Facebook hlásí malware v Google Chrome

[Márty84]

To nebylo uplne podle navodu, ale aspon tak


Napiste mi velikost adresare plochy (C:\Users\DNX\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U2 SeaPort; No ImagePath
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-10 107848]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-10 107848]

2015-03-11 12:05 - 2012-07-16 18:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-08 19:55 - 2012-07-16 18:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[Dynax]

Nebylo to zcela podle návodu - FRST launcher se mi vůbec nepodařilo spustit ..
velikost plochy - 76,7 kB (snad je to ono)

[Dynax]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by DNX at 2015-03-13 06:03:34 Run:1
Running from C:\Users\DNX\Desktop
Loaded Profiles: UpdatusUser & DNX & postgres (Available profiles: UpdatusUser & DNX & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)

SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox

FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File

R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U2 SeaPort; No ImagePath
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-10 107848]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-10 107848]

2015-03-11 12:05 - 2012-07-16 18:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-08 19:55 - 2012-07-16 18:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => Value not found.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
cpuz136 => Service stopped successfully.
cpuz136 => Service deleted successfully.
SeaPort => Service deleted successfully.
SDScannerService => Service not found.
SDUpdateService => Service not found.
SDWSCService => Service not found.
gupdate => Service deleted successfully.
AdobeARMservice => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
gupdatem => Service deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 196.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 06:04:50 ====

[Márty84]

velikost plochy - 76,7 kB (snad je to ono)

To se mi moc nezda. Podle logu mate na plose napriklad FRST a jen to ma 2MB. Takze to vase cislo asi spravne nebude



Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[Dynax]

Tak nevím, vše je provedeno dle pokynů, ale hláška o malwaru, která už tam nebyla, se zase objevuje ..

[Dynax]

a dokonce i v Exploreru, který dříve nic takového nehlásil ..

[Márty84]

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Dynax]

