BSOD+ preventivka

[Sharp2448]

Dobrý den,
notebook při otevření druhého IE hodí modrou smrt. IE nepoužívám, nicméně mi jde o princip. Plus je notebook zasekaný adwarem atd. Prosím tedy o kontrolu logu. Předem děkuji.
Log :Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Jakub (administrator) on JAKUB-PC on 26-01-2015 15:02:36
Running from C:\Users\Jakub\Desktop
Loaded Profiles: Jakub (Available profiles: Jakub)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Jakub\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-01] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-01] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\...\MountPoints2: {97753a90-e960-11e1-95e7-dc0ea17c5163} - E:\Startme.exe
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\...\MountPoints2: {f4765f50-43c4-11e3-85e3-642737c96551} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
Startup: C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jakub\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
CHR HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
HKU\S-1-5-21-2017284755-3313803415-3664733460-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> 03725581CBD0DDD8C752ED9E6928A7BB URL = http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> 991F257F3678701F01160E5FD3362F4B URL = http://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> C43E571C2BAEACC5204D2E6CAD53DC3B URL = http://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> FF27550DD0C13A48BC343F49297C0CA2 URL = http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2017284755-3313803415-3664733460-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default
FF NewTab: yafd:tabs
FF SelectedSearchEngine: Seznam
FF Homepage: hxxp://www.seznam.cz/?clid=6826
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\user.js
FF SearchPlugin: C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\searchplugins\yqs-barff-yandex.xml
FF Extension: Візуальныя закладкі - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\Extensions\vb@yandex.ru [2015-01-26]
FF Extension: Кампанент "Элементы Яндекса" - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\Extensions\yasearch@yandex.ru [2015-01-26]

Chrome:
=======
CHR Profile: C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/?clid=6826"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-22] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiDCM; C:\Program Files\ATI\CIM\Bin64\atdcm64a.sys [26752 2011-11-02] (Advanced Micro Devices, Inc.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-09-22] (AVG Technologies)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:02 - 2015-01-26 15:04 - 00017732 _____ () C:\Users\Jakub\Desktop\FRST.txt
2015-01-26 15:01 - 2015-01-26 15:01 - 00029696 _____ () C:\Users\Jakub\AppData\Local\MSGBOX.EXE
2015-01-26 15:01 - 2015-01-26 15:01 - 00015327 _____ () C:\Users\Jakub\Desktop\LM.bat
2015-01-26 14:59 - 2015-01-26 14:59 - 00000000 ____D () C:\Users\Jakub\AppData\Local\AVG Secure Search
2015-01-26 14:58 - 2015-01-26 14:58 - 00000056 _____ () C:\windows\setupact.log
2015-01-26 14:58 - 2015-01-26 14:58 - 00000000 _____ () C:\windows\setuperr.log
2015-01-26 14:57 - 2015-01-26 14:58 - 00015220 _____ () C:\windows\PFRO.log
2015-01-26 14:51 - 2015-01-26 15:02 - 00000000 ____D () C:\FRST
2015-01-26 14:44 - 2015-01-26 14:59 - 00006144 ___SH () C:\Users\Jakub\Desktop\Thumbs.db
2015-01-26 14:40 - 2015-01-26 14:40 - 00007598 _____ () C:\Users\Jakub\AppData\Local\Resmon.ResmonCfg
2015-01-26 13:58 - 2015-01-26 13:58 - 00167282 _____ () C:\Users\Jakub\Desktop\cc_20150126_135821.reg
2015-01-26 13:48 - 2015-01-26 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 13:47 - 2015-01-26 13:47 - 02129920 _____ (Farbar) C:\Users\Jakub\Desktop\FRST64.exe
2015-01-26 13:44 - 2015-01-26 13:44 - 00000931 _____ () C:\Users\Jakub\Desktop\µTorrent.lnk
2015-01-26 13:44 - 2015-01-26 13:44 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-01-26 13:18 - 2015-01-26 13:18 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-26 13:18 - 2015-01-26 13:18 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 13:18 - 2015-01-26 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 13:18 - 2015-01-26 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 14:33 - 2015-01-25 14:33 - 03539632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-21 14:57 - 2015-01-26 14:59 - 00029962 _____ () C:\FaceProv.log
2015-01-21 14:05 - 2015-01-21 14:05 - 00000000 ____D () C:\Users\Jakub\Documents\iobit_toolbox
2015-01-15 10:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-15 10:56 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-15 10:56 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-15 10:56 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-15 10:56 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-15 10:56 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-15 10:55 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-15 10:55 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-15 10:55 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-15 10:55 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-15 10:55 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-15 10:55 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-15 10:55 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-12 22:15 - 2015-01-12 18:58 - 00157967 _____ () C:\Users\Jakub\Desktop\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS.srt
2015-01-12 22:13 - 2015-01-12 22:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-01-12 22:13 - 2015-01-12 22:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-01-12 22:11 - 2015-01-12 18:57 - 3236748630 ____R () C:\Users\Jakub\Desktop\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:04 - 2012-02-01 21:47 - 01737575 _____ () C:\windows\WindowsUpdate.log
2015-01-26 15:00 - 2014-11-25 14:09 - 00000000 ___RD () C:\Users\Jakub\Dropbox
2015-01-26 15:00 - 2014-04-11 13:34 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Dropbox
2015-01-26 14:59 - 2012-02-01 22:44 - 00144303 _____ () C:\windows\system32\fastboot.set
2015-01-26 14:58 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 14:57 - 2014-09-14 15:16 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-26 14:57 - 2014-09-14 15:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 14:55 - 2014-09-14 15:16 - 00000000 ___HD () C:\$AVG
2015-01-26 14:50 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 14:50 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 14:47 - 2012-02-01 13:34 - 00682194 _____ () C:\windows\system32\perfh005.dat
2015-01-26 14:47 - 2012-02-01 13:34 - 00146350 _____ () C:\windows\system32\perfc005.dat
2015-01-26 14:47 - 2009-07-14 06:13 - 01612700 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-26 14:43 - 2014-02-19 12:56 - 00000000 ____D () C:\Users\Jakub\Desktop\oblečení
2015-01-26 14:43 - 2013-12-28 16:52 - 00000000 ____D () C:\Users\Jakub\Desktop\škola
2015-01-26 14:42 - 2014-10-23 18:30 - 00000000 ____D () C:\Users\Jakub\Desktop\Italie Řím
2015-01-26 14:10 - 2012-06-20 16:15 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 13:59 - 2014-11-03 22:28 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Yandex
2015-01-26 13:53 - 2014-04-25 18:14 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\uTorrent
2015-01-26 13:53 - 2013-10-30 07:01 - 00000000 ____D () C:\windows\Minidump
2015-01-26 13:53 - 2012-09-08 13:19 - 00000000 ____D () C:\Users\Jakub\AppData\Local\CrashDumps
2015-01-26 13:49 - 2014-02-16 15:24 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 13:48 - 2014-02-16 15:24 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-25 14:34 - 2012-06-20 16:15 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 14:34 - 2012-06-20 16:15 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 14:34 - 2012-06-20 16:15 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 13:23 - 2013-10-26 11:34 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{22F63631-329E-4A2F-8597-C24D8F6992ED}
2015-01-21 14:23 - 2013-01-02 15:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 14:23 - 2012-02-01 22:43 - 00000000 ____D () C:\ProgramData\Partner
2015-01-21 14:23 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-21 14:22 - 2014-09-22 12:37 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-01-21 14:22 - 2012-07-22 13:18 - 00000000 ____D () C:\Users\Jakub\Documents\Youcam
2015-01-21 14:22 - 2012-06-20 16:16 - 00000000 ____D () C:\ProgramData\Skype
2015-01-21 13:50 - 2012-02-01 22:36 - 00000000 ____D () C:\ProgramData\VeriFace
2015-01-21 13:50 - 2009-07-14 06:08 - 00032634 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-19 23:19 - 2012-06-26 21:21 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\vlc
2015-01-15 11:01 - 2013-07-10 20:52 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 10:42 - 2012-06-20 12:34 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-31 20:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache

==================== Files in the root of some directories =======

2015-01-26 15:01 - 2015-01-26 15:01 - 0029696 _____ () C:\Users\Jakub\AppData\Local\MSGBOX.EXE
2015-01-26 14:40 - 2015-01-26 14:40 - 0007598 _____ () C:\Users\Jakub\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Jakub\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyywrn.dll
C:\Users\Jakub\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 15:22

==================== End Of Log ============================

[Roli]

Zdravím, v první řadě přes Odebrat programy nebo CCleaner níže odinstaluj vše od AVG a McAfee.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !

[Sharp2448]

Adwcleaner log:
# AdwCleaner v4.109 - Report created 27/01/2015 at 18:16:45
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jakub - JAKUB-PC
# Running from : C:\Users\Jakub\Desktop\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Jakub\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jakub\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\Extensions\yasearch@yandex.ru
Folder Deleted : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\Extensions\vb@yandex.ru
File Deleted : C:\END
File Deleted : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\user.js
File Deleted : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\searchplugins\yqs-barff-yandex.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v35.0 (x86 cs)

[jtdzxk9i.default\prefs.js] - Line Deleted : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on the one of the mini webpages to visit a site. You can customize the n[...]

-\\ Google Chrome v


-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [5142 octets] - [27/01/2015 18:14:00]
AdwCleaner[S0].txt - [4722 octets] - [27/01/2015 18:16:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4782 octets] ##########


Mbam log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.1.2015
Scan Time: 18:27:54
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.27.07
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jakub

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 495803
Time Elapsed: 2 hr, 15 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Jakub\AppData\Roaming\uTorrent\updates\3.4.0_30596.exe, , [aab936c6078275c1c5d53ed352b3dd23],

Physical Sectors: 0
(No malicious items detected)


(end)

[Roli]

To co Mbam našel nech smazat.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Sharp2448]

ComboFix 15-01-27.01 - Jakub 27.01.2015 23:41:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4040.2419 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jakub\AppData\Local\Msgbox.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-27 do 2015-01-27 )))))))))))))))))))))))))))))))
.
.
2015-01-27 22:46 . 2015-01-27 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-27 22:25 . 2015-01-27 22:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B45B6B-33F9-4809-B9F0-5B76018867CF}\offreg.dll
2015-01-27 22:25 . 2015-01-27 22:25 -------- d-----w- c:\program files (x86)\raselmobilesoftware
2015-01-27 17:22 . 2015-01-27 22:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\programdata\Malwarebytes
2015-01-27 17:21 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-27 17:21 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-27 17:21 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-27 17:09 . 2015-01-27 17:16 -------- d-----w- C:\AdwCleaner
2015-01-27 13:14 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B45B6B-33F9-4809-B9F0-5B76018867CF}\mpengine.dll
2015-01-26 14:44 . 2015-01-26 14:44 -------- d-----w- c:\users\Jakub\AppData\Local\Macromedia
2015-01-26 14:21 . 2015-01-26 14:21 -------- d-----w- c:\program files\WinRAR
2015-01-26 13:51 . 2015-01-26 14:05 -------- d-----w- C:\FRST
2015-01-26 12:18 . 2015-01-26 12:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-01-25 13:33 . 2015-01-26 15:12 4070576 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-15 09:56 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-15 09:56 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-15 09:56 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-15 09:56 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-15 09:56 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-15 09:56 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-15 09:55 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-15 09:55 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 09:55 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 09:55 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-15 09:55 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-15 09:55 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-15 09:55 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-12 21:13 . 2015-01-12 21:13 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-26 15:12 . 2012-06-20 15:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-26 15:12 . 2012-06-20 15:15 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 09:42 . 2012-06-20 11:34 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 14:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 14:09 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 08:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 08:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 08:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 08:50 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 08:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 08:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 08:50 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 08:50 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 08:49 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 08:48 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 08:49 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 08:49 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 08:48 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 08:48 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 08:49 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 08:48 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 08:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 08:48 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 08:49 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 08:48 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 08:49 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 08:48 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 08:48 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 08:49 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 08:48 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 08:49 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 08:49 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 08:48 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 08:48 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 08:48 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 08:49 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 08:49 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 08:48 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 08:49 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 08:49 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 08:49 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 08:48 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 08:48 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 08:48 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 08:48 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 08:49 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 08:48 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 08:48 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 08:49 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 08:48 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 08:49 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 08:48 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 08:48 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-11 08:49 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 09:43 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 09:43 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 08:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 09:43 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 09:43 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 08:49 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 08:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 08:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-11 08:48 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-11 08:48 155136 ----a-w- c:\windows\SysWow64\charmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-02 343168]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jakub\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiDCM;AtiDCM;c:\program files\ATI\CIM\Bin64\atdcm64a.sys;c:\program files\ATI\CIM\Bin64\atdcm64a.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-01 21:36 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-01 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-01 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-01 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=6826
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-01-27 23:48:52
ComboFix-quarantined-files.txt 2015-01-27 22:48
.
Před spuštěním: Volných bajtů: 324 108 115 968
Po spuštění: Volných bajtů: 323 802 132 480
.
- - End Of File - - E7FF3DD8D11EDC6C2DF87A7D05C78D45

