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B08F7401)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=122.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1740.4 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Bruja\SkyDrive:ms-properties
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Bruja\Desktop" je 6 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.zip
- (9.25 KiB) Staženo 54 x
Re: Kontrola logu RSIT
Pro priste doporucuji vyhnout se warezu a crackovani "bezpecnostniho" SW vubec... Uz ze samotne logiky veci... To jsou vsichni producenti cracku tak dobrosrdecni, ze Vam zadarmo zpristupni SW, za ktery byste normalne museli platit? 
Spolehlivost a ucinnost Spyhuntera nedokazu posoudit, protoze byl kdysi oznacen za "rogue anti-spyware" a i v soucasne dobe se odmita ucastnit jakychkoliv srovnavacich testu.
Spolehlivost a ucinnost Spyhuntera nedokazu posoudit, protoze byl kdysi oznacen za "rogue anti-spyware" a i v soucasne dobe se odmita ucastnit jakychkoliv srovnavacich testu.
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho bole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu na Vas vyskoci fixlog, jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => F:\Quicktime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Windows] => C:\Users\Public\Windows\game.vbs [77 2014-06-30] () C:\Users\Public\Windows\game.vbs HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://www.google.cz/", "", "", "hxxp://search.ividi.org/?src=tbhp&id=a2bae7a900000000000016700281c1f3&affilt=3", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=9AD816700281C1F3&affID=128403&tsp=5244", "hxxp://www.default-search.net/?sid=476&aid=113&itype=n&ver=13072&tm=401&src=hmp", "hxxp://www.default-search.net/?sid=476&aid=113&itype=a&ver=13337&tm=401&src=hmp" S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-10-27 16:59 - 2014-10-27 16:59 - 00014679 _____ () C:\Users\Bruja\Documents\zoek-results.txt 2014-10-27 16:57 - 2014-10-27 16:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe 2014-10-27 16:39 - 2014-10-27 16:58 - 00014679 _____ () C:\zoek-results.log 2014-10-27 16:37 - 2014-10-27 16:37 - 04114148 _____ () C:\Users\Bruja\Downloads\zoek.zip 2014-10-27 16:37 - 2014-10-27 16:37 - 01290752 _____ () C:\Users\Bruja\Downloads\zoek.exe 2014-10-27 11:44 - 2014-10-27 16:55 - 00000000 ____D () C:\zoek_backup Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP C:\Program Files (x86)\Enigma Software Group C:\Program Files (x86)\Trend Micro C:\Program Files\Enigma Software Group C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter C:\Users\Bruja\AppData\Roaming\GetRightToGo C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe C:\Users\Bruja\Downloads\SpyHunter-installer.exe C:\sh4ldr\SpyHunter 4.17.6.4336+patch Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by Bruja at 2014-10-28 18:36:24 Run:1
Running from C:\Users\Bruja\Desktop
Loaded Profiles: Bruja & NeroMediaHomeUser.4 (Available profiles: Bruja & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => F:\Quicktime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Windows] => C:\Users\Public\Windows\game.vbs [77 2014-06-30] ()
C:\Users\Public\Windows\game.vbs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://www.google.cz/", "", "", "hxxp://search.ividi.org/?src=tbhp&id=a2bae7a900000000000016700281c1f3&affilt=3", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 3&tsp=5244", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp"
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-10-27 16:59 - 2014-10-27 16:59 - 00014679 _____ () C:\Users\Bruja\Documents\zoek-results.txt
2014-10-27 16:57 - 2014-10-27 16:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-10-27 16:39 - 2014-10-27 16:58 - 00014679 _____ () C:\zoek-results.log
2014-10-27 16:37 - 2014-10-27 16:37 - 04114148 _____ () C:\Users\Bruja\Downloads\zoek.zip
2014-10-27 16:37 - 2014-10-27 16:37 - 01290752 _____ () C:\Users\Bruja\Downloads\zoek.exe
2014-10-27 11:44 - 2014-10-27 16:55 - 00000000 ____D () C:\zoek_backup
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
C:\Program Files (x86)\Enigma Software Group
C:\Program Files (x86)\Trend Micro
C:\Program Files\Enigma Software Group
C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\Users\Bruja\AppData\Roaming\GetRightToGo
C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
C:\Users\Bruja\Downloads\SpyHunter-installer.exe
C:\sh4ldr\SpyHunter 4.17.6.4336+patch
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value deleted successfully.
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windows => value deleted successfully.
C:\Users\Public\Windows\game.vbs => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
Chrome StartupUrls deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Bruja\Documents\zoek-results.txt => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
"C:\zoek-results.log" => File/Directory not found.
C:\Users\Bruja\Downloads\zoek.zip => Moved successfully.
C:\Users\Bruja\Downloads\zoek.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP => Moved successfully.
"C:\Program Files (x86)\Enigma Software Group" => File/Directory not found.
C:\Program Files (x86)\Trend Micro => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
"C:\Users\Bruja\AppData\Roaming\GetRightToGo" => File/Directory not found.
C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe => Moved successfully.
C:\Users\Bruja\Downloads\SpyHunter-installer.exe => Moved successfully.
C:\sh4ldr\SpyHunter 4.17.6.4336+patch => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 95.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Ran by Bruja at 2014-10-28 18:36:24 Run:1
Running from C:\Users\Bruja\Desktop
Loaded Profiles: Bruja & NeroMediaHomeUser.4 (Available profiles: Bruja & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => F:\Quicktime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\...\Run: [Windows] => C:\Users\Public\Windows\game.vbs [77 2014-06-30] ()
C:\Users\Public\Windows\game.vbs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:Tabs
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://www.google.cz/", "", "", "hxxp://search.ividi.org/?src=tbhp&id=a2bae7a900000000000016700281c1f3&affilt=3", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 3&tsp=5244", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp", "hxxp://www.default-search.net/?sid=476&aid=113 ... 01&src=hmp"
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-10-27 16:59 - 2014-10-27 16:59 - 00014679 _____ () C:\Users\Bruja\Documents\zoek-results.txt
2014-10-27 16:57 - 2014-10-27 16:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-10-27 16:39 - 2014-10-27 16:58 - 00014679 _____ () C:\zoek-results.log
2014-10-27 16:37 - 2014-10-27 16:37 - 04114148 _____ () C:\Users\Bruja\Downloads\zoek.zip
2014-10-27 16:37 - 2014-10-27 16:37 - 01290752 _____ () C:\Users\Bruja\Downloads\zoek.exe
2014-10-27 11:44 - 2014-10-27 16:55 - 00000000 ____D () C:\zoek_backup
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
C:\Program Files (x86)\Enigma Software Group
C:\Program Files (x86)\Trend Micro
C:\Program Files\Enigma Software Group
C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\Users\Bruja\AppData\Roaming\GetRightToGo
C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe
C:\Users\Bruja\Downloads\SpyHunter-installer.exe
C:\sh4ldr\SpyHunter 4.17.6.4336+patch
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value deleted successfully.
HKU\S-1-5-21-1654460239-3175241736-2090887362-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windows => value deleted successfully.
C:\Users\Public\Windows\game.vbs => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
Chrome StartupUrls deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Bruja\Documents\zoek-results.txt => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
"C:\zoek-results.log" => File/Directory not found.
C:\Users\Bruja\Downloads\zoek.zip => Moved successfully.
C:\Users\Bruja\Downloads\zoek.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully.
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP => Moved successfully.
"C:\Program Files (x86)\Enigma Software Group" => File/Directory not found.
C:\Program Files (x86)\Trend Micro => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"C:\Users\Bruja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
"C:\Users\Bruja\AppData\Roaming\GetRightToGo" => File/Directory not found.
C:\Users\Bruja\Downloads\SpyHunter-Installer (1).exe => Moved successfully.
C:\Users\Bruja\Downloads\SpyHunter-installer.exe => Moved successfully.
C:\sh4ldr\SpyHunter 4.17.6.4336+patch => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 95.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Re: Kontrola logu RSIT
Vyborne, prozkousejte, jak se pocitac chova ted a pripadne zacneme uklizet
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
Zdravím,
4 hodiny to běží bez problému. Aplikace běží OK,rychle. Díky.
4 hodiny to běží bez problému. Aplikace běží OK,rychle. Díky.
Re: Kontrola logu RSIT
Takze jeste uklidime.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Kontrola logu RSIT
Ještě jednou díky.
Re: Kontrola logu RSIT
Nemate zac, rad jsem pomohl 
Mejte se
Mejte se
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?