ComboFix 15-03-09.01 - DNX 14.03.2015 11:44:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3996.2109 [GMT 1:00]
Spuštěný z: c:\users\DNX\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-14 do 2015-03-14 )))))))))))))))))))))))))))))))
.
.
2015-03-14 09:16 . 2015-03-14 09:16 -------- d-----w- c:\users\DNX\AppData\Roaming\AVG2015
2015-03-14 09:11 . 2015-03-14 09:11 -------- d-----w- C:\$AVG
2015-03-14 09:08 . 2015-03-14 09:08 -------- d-----w- c:\program files (x86)\AVG
2015-03-14 09:08 . 2015-02-16 04:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55D86E28-7905-4722-81A7-8F53C75B997F}\mpengine.dll
2015-03-14 09:06 . 2015-03-14 09:16 -------- d-----w- c:\users\DNX\AppData\Local\Avg2015
2015-03-13 11:07 . 2015-03-13 11:08 -------- d-----w- c:\program files\Defraggler
2015-03-13 10:49 . 2015-03-13 10:49 -------- d-----w- c:\program files\CCleaner
2015-03-11 12:28 . 2015-03-11 11:26 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-11 12:28 . 2015-03-14 10:53 -------- d-----w- c:\users\DNX\AppData\Local\Temp
2015-03-11 10:58 . 2015-03-11 10:58 -------- d-----w- c:\program files\trend micro
2015-03-11 09:51 . 2015-03-11 09:51 -------- d-----w- c:\program files (x86)\trend micro
2015-03-10 12:25 . 2015-03-14 09:19 -------- d-----w- c:\programdata\MFAData
2015-03-10 12:25 . 2015-03-10 12:25 -------- d-----w- c:\users\DNX\AppData\Local\MFAData
2015-03-09 14:45 . 2015-03-13 10:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 14:42 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-09 14:42 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 14:42 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-09 14:42 . 2015-03-09 14:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-09 14:42 . 2015-03-09 14:42 -------- d-----w- c:\programdata\Malwarebytes
2015-03-09 13:21 . 2015-03-09 13:21 -------- d-----w- c:\users\DNX\AppData\Local\ESET
2015-03-08 18:49 . 2015-03-08 18:49 -------- d-----w- c:\users\DNX\AppData\Local\Apps
2015-03-08 18:49 . 2015-03-10 11:59 -------- d-----w- c:\users\DNX\AppData\Local\Deployment
2015-03-08 18:42 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-08 18:42 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-08 18:42 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-08 18:40 . 2015-03-08 18:40 -------- d-----w- c:\programdata\AVG
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieUserList
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieSiteList
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieBrowserModeList
2015-02-25 16:37 . 2015-02-25 16:37 284128 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-02-24 15:46 . 2015-02-24 15:46 280544 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-02-17 16:59 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-13 08:19 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 08:19 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 08:19 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 08:19 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-11 21:14 . 2012-07-22 02:40 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:46 . 2013-11-11 18:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:46 . 2013-11-11 18:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 09:27 . 2015-02-05 09:27 133088 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-02-04 03:16 . 2015-02-11 17:18 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 17:18 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 17:18 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 17:18 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 17:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 17:18 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 17:18 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-02-03 09:47 . 2015-02-03 09:47 341472 ----a-w- c:\windows\system32\drivers\avgloga.sys
2015-01-27 23:36 . 2015-02-11 17:18 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-15 08:14 . 2015-02-11 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-11 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-11 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-11 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-11 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-11 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-11 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-11 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-11 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-11 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-11 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-11 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-11 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-11 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-11 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-11 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-11 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-11 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-11 17:14 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-11 17:14 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-11 17:14 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-11 17:14 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-11 17:17 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-11 17:14 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-11 17:14 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-11 17:14 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-11 17:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-11 17:15 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-11 17:17 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-11 17:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-11 17:17 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-11 17:17 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-11 17:17 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-11 17:17 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-11 17:17 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-11 17:17 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-11 17:17 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-11 17:17 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-11 17:17 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-11 17:17 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-11 17:17 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:25 . 2015-02-11 17:17 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-11 17:17 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-11 17:17 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-11 17:17 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-11 17:17 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-11 17:17 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-11 17:17 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-11 17:17 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-11 17:17 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-11 17:17 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-11 17:17 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-11 17:17 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:48 . 2015-02-11 17:17 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-11 17:17 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-11 17:17 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-11 17:17 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-11 17:17 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-11 17:17 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27 . 2015-02-11 17:17 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-11 17:17 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-11 17:17 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-11 17:17 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-11 17:17 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-11 17:17 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-11 17:18 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-11 17:18 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-11 17:18 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-11 17:18 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-11 17:18 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-11 17:18 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-11 17:18 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-11 17:18 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-11 17:18 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-11 17:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-11 17:18 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-11 17:18 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-11 17:18 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-11 17:18 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-11 17:13 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 06:54 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 06:54 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2012-01-08 35328]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-03-06 3723728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R3 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AVGDISKA
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSHA
*NewlyCreated* - AVGLDX64
*NewlyCreated* - AVGLOGA
*NewlyCreated* - AVGMFX64
*NewlyCreated* - AVGRKX64
*NewlyCreated* - AVGTDIA
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-13 10:43 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-04-18 02:52 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-02 440600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-09 792224]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-09 657568]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-04-18 206176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-02 398616]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-04-18 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-04-18 6199128]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = https://www.facebook.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.165.145.12 193.165.254.9
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-03-14 11:57:58
ComboFix-quarantined-files.txt 2015-03-14 10:57
.
Před spuštěním: Volných bajtů: 430 951 071 744
Po spuštění: Volných bajtů: 430 765 477 888
.
- - End Of File - - 3692D5ECDD377271EBB7F7E78F190812

[Márty84]

Vymazte body obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 a funkci nechte vypnutou.

Odinstalujte Chrome a vycistete pc CClenarem.

Znovu pouzijte ADWClenaner, Junkware a Zoek.

Nainstalujte Chrome a vyzkousejte, jestli hlaska vyskakuje.

[Dynax]

pořád stejná hláška ..

[Márty84]

Dejte novy log z FRST

[Dynax]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by DNX (administrator) on DNX-HOME on 14-03-2015 20:06:45
Running from C:\Users\DNX\Desktop
Loaded Profiles: UpdatusUser & DNX & postgres (Available profiles: UpdatusUser & DNX & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NirSoft) C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(forum.viry.cz) C:\Users\DNX\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [792224 2012-02-09] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2012-02-09] (Atheros Commnucations)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-04-18] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-04-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2012-04-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Soluto] => c:\program files\soluto\soluto.exe [1229296 2013-01-10] (Soluto)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-26] ( )
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2924762042-3179784317-2054659428-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [$Volumouse$] => C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe [35328 2012-01-08] (NirSoft)
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-09] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 193.165.145.12 193.165.254.9

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (YouTube) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (Google Search) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Google Sheets) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-14]
CHR Extension: (Gmail) - C:\Users\DNX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-09] (Atheros Commnucations) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-02-13] (Lenovo (Beijing) Limited)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed]
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183280 2013-01-10] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-10] (Soluto) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-09] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-25] (AVG Technologies)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 20:06 - 2015-03-14 20:07 - 00017449 _____ () C:\Users\DNX\Desktop\FRST.txt
2015-03-14 20:05 - 2015-03-14 20:06 - 00000000 ____D () C:\FRST
2015-03-14 20:03 - 2015-03-14 20:03 - 02095616 _____ (Farbar) C:\Users\DNX\Desktop\FRST64.exe
2015-03-14 20:03 - 2015-03-14 20:03 - 00112640 _____ (forum.viry.cz) C:\Users\DNX\Desktop\FRSTLauncher.exe
2015-03-14 17:45 - 2015-03-14 17:45 - 01388333 _____ (Thisisu) C:\Users\DNX\Downloads\JRT (1).exe
2015-03-14 17:44 - 2015-03-14 17:45 - 01388333 _____ (Thisisu) C:\Users\DNX\Downloads\JRT.exe
2015-03-14 15:55 - 2015-03-14 20:07 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 15:55 - 2015-03-14 16:07 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 15:55 - 2015-03-14 16:02 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-14 15:55 - 2015-03-14 16:02 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-14 15:55 - 2015-03-14 15:55 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-14 15:54 - 2015-03-14 15:54 - 00895120 _____ (Google Inc.) C:\Users\DNX\Downloads\ChromeSetup.exe
2015-03-14 15:50 - 2015-03-14 15:50 - 00005228 _____ () C:\Users\DNX\Downloads\zoek-results1.txt
2015-03-14 15:49 - 2015-03-14 15:49 - 00000328 _____ () C:\Windows\PFRO.log
2015-03-14 15:48 - 2015-03-14 15:12 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-14 15:16 - 2015-03-14 14:28 - 00005121 _____ () C:\zoek-results2015-03-14-132818.log
2015-03-14 15:10 - 2015-03-14 15:10 - 00000629 _____ () C:\Users\DNX\Desktop\JRT.txt
2015-03-14 15:00 - 2015-03-14 15:49 - 00000112 _____ () C:\Windows\setupact.log
2015-03-14 15:00 - 2015-03-14 15:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-14 14:29 - 2015-03-14 14:29 - 00005121 _____ () C:\Users\DNX\Downloads\zoek-results.txt
2015-03-14 13:53 - 2015-03-14 15:50 - 00005228 _____ () C:\zoek-results.log
2015-03-14 13:50 - 2015-03-14 14:21 - 00000000 ____D () C:\zoek_backup
2015-03-14 13:49 - 2015-03-14 13:49 - 00000629 _____ () C:\Users\DNX\Downloads\JRT.txt
2015-03-14 13:41 - 2015-03-14 13:41 - 00000772 _____ () C:\Users\DNX\Downloads\AdwCleaner[S0].txt
2015-03-14 13:35 - 2015-03-14 14:59 - 00000000 ____D () C:\AdwCleaner
2015-03-14 13:33 - 2015-03-14 13:33 - 01305600 _____ () C:\Users\DNX\Desktop\zoek.exe
2015-03-14 13:31 - 2015-03-14 13:31 - 01388333 _____ (Thisisu) C:\Users\DNX\Desktop\JRT.exe
2015-03-14 13:30 - 2015-03-14 13:30 - 02171392 _____ () C:\Users\DNX\Desktop\adwcleaner_4.112.exe
2015-03-14 13:26 - 2015-03-14 13:26 - 00009420 _____ () C:\Users\DNX\Downloads\nemazat-zaloha-registru-cc_20150314_132600.reg
2015-03-14 12:49 - 2015-03-14 12:49 - 00000017 _____ () C:\Users\DNX\AppData\Local\resmon.resmoncfg
2015-03-14 11:57 - 2015-03-14 11:57 - 00030623 _____ () C:\ComboFix.txt
2015-03-14 11:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-14 11:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-14 11:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-14 11:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-14 11:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-14 11:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-14 11:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-14 11:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-14 11:41 - 2015-03-14 11:58 - 00000000 ____D () C:\Qoobox
2015-03-14 11:41 - 2015-03-14 11:58 - 00000000 ____D () C:\ComboFix
2015-03-14 11:41 - 2015-03-14 11:55 - 00000000 ____D () C:\Windows\erdnt
2015-03-14 10:54 - 2015-03-14 10:55 - 05613296 ____R (Swearware) C:\Users\DNX\Desktop\ComboFix.exe
2015-03-14 10:16 - 2015-03-14 10:16 - 00000000 ____D () C:\Users\DNX\AppData\Roaming\AVG2015
2015-03-14 10:14 - 2015-03-14 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-14 10:11 - 2015-03-14 10:15 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-14 10:11 - 2015-03-14 10:11 - 00000000 ____D () C:\$AVG
2015-03-14 10:08 - 2015-03-14 10:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-14 10:06 - 2015-03-14 16:55 - 00000000 ____D () C:\Users\DNX\AppData\Local\Avg2015
2015-03-13 15:28 - 2015-03-14 20:00 - 00023754 _____ () C:\FaceProv.log
2015-03-13 12:07 - 2015-03-13 12:08 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-13 12:07 - 2015-03-13 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-03-13 11:57 - 2015-03-13 12:02 - 00172188 _____ () C:\Users\DNX\Downloads\nemazat-zaloha-registru-cc_20150313_115741.reg
2015-03-13 11:49 - 2015-03-13 11:49 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-13 11:49 - 2015-03-13 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-13 11:49 - 2015-03-13 11:49 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-13 11:44 - 2015-03-13 11:45 - 00000709 _____ () C:\DelFix.txt
2015-03-11 11:58 - 2015-03-11 11:58 - 00000000 ____D () C:\Program Files\trend micro
2015-03-11 10:51 - 2015-03-11 10:51 - 00000000 ____D () C:\Program Files (x86)\trend micro
2015-03-10 13:25 - 2015-03-14 10:19 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-10 13:25 - 2015-03-10 13:25 - 00000000 ____D () C:\Users\DNX\AppData\Local\MFAData
2015-03-09 15:45 - 2015-03-14 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 15:42 - 2015-03-09 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 15:42 - 2015-03-09 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 15:42 - 2015-03-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-09 15:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 15:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 15:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 14:21 - 2015-03-09 14:21 - 00000000 ____D () C:\Users\DNX\AppData\Roaming\ESET
2015-03-09 14:21 - 2015-03-09 14:21 - 00000000 ____D () C:\Users\DNX\AppData\Local\ESET
2015-03-09 07:29 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-09 07:29 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-08 20:02 - 2015-03-08 20:02 - 00002950 _____ () C:\Windows\System32\Tasks\{8719F8C7-2AB9-4769-839A-3992837B910A}
2015-03-08 20:00 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150308-200011.backup
2015-03-08 19:49 - 2015-03-14 14:33 - 00000000 ____D () C:\Users\DNX\AppData\Local\Deployment
2015-03-08 19:49 - 2015-03-14 14:32 - 00000000 ____D () C:\Users\DNX\AppData\Local\Apps\2.0
2015-03-08 19:42 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-08 19:42 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-08 19:42 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-08 19:40 - 2015-03-08 19:40 - 00000000 ____D () C:\ProgramData\AVG
2015-03-08 19:24 - 2015-03-08 19:24 - 00000000 __SHD () C:\Users\DNX\AppData\Local\EmieUserList
2015-03-08 19:24 - 2015-03-08 19:24 - 00000000 __SHD () C:\Users\DNX\AppData\Local\EmieSiteList
2015-03-08 19:24 - 2015-03-08 19:24 - 00000000 __SHD () C:\Users\DNX\AppData\Local\EmieBrowserModeList
2015-02-25 17:37 - 2015-02-25 17:37 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-02-24 16:46 - 2015-02-24 16:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-02-17 17:59 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-13 09:19 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 09:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 09:19 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 09:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-14 20:05 - 2012-04-18 03:04 - 01653078 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 20:00 - 2012-07-17 00:35 - 00000000 ____D () C:\Users\DNX\Documents\Bluetooth Folder
2015-03-14 20:00 - 2012-04-18 02:49 - 00669132 _____ () C:\Windows\system32\perfh005.dat
2015-03-14 20:00 - 2012-04-18 02:49 - 00141760 _____ () C:\Windows\system32\perfc005.dat
2015-03-14 20:00 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 16:05 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 16:05 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 15:56 - 2012-07-16 17:40 - 00000000 ____D () C:\Users\DNX\AppData\Local\Google
2015-03-14 15:55 - 2012-04-18 03:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-14 15:55 - 2012-04-18 03:55 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-14 15:50 - 2012-04-18 03:57 - 00166654 _____ () C:\Windows\system32\fastboot.set
2015-03-14 15:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 11:58 - 2009-07-14 04:20 - 00000000 ___HD () C:\Users\Default
2015-03-14 11:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-13 12:35 - 2012-04-18 03:25 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-03-13 12:35 - 2012-04-18 03:25 - 00000000 ____D () C:\Windows\system32\NV
2015-03-13 12:35 - 2012-04-18 03:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 08:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 05:58 - 2013-11-10 04:08 - 00000000 ____D () C:\Users\postgres
2015-03-11 13:48 - 2012-07-16 18:22 - 00000000 ____D () C:\Users\DNX\AppData\Local\PokerStars
2015-03-11 13:48 - 2012-07-16 18:21 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2015-03-11 08:36 - 2015-01-24 17:42 - 00000000 ____D () C:\Users\DNX\AppData\Roaming\DAEMON Tools Lite
2015-03-11 08:36 - 2011-02-24 18:03 - 00000000 ____D () C:\Windows\Panther
2015-03-09 14:33 - 2009-07-14 06:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-08 20:00 - 2009-07-14 03:34 - 00450771 ____R () C:\Windows\system32\Drivers\etc\hosts.20150309-072646.backup
2015-03-08 19:16 - 2012-07-17 00:31 - 00000000 ____D () C:\Users\DNX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-03-08 19:16 - 2012-07-17 00:31 - 00000000 ____D () C:\Users\DNX
2015-03-08 19:16 - 2012-07-16 18:35 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-08 19:16 - 2011-10-10 09:19 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-08 19:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-24 04:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-21 08:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 18:02 - 2014-09-11 10:15 - 00000000 ____D () C:\KAKU
2015-02-13 09:00 - 2009-07-14 05:45 - 00290168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 08:57 - 2014-12-13 05:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-13 08:57 - 2014-05-07 02:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== Files in the root of some directories =======

2013-02-15 19:13 - 2013-02-15 19:13 - 0026900 _____ () C:\Users\DNX\AppData\Local\dt.dat
2015-03-14 12:49 - 2015-03-14 12:49 - 0000017 _____ () C:\Users\DNX\AppData\Local\resmon.resmoncfg
2013-11-10 03:53 - 2013-11-10 03:53 - 0005080 _____ () C:\ProgramData\flwjycbm.bab
2013-01-20 02:59 - 2013-01-20 02:59 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\DNX\Desktop" je 12 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.



Zapnete funkci vytvareni bodu obnovy



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Dynax]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by DNX at 2015-03-15 04:54:03 Run:1
Running from C:\Users\DNX\Desktop
Loaded Profiles: UpdatusUser & DNX & postgres & (Available profiles: UpdatusUser & DNX & postgres)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2924762042-3179784317-2054659428-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox

U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKU\S-1-5-21-2924762042-3179784317-2054659428-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2924762042-3179784317-2054659428-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
cpuz136 => Service stopped successfully.
cpuz136 => Service deleted successfully.
DriverService => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 29.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 04:54:48 ====

[Dynax]

ComboFix 15-03-09.01 - DNX 15.03.2015 6:01.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3996.1998 [GMT 1:00]
Spuštěný z: c:\users\DNX\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DNX\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-15 do 2015-03-15 )))))))))))))))))))))))))))))))
.
.
2015-03-15 05:11 . 2015-03-15 05:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-15 05:11 . 2015-03-15 05:11 -------- d-----w- c:\users\postgres\AppData\Local\temp
2015-03-15 05:11 . 2015-03-15 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-14 19:05 . 2015-03-15 03:57 -------- d-----w- C:\FRST
2015-03-14 14:48 . 2015-03-14 14:12 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-14 14:48 . 2015-03-15 05:13 -------- d-----w- c:\users\DNX\AppData\Local\Temp
2015-03-14 12:50 . 2015-03-14 13:21 -------- d-----w- C:\zoek_backup
2015-03-14 12:35 . 2015-03-14 13:59 -------- d-----w- C:\AdwCleaner
2015-03-14 09:16 . 2015-03-14 09:16 -------- d-----w- c:\users\DNX\AppData\Roaming\AVG2015
2015-03-14 09:11 . 2015-03-14 09:11 -------- d-----w- C:\$AVG
2015-03-14 09:08 . 2015-03-14 09:08 -------- d-----w- c:\program files (x86)\AVG
2015-03-14 09:06 . 2015-03-14 15:55 -------- d-----w- c:\users\DNX\AppData\Local\Avg2015
2015-03-13 11:07 . 2015-03-13 11:08 -------- d-----w- c:\program files\Defraggler
2015-03-13 10:49 . 2015-03-13 10:49 -------- d-----w- c:\program files\CCleaner
2015-03-11 10:58 . 2015-03-11 10:58 -------- d-----w- c:\program files\trend micro
2015-03-11 09:51 . 2015-03-11 09:51 -------- d-----w- c:\program files (x86)\trend micro
2015-03-11 05:12 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 05:12 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-10 12:25 . 2015-03-14 09:19 -------- d-----w- c:\programdata\MFAData
2015-03-10 12:25 . 2015-03-10 12:25 -------- d-----w- c:\users\DNX\AppData\Local\MFAData
2015-03-09 14:45 . 2015-03-15 05:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-09 14:42 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-09 14:42 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-09 14:42 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-09 14:42 . 2015-03-09 14:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-09 14:42 . 2015-03-09 14:42 -------- d-----w- c:\programdata\Malwarebytes
2015-03-09 13:21 . 2015-03-09 13:21 -------- d-----w- c:\users\DNX\AppData\Local\ESET
2015-03-08 18:49 . 2015-03-08 18:49 -------- d-----w- c:\users\DNX\AppData\Local\Apps
2015-03-08 18:49 . 2015-03-14 13:33 -------- d-----w- c:\users\DNX\AppData\Local\Deployment
2015-03-08 18:42 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-08 18:42 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-08 18:42 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-08 18:40 . 2015-03-08 18:40 -------- d-----w- c:\programdata\AVG
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieUserList
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieSiteList
2015-03-08 18:24 . 2015-03-08 18:24 -------- d-sh--w- c:\users\DNX\AppData\Local\EmieBrowserModeList
2015-02-25 16:37 . 2015-02-25 16:37 284128 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-02-24 15:46 . 2015-02-24 15:46 280544 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-02-17 16:59 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-13 08:19 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 08:19 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 08:19 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 08:19 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-16 04:21 . 2015-03-14 09:08 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55D86E28-7905-4722-81A7-8F53C75B997F}\mpengine.dll
2015-02-11 21:14 . 2012-07-22 02:40 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 16:46 . 2013-11-11 18:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 16:46 . 2013-11-11 18:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 09:27 . 2015-02-05 09:27 133088 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-02-04 03:16 . 2015-02-11 17:18 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 17:18 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 17:18 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 17:18 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 17:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 17:18 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 17:18 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-02-03 09:47 . 2015-02-03 09:47 341472 ----a-w- c:\windows\system32\drivers\avgloga.sys
2015-01-27 23:36 . 2015-02-11 17:18 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-15 08:14 . 2015-02-11 17:15 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-15 08:14 . 2015-02-11 17:15 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-01-15 08:09 . 2015-02-11 17:15 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-01-15 08:09 . 2015-02-11 17:15 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-01-15 08:09 . 2015-02-11 17:15 28160 ----a-w- c:\windows\system32\secur32.dll
2015-01-15 08:09 . 2015-02-11 17:15 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-15 08:09 . 2015-02-11 17:15 31232 ----a-w- c:\windows\system32\lsass.exe
2015-01-15 08:08 . 2015-02-11 17:15 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-01-15 08:06 . 2015-02-11 17:15 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-01-15 08:06 . 2015-02-11 17:15 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-15 08:04 . 2015-02-11 17:15 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-01-15 07:42 . 2015-02-11 17:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-01-15 07:42 . 2015-02-11 17:15 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-01-15 07:41 . 2015-02-11 17:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-01-15 07:39 . 2015-02-11 17:15 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-01-15 07:39 . 2015-02-11 17:15 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-01-15 07:37 . 2015-02-11 17:15 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-01-15 04:22 . 2015-02-11 17:15 458824 ----a-w- c:\windows\system32\drivers\cng.sys
2015-01-14 06:09 . 2015-02-11 17:14 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 06:05 . 2015-02-11 17:14 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 06:05 . 2015-02-11 17:14 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 06:04 . 2015-02-11 17:14 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 05:47 . 2015-02-11 17:17 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-01-14 05:44 . 2015-02-11 17:14 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44 . 2015-02-11 17:14 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41 . 2015-02-11 17:14 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-13 03:10 . 2015-02-11 17:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-13 02:49 . 2015-02-11 17:15 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:09 . 2015-02-11 17:17 25056256 ----a-w- c:\windows\system32\mshtml.dll
2015-01-12 03:05 . 2015-02-11 17:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-01-12 03:05 . 2015-02-11 17:17 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-01-12 02:49 . 2015-02-11 17:17 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-01-12 02:48 . 2015-02-11 17:17 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-01-12 02:48 . 2015-02-11 17:17 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-01-12 02:48 . 2015-02-11 17:17 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-01-12 02:47 . 2015-02-11 17:17 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-01-12 02:40 . 2015-02-11 17:17 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-01-12 02:39 . 2015-02-11 17:17 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-01-12 02:36 . 2015-02-11 17:17 633856 ----a-w- c:\windows\system32\ieui.dll
2015-01-12 02:34 . 2015-02-11 17:17 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-01-12 02:34 . 2015-02-11 17:17 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-01-12 02:25 . 2015-02-11 17:17 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-01-12 02:21 . 2015-02-11 17:17 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-01-12 02:21 . 2015-02-11 17:17 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-01-12 02:13 . 2015-02-11 17:17 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-12 02:08 . 2015-02-11 17:17 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-01-12 02:08 . 2015-02-11 17:17 199680 ----a-w- c:\windows\system32\msrating.dll
2015-01-12 02:07 . 2015-02-11 17:17 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-01-12 02:07 . 2015-02-11 17:17 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-01-12 02:07 . 2015-02-11 17:17 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05 . 2015-02-11 17:17 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-01-12 02:04 . 2015-02-11 17:17 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-01-12 01:55 . 2015-02-11 17:17 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-01-12 01:48 . 2015-02-11 17:17 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-01-12 01:48 . 2015-02-11 17:17 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-01-12 01:46 . 2015-02-11 17:17 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-01-12 01:46 . 2015-02-11 17:17 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-01-12 01:43 . 2015-02-11 17:17 14401024 ----a-w- c:\windows\system32\ieframe.dll
2015-01-12 01:40 . 2015-02-11 17:17 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27 . 2015-02-11 17:17 2358272 ----a-w- c:\windows\system32\wininet.dll
2015-01-12 01:23 . 2015-02-11 17:17 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-01-12 01:22 . 2015-02-11 17:17 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:14 . 2015-02-11 17:17 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-01-12 01:02 . 2015-02-11 17:17 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-01-12 01:00 . 2015-02-11 17:17 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-01-10 06:48 . 2015-02-11 17:18 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-01-10 06:48 . 2015-02-11 17:18 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-10 06:48 . 2015-02-11 17:18 341504 ----a-w- c:\windows\system32\schannel.dll
2015-01-10 06:48 . 2015-02-11 17:18 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-10 06:48 . 2015-02-11 17:18 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-10 06:48 . 2015-02-11 17:18 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-01-10 06:48 . 2015-02-11 17:18 22016 ----a-w- c:\windows\system32\credssp.dll
2015-01-10 06:27 . 2015-02-11 17:18 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-01-10 06:27 . 2015-02-11 17:18 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-01-10 06:27 . 2015-02-11 17:18 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-01-10 06:27 . 2015-02-11 17:18 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-01-10 06:27 . 2015-02-11 17:18 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-01-10 06:27 . 2015-02-11 17:18 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-01-10 06:27 . 2015-02-11 17:18 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-01-09 02:03 . 2015-02-11 17:13 3201536 ----a-w- c:\windows\system32\win32k.sys
2014-12-19 03:06 . 2015-01-14 06:54 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 06:54 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2012-01-08 35328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-03-06 3723728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R3 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys;c:\windows\SYSNATIVE\DRIVERS\DamageGuardX64.sys [x]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [x]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys;c:\windows\SYSNATIVE\drivers\dgFltrX64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-14 14:55 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-04-18 02:52 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-02 440600]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-09 792224]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-09 657568]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-04-18 206176]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-02 398616]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-04-18 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-04-18 6199128]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = https://www.facebook.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.165.145.12 193.165.254.9
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2015-03-15 06:20:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-15 05:20
ComboFix2.txt 2015-03-14 10:57
.
Před spuštěním: Volných bajtů: 430 781 571 072
Po spuštění: Volných bajtů: 430 701 363 200
.
- - End Of File - - 57CCAD67F14962CDA83F14A0979AA88A