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::  
c:\windows\system32\drivers\avgtpx64.sys
c:\windows\SYSNATIVE\drivers\avgtpx64.sys

Driver::
avgtp

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Sharp2448]

ComboFix 15-01-28.01 - Jakub 28.01.2015 23:46:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4040.2609 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGTP
-------\Service_avgtp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-28 do 2015-01-28 )))))))))))))))))))))))))))))))
.
.
2015-01-28 22:57 . 2015-01-28 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-27 22:25 . 2015-01-27 23:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B45B6B-33F9-4809-B9F0-5B76018867CF}\offreg.dll
2015-01-27 22:25 . 2015-01-27 22:25 -------- d-----w- c:\program files (x86)\raselmobilesoftware
2015-01-27 17:22 . 2015-01-28 23:01 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-27 17:21 . 2015-01-27 17:21 -------- d-----w- c:\programdata\Malwarebytes
2015-01-27 17:21 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-27 17:21 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-27 17:21 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-27 17:09 . 2015-01-27 17:16 -------- d-----w- C:\AdwCleaner
2015-01-27 13:14 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B45B6B-33F9-4809-B9F0-5B76018867CF}\mpengine.dll
2015-01-26 14:44 . 2015-01-26 14:44 -------- d-----w- c:\users\Jakub\AppData\Local\Macromedia
2015-01-26 14:21 . 2015-01-26 14:21 -------- d-----w- c:\program files\WinRAR
2015-01-26 13:51 . 2015-01-26 14:05 -------- d-----w- C:\FRST
2015-01-26 12:18 . 2015-01-28 22:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-01-25 13:33 . 2015-01-26 15:12 4070576 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-15 09:56 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-15 09:56 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-15 09:56 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-15 09:56 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-15 09:56 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-15 09:56 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-15 09:55 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-15 09:55 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 09:55 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 09:55 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-15 09:55 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-15 09:55 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-15 09:55 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-12 21:13 . 2015-01-12 21:13 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 15:13 . 2014-10-25 07:21 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-26 15:12 . 2012-06-20 15:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-26 15:12 . 2012-06-20 15:15 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 09:42 . 2012-06-20 11:34 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 14:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 14:09 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 08:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 08:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 08:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 08:50 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 08:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 08:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 08:50 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 08:50 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 08:49 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 08:48 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 08:49 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 08:49 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 08:48 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 08:48 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 08:49 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 08:48 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 08:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 08:48 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 08:49 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 08:48 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 08:49 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 08:48 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 08:48 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 08:49 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 08:48 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 08:49 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 08:49 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 08:48 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 08:48 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 08:48 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 08:49 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 08:49 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 08:48 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 08:49 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 08:49 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 08:49 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 08:48 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 08:48 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 08:48 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 08:48 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 08:49 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 08:48 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 08:48 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 08:49 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 08:48 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 08:49 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 08:48 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 08:48 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-11 08:49 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 09:43 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 09:43 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 08:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 09:43 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 09:43 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 08:49 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 08:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 08:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-02 343168]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
.
c:\users\Jakub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jakub\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiDCM;AtiDCM;c:\program files\ATI\CIM\Bin64\atdcm64a.sys;c:\program files\ATI\CIM\Bin64\atdcm64a.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys;c:\windows\SYSNATIVE\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 15:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Jakub\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-01 21:36 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-01 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-01 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-01 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = http://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\jtdzxk9i.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/?clid=6826
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-01-29 00:12:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-28 23:12
ComboFix2.txt 2015-01-27 22:48
.
Před spuštěním: Volných bajtů: 321 586 192 384
Po spuštění: Volných bajtů: 321 857 576 960
.
- - End Of File - - 3CF917D67139F1886E11524F84752B3A

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.