Vyskakují reklamy

Zpráva

smidakm · #1 Příspěvek od **smidakm** » 02 říj 2015 18:31

Prosím o pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Owner (administrator) on LENOVO-PC (02-10-2015 19:22:16)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\DNS Unlocker\dnsseadrift.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2808560 2014-06-25] (Synaptics Incorporated)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-16] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [mncwvwsfSrv] => C:\windows\SysWOW64\mncwvwsf.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [NtVdmSrv] => C:\windows\inf\ntvdm.vbe
HKLM-x32\...\Run: [MSStp] => C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [mncjxdjSrv] => C:\windows\SysWOW64\mncjxdj.vbe [7670 2014-03-05] ()
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\MountPoints2: {f7bfb0cc-fe25-11e4-827c-38b1db5ead96} - "F:\Startme.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A67282DE-1FD5-4F0A-9F44-5488AA98A3E8}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14242 ... X84GXT3EAT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14242 ... X84GXT3EAT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14242 ... X84GXT3EAT
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4198438056-3133198569-554230774-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: SSAveerExtensioon - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\AnE@S.com [2015-08-07]
FF Extension: The AdBlocker - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\chdrdfoofd_fvdef@qrdkdqnymijvofby.com [2015-08-31]
FF Extension: RoboSaiver - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\f5zJ@N.net [2015-08-26]
FF Extension: BBitSaVer - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\oLG@4U1E.net [2015-08-03]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b9l3tw00.default\extensions\searchengine@gmail.com => not found

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-16]
CHR Extension: (Wise Ads Block) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcmakjhknigccfidaelkafjmfifkhkc [2015-08-26]
CHR Extension: (Dokumenty Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-16]
CHR Extension: (Disk Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-16]
CHR Extension: (Tabulky Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-16] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-16] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-06-25] (Synaptics Incorporated)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-04-12] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S1 atshpnjq; \??\C:\windows\system32\drivers\atshpnjq.sys [X]
S1 awfztrnp; \??\C:\windows\system32\drivers\awfztrnp.sys [X]
S1 bgtgmhvu; \??\C:\windows\system32\drivers\bgtgmhvu.sys [X]
S1 ivtahkky; \??\C:\windows\system32\drivers\ivtahkky.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 19:22 - 2015-10-02 19:22 - 00019038 _____ C:\Users\Owner\Desktop\FRST.txt
2015-10-02 19:20 - 2015-10-02 19:22 - 00000000 ____D C:\FRST
2015-10-02 19:20 - 2015-10-02 19:20 - 02192384 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-10-02 19:19 - 2015-10-02 19:19 - 00112640 _____ (forum.viry.cz) C:\Users\Owner\Desktop\FRSTLauncher.exe
2015-10-02 19:19 - 2015-10-02 19:19 - 00015327 _____ C:\Users\Owner\Desktop\LM.bat
2015-10-02 19:16 - 2015-10-02 19:19 - 00029696 _____ C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-09-27 17:09 - 2015-05-10 18:38 - 06669238 _____ C:\Users\Owner\Downloads\Kabát---Brousíme-nože---PROMO-SINGL---2015-(256kbit).m4a
2015-09-27 16:47 - 2015-09-27 17:06 - 326094085 _____ C:\Users\Owner\Downloads\100-Wiz-Khalifa-&-Iggy-Azalea---Go-Hard-Or-Go-Home.rar
2015-09-26 15:05 - 2015-09-26 15:05 - 00026356 _____ C:\windows\System32\Tasks\DNSSEADRIFT
2015-09-26 15:05 - 2015-09-26 15:05 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-21 13:41 - 2015-09-21 13:49 - 00000000 ____D C:\Users\Owner\Downloads\hiphop
2015-09-19 17:22 - 2015-10-01 18:07 - 00001279 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-09-19 17:18 - 2015-09-19 17:27 - 00000000 ____D C:\Users\Owner\Desktop\EDM
2015-09-03 20:09 - 2015-09-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 20:09 - 2015-09-03 20:09 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 19:22 - 2014-12-09 06:03 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198438056-3133198569-554230774-1002
2015-10-02 19:17 - 2014-12-09 06:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ClassicShell
2015-10-02 19:17 - 2014-12-09 05:57 - 01267941 _____ C:\Users\Owner\AppData\Local\BTServer.log
2015-10-02 19:01 - 2014-09-16 02:55 - 01694514 _____ C:\windows\WindowsUpdate.log
2015-10-02 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-10-02 18:49 - 2014-12-09 06:22 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-02 18:43 - 2015-01-25 22:32 - 00000479 _____ C:\Users\Owner\rgut
2015-10-02 18:42 - 2014-09-16 03:35 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-10-02 18:42 - 2014-09-16 03:35 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-10-02 18:42 - 2014-03-18 11:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-02 17:16 - 2014-09-16 03:32 - 08680212 _____ C:\Users\Public\CAFADEBUG.log
2015-10-02 15:05 - 2015-08-15 03:05 - 00000360 _____ C:\windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-10-02 13:57 - 2014-12-09 06:09 - 00003974 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{118BDF86-4DAF-493B-BB27-91CAA24A69C7}
2015-10-01 18:07 - 2014-09-16 04:38 - 00000000 ____D C:\ProgramData\LU
2015-10-01 17:35 - 2013-08-22 16:46 - 00050003 _____ C:\windows\setupact.log
2015-10-01 17:35 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-01 17:34 - 2014-09-16 04:15 - 00006656 _____ C:\windows\system32\VfService.trf
2015-10-01 17:34 - 2014-09-16 03:27 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-10-01 17:34 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-09-29 11:51 - 2015-08-06 21:58 - 00000000 ____D C:\Program Files (x86)\SaVerExxtensionn
2015-09-26 10:09 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-22 19:49 - 2014-12-09 06:22 - 00003802 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 11:20 - 2015-08-26 10:52 - 00000000 ____D C:\Program Files (x86)\RoBoSAver
2015-09-20 07:12 - 2015-08-26 10:55 - 00000000 ____D C:\Program Files (x86)\Wise Ads Block
2015-09-20 07:11 - 2015-08-12 08:44 - 00000000 ____D C:\Program Files (x86)\BestaSaveFourYou
2015-09-20 07:11 - 2015-08-03 15:49 - 00000000 ____D C:\Program Files (x86)\BitSoaver
2015-09-20 07:11 - 2015-08-03 15:48 - 00000000 ____D C:\Program Files (x86)\BBitSaVer
2015-09-20 07:11 - 2015-08-03 07:21 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro The best AntiPorn addon
2015-09-20 07:10 - 2015-08-06 22:00 - 00000000 ____D C:\Program Files (x86)\My IP address
2015-09-20 07:10 - 2015-08-03 15:48 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder
2015-09-20 07:10 - 2015-08-03 07:22 - 00000000 ____D C:\Program Files (x86)\RanndomPricE
2015-09-20 07:10 - 2015-08-03 07:22 - 00000000 ____D C:\Program Files (x86)\RaandomPrIce
2015-09-20 07:10 - 2015-08-03 07:21 - 00000000 ____D C:\Program Files (x86)\RanedOOmPRiCE
2015-09-20 07:09 - 2015-06-05 09:38 - 00000000 ____D C:\Program Files (x86)\SAveLOts
2015-09-20 07:09 - 2015-06-05 09:38 - 00000000 ____D C:\Program Files (x86)\SaveeLotss
2015-09-20 07:09 - 2015-06-05 09:37 - 00000000 ____D C:\Program Files (x86)\SaveaLottss
2015-09-20 07:09 - 2015-04-26 14:01 - 00000000 ____D C:\Program Files (x86)\sound on click
2015-09-20 07:08 - 2015-08-06 22:00 - 00000000 ____D C:\Program Files (x86)\SSAveerExtensioon
2015-09-20 07:08 - 2015-02-18 14:26 - 00000000 ____D C:\Program Files (x86)\UUniDealeS e
2015-09-20 07:02 - 2015-05-17 13:06 - 00000000 ____D C:\Program Files (x86)\Epic Soccer Barcelona
2015-09-20 07:01 - 2015-06-05 18:24 - 00000000 ____D C:\Program Files (x86)\SickBeardConnect
2015-09-20 07:01 - 2015-05-17 13:06 - 00000000 ____D C:\Program Files (x86)\ShoPDrop
2015-09-20 07:01 - 2015-05-17 13:06 - 00000000 ____D C:\Program Files (x86)\RegularoDealS
2015-09-20 07:01 - 2015-02-18 14:27 - 00000000 ____D C:\Program Files (x86)\UniDeals
2015-09-20 06:57 - 2015-08-26 10:51 - 00000000 ____D C:\Program Files (x86)\RoboSaiver
2015-09-20 06:57 - 2015-04-26 14:02 - 00000000 ____D C:\Program Files (x86)\CheeapMe
2015-09-20 06:57 - 2015-02-18 14:27 - 00000000 ____D C:\Program Files (x86)\Hearthstone Stream Browser
2015-09-20 06:55 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\MicrOOMaSteers
2015-09-19 17:12 - 2014-12-09 05:56 - 00000000 ____D C:\Users\Owner
2015-09-19 17:11 - 2015-04-04 23:50 - 00000000 ___SD C:\windows\system32\GWX
2015-09-19 17:10 - 2014-12-25 18:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-09-19 17:10 - 2014-12-09 06:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-19 17:10 - 2014-12-09 05:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-09-19 17:04 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-09-19 17:03 - 2015-06-16 10:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2015-09-15 08:31 - 2014-03-18 11:44 - 00019736 _____ C:\windows\PFRO.log
2015-09-09 15:28 - 2015-08-03 15:48 - 00000000 ____D C:\Program Files (x86)\BitSaveur
2015-09-09 15:28 - 2015-06-12 07:26 - 00000000 ____D C:\Program Files (x86)\TakeTHeCoupon
2015-09-09 15:28 - 2015-04-29 14:55 - 00000000 ____D C:\Program Files (x86)\BeesTSaveForYYoue
2015-09-09 15:26 - 2015-05-17 13:05 - 00000000 ____D C:\Program Files (x86)\FunDEalSS
2015-09-03 20:09 - 2014-12-25 18:48 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2015-04-17 13:11 - 2015-08-06 21:59 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-08 19:32 - 2015-08-17 22:32 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr2.bin
2015-07-15 15:37 - 2015-08-14 18:38 - 0000024 _____ () C:\Users\Owner\AppData\Roaming\appdataFr25.bin
2014-12-09 06:19 - 2015-08-23 16:01 - 0000421 _____ () C:\Users\Owner\AppData\Roaming\burnaware.ini
2014-12-09 05:57 - 2015-10-02 19:17 - 1267941 _____ () C:\Users\Owner\AppData\Local\BTServer.log
2015-08-20 09:50 - 2015-08-20 09:50 - 0000031 _____ () C:\Users\Owner\AppData\Local\burnaware.ini
2015-10-02 19:16 - 2015-10-02 19:19 - 0029696 _____ () C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-03-12 08:17 - 2015-03-12 08:17 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-09-16 03:32 - 2014-09-16 03:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\supoptsetup.exe
C:\Users\Owner\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-29 11:34

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 02 říj 2015 19:31

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

smidakm · #3 Příspěvek od **smidakm** » 02 říj 2015 21:34

# AdwCleaner v5.009 - Logfile created 02/10/2015 at 22:18:36
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Owner - LENOVO-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ReimageRealTimeProtector

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Reimage
[-] Folder Deleted : C:\Program Files (x86)\Isaver
[-] Folder Deleted : C:\Program Files (x86)\ShopDroP
[-] Folder Deleted : C:\Program Files (x86)\RoboSaver
[-] Folder Deleted : C:\Program Files (x86)\TakeTheCoupon
[-] Folder Deleted : C:\Program Files (x86)\SaveLots
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\Program Files (x86)\AellCheapPrice
[-] Folder Deleted : C:\Program Files (x86)\AllCHeapPariceu
[-] Folder Deleted : C:\Program Files (x86)\AllSSaaver
[-] Folder Deleted : C:\Program Files (x86)\BBitSaVer
[-] Folder Deleted : C:\Program Files (x86)\BeesTSaveForYYoue
[-] Folder Deleted : C:\Program Files (x86)\BestaSaveFourYou
[-] Folder Deleted : C:\Program Files (x86)\BitSaveur
[-] Folder Deleted : C:\Program Files (x86)\BitSoaver
[-] Folder Deleted : C:\Program Files (x86)\CheeapMe
[-] Folder Deleted : C:\Program Files (x86)\DiigaICouPonn
[-] Folder Deleted : C:\Program Files (x86)\ExsotraSeaavings
[-] Folder Deleted : C:\Program Files (x86)\FunDEalSS
[-] Folder Deleted : C:\Program Files (x86)\FUnDeauls
[!] Folder Not Deleted : C:\Program Files (x86)\IsaVer
[-] Folder Deleted : C:\Program Files (x86)\Issaver
[-] Folder Deleted : C:\Program Files (x86)\JooniCouuponn
[-] Folder Deleted : C:\Program Files (x86)\MInimumiPrice
[-] Folder Deleted : C:\Program Files (x86)\MinimuMPrice
[-] Folder Deleted : C:\Program Files (x86)\NetoCoupoen
[-] Folder Deleted : C:\Program Files (x86)\NeTooCOoupon
[-] Folder Deleted : C:\Program Files (x86)\RaandomPrIce
[-] Folder Deleted : C:\Program Files (x86)\RanedOOmPRiCE
[-] Folder Deleted : C:\Program Files (x86)\RanndomPricE
[-] Folder Deleted : C:\Program Files (x86)\RegularoDealS
[-] Folder Deleted : C:\Program Files (x86)\RoboSaaver
[-] Folder Deleted : C:\Program Files (x86)\RoboSaiver
[!] Folder Not Deleted : C:\Program Files (x86)\RoBoSAver
[-] Folder Deleted : C:\Program Files (x86)\SaveaLottss
[-] Folder Deleted : C:\Program Files (x86)\SaveeLotss
[!] Folder Not Deleted : C:\Program Files (x86)\SAveLOts
[-] Folder Deleted : C:\Program Files (x86)\SaVerExxtensionn
[!] Folder Not Deleted : C:\Program Files (x86)\ShoPDrop
[-] Folder Deleted : C:\Program Files (x86)\SSAveerExtensioon
[!] Folder Not Deleted : C:\Program Files (x86)\TakeTHeCoupon
[-] Folder Deleted : C:\Program Files (x86)\TakeTThhECoUppon
[-] Folder Deleted : C:\Program Files (x86)\TakkeThheCoOupon
[-] Folder Deleted : C:\Program Files (x86)\UniDeals
[-] Folder Deleted : C:\Program Files (x86)\UUniDealeS e
[-] Folder Deleted : C:\ProgramData\Reimage Protector
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\ProgramData\1514700907740185443
[-] Folder Deleted : C:\ProgramData\{1e488a7e-dad2-63a3-1e48-88a7edad29fb}
[-] Folder Deleted : C:\ProgramData\{67c26549-7b2e-5f13-67c2-265497b29525}
[-] Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcmakjhknigccfidaelkafjmfifkhkc
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\AnE@S.com
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\f5zJ@N.net
[-] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\oLG@4U1E.net

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_alcmakjhknigccfidaelkafjmfifkhkc_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_alcmakjhknigccfidaelkafjmfifkhkc_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\alcmakjhknigccfidaelkafjmfifkhkc
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\windows\Reimage.ini
[-] File Deleted : C:\windows\Sysnative\VisualDiscoveryOff.ini
[-] File Deleted : C:\windows\SysWOW64\VisualDiscovery.ini
[-] File Deleted : C:\windows\SysWOW64\VisualDiscoveryOff.ini

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : ReimageUpdater
[-] Task Deleted : Bidaily Synchronize Task[8da6]
[-] Task Deleted : Bidaily Synchronize Task[8da6]
[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\P20c9f70b_c36a_42fc_a362_5502e96adc14_.P20c9f70b_c36a_42fc_a362_5502e96adc14_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P20c9f70b_c36a_42fc_a362_5502e96adc14_.P20c9f70b_c36a_42fc_a362_5502e96adc14_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P3e5e4f80_513c_4b3f_8d00_33513a55a198_.P3e5e4f80_513c_4b3f_8d00_33513a55a198_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P3e5e4f80_513c_4b3f_8d00_33513a55a198_.P3e5e4f80_513c_4b3f_8d00_33513a55a198_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4cea3a7e_4f45_424a_87d6_b7dfef884671_.P4cea3a7e_4f45_424a_87d6_b7dfef884671_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P4cea3a7e_4f45_424a_87d6_b7dfef884671_.P4cea3a7e_4f45_424a_87d6_b7dfef884671_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pe186e075_bc46_4d0e_9da2_7872b584a251_.Pe186e075_bc46_4d0e_9da2_7872b584a251_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pe186e075_bc46_4d0e_9da2_7872b584a251_.Pe186e075_bc46_4d0e_9da2_7872b584a251_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pe5cfdf5e_7643_4147_9911_8c087f20f353_.Pe5cfdf5e_7643_4147_9911_8c087f20f353_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pe5cfdf5e_7643_4147_9911_8c087f20f353_.Pe5cfdf5e_7643_4147_9911_8c087f20f353_.9
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\bdad3791-0639-c93e-73be-3e3910d7cd2c
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{229c2d9f}
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20c9f70b-c36a-42fc-a362-5502e96adc14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3e5e4f80-513c-4b3f-8d00-33513a55a198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4cea3a7e-4f45-424a-87d6-b7dfef884671}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e186e075-bc46-4d0e-9da2-7872b584a251}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e5cfdf5e-7643-4147-9911-8c087f20f353}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB2DE3E8-09DB-47F2-8F99-658751BFB500}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20c9f70b-c36a-42fc-a362-5502e96adc14}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e5e4f80-513c-4b3f-8d00-33513a55a198}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4cea3a7e-4f45-424a-87d6-b7dfef884671}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e186e075-bc46-4d0e-9da2-7872b584a251}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e5cfdf5e-7643-4147-9911-8c087f20f353}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20c9f70b-c36a-42fc-a362-5502e96adc14}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e5e4f80-513c-4b3f-8d00-33513a55a198}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4cea3a7e-4f45-424a-87d6-b7dfef884671}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e186e075-bc46-4d0e-9da2-7872b584a251}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e5cfdf5e-7643-4147-9911-8c087f20f353}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{20c9f70b-c36a-42fc-a362-5502e96adc14}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e5e4f80-513c-4b3f-8d00-33513a55a198}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4cea3a7e-4f45-424a-87d6-b7dfef884671}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e186e075-bc46-4d0e-9da2-7872b584a251}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5cfdf5e-7643-4147-9911-8c087f20f353}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{20c9f70b-c36a-42fc-a362-5502e96adc14}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3e5e4f80-513c-4b3f-8d00-33513a55a198}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{4cea3a7e-4f45-424a-87d6-b7dfef884671}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{e186e075-bc46-4d0e-9da2-7872b584a251}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{e5cfdf5e-7643-4147-9911-8c087f20f353}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{20c9f70b-c36a-42fc-a362-5502e96adc14}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3e5e4f80-513c-4b3f-8d00-33513a55a198}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4cea3a7e-4f45-424a-87d6-b7dfef884671}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e186e075-bc46-4d0e-9da2-7872b584a251}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{e5cfdf5e-7643-4147-9911-8c087f20f353}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\HomeTab
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\WajIntEnhance
[-] Key Deleted : HKCU\Software\SearchProtectWS
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Iminent
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\Superfish Inc. VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\WajIntEnhance
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar
[-] Key Deleted : HKLM\SOFTWARE\LENOVO\VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\HomeTab
[!] Key Not Deleted : [x64] HKCU\Software\simplytech
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[!] Key Not Deleted : [x64] HKCU\Software\WajIntEnhance
[!] Key Not Deleted : [x64] HKCU\Software\SearchProtectWS
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\prefs.js] [Preference] Deleted : user_pref("extensions.hZ3EmNXwjak5Oudd.scode", "(function(){try{if(window.location.href.indexOf(\"rjkErTg9qTnFpdaHqjY6rTUGqdr\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\[...]
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\prefs.js] [Preference] Deleted : user_pref("extensions.tVfPTMdRaBhYibPN.scode", "(function(){try{if(window.location.href.indexOf(\"rjkErTg9qTnFpdaHqjY6rTUGqdr\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\prefs.js] [Preference] Deleted : user_pref("extensions.yxHzCTX1HP0H1uP5.scode", "(function(){try{if(window.location.href.indexOf(\"rjkErTg9qTnFpdaHqjY6rTUGqdr\")>-1){return;}}catch(e){}try{var d=[[\"www.ebay.com\",\"www.ewoss.com\",\[...]
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.gboxapp.com/
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : alcmakjhknigccfidaelkafjmfifkhkc
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19759 bytes] ##########

#4 Příspěvek od **Rudy** » 02 říj 2015 21:40

Dejte nový log FRST.

smidakm · #5 Příspěvek od **smidakm** » 02 říj 2015 21:51

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Owner (administrator) on LENOVO-PC (02-10-2015 22:46:59)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2808560 2014-06-25] (Synaptics Incorporated)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-16] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [mncwvwsfSrv] => C:\windows\SysWOW64\mncwvwsf.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [NtVdmSrv] => C:\windows\inf\ntvdm.vbe
HKLM-x32\...\Run: [MSStp] => C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [mncjxdjSrv] => C:\windows\SysWOW64\mncjxdj.vbe [7670 2014-03-05] ()
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\MountPoints2: {f7bfb0cc-fe25-11e4-827c-38b1db5ead96} - "F:\Startme.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A67282DE-1FD5-4F0A-9F44-5488AA98A3E8}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: The AdBlocker - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\chdrdfoofd_fvdef@qrdkdqnymijvofby.com [2015-08-31]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-16]
CHR Extension: (Dokumenty Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-16]
CHR Extension: (Disk Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-16]
CHR Extension: (Tabulky Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-16] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-16] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-06-25] (Synaptics Incorporated)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-04-12] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S1 atshpnjq; \??\C:\windows\system32\drivers\atshpnjq.sys [X]
S1 awfztrnp; \??\C:\windows\system32\drivers\awfztrnp.sys [X]
S1 bgtgmhvu; \??\C:\windows\system32\drivers\bgtgmhvu.sys [X]
S1 ivtahkky; \??\C:\windows\system32\drivers\ivtahkky.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 22:16 - 2015-10-02 22:18 - 00000000 ____D C:\AdwCleaner
2015-10-02 22:15 - 2015-10-02 22:15 - 01670656 _____ C:\Users\Owner\Desktop\adwcleaner_5.009.exe
2015-10-02 19:22 - 2015-10-02 22:47 - 00016933 _____ C:\Users\Owner\Desktop\FRST.txt
2015-10-02 19:20 - 2015-10-02 22:47 - 00000000 ____D C:\FRST
2015-10-02 19:20 - 2015-10-02 19:20 - 02192384 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-10-02 19:19 - 2015-10-02 19:19 - 00112640 _____ (forum.viry.cz) C:\Users\Owner\Desktop\FRSTLauncher.exe
2015-10-02 19:19 - 2015-10-02 19:19 - 00015327 _____ C:\Users\Owner\Desktop\LM.bat
2015-10-02 19:16 - 2015-10-02 19:19 - 00029696 _____ C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-09-27 17:09 - 2015-05-10 18:38 - 06669238 _____ C:\Users\Owner\Downloads\Kabát---Brousíme-nože---PROMO-SINGL---2015-(256kbit).m4a
2015-09-27 16:47 - 2015-09-27 17:06 - 326094085 _____ C:\Users\Owner\Downloads\100-Wiz-Khalifa-&-Iggy-Azalea---Go-Hard-Or-Go-Home.rar
2015-09-26 15:05 - 2015-09-26 15:05 - 00026356 _____ C:\windows\System32\Tasks\DNSSEADRIFT
2015-09-21 13:41 - 2015-09-21 13:49 - 00000000 ____D C:\Users\Owner\Downloads\hiphop
2015-09-19 17:22 - 2015-10-02 22:30 - 00001279 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-09-19 17:18 - 2015-09-19 17:27 - 00000000 ____D C:\Users\Owner\Desktop\EDM
2015-09-03 20:09 - 2015-09-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-03 20:09 - 2015-09-03 20:09 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 22:38 - 2014-12-09 06:03 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198438056-3133198569-554230774-1002
2015-10-02 22:31 - 2014-09-16 02:55 - 01705528 _____ C:\windows\WindowsUpdate.log
2015-10-02 22:30 - 2014-09-16 04:38 - 00000000 ____D C:\ProgramData\LU
2015-10-02 22:24 - 2014-09-16 03:35 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-10-02 22:24 - 2014-09-16 03:35 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-10-02 22:24 - 2014-03-18 11:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-02 22:21 - 2015-01-25 22:32 - 00000829 _____ C:\Users\Owner\rgut
2015-10-02 22:21 - 2014-12-09 06:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ClassicShell
2015-10-02 22:20 - 2014-12-09 05:57 - 01270130 _____ C:\Users\Owner\AppData\Local\BTServer.log
2015-10-02 22:20 - 2013-08-22 16:46 - 00050119 _____ C:\windows\setupact.log
2015-10-02 22:20 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-02 22:19 - 2014-09-16 03:27 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-10-02 22:19 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-10-02 22:18 - 2015-08-21 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 22:18 - 2014-09-16 04:15 - 00006656 _____ C:\windows\system32\VfService.trf
2015-10-02 22:18 - 2014-09-16 03:32 - 08699522 _____ C:\Users\Public\CAFADEBUG.log
2015-10-02 22:14 - 2014-12-09 06:09 - 00003974 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{118BDF86-4DAF-493B-BB27-91CAA24A69C7}
2015-10-02 20:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-09-26 10:09 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-20 07:12 - 2015-08-26 10:55 - 00000000 ____D C:\Program Files (x86)\Wise Ads Block
2015-09-20 07:11 - 2015-08-03 07:21 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro The best AntiPorn addon
2015-09-20 07:10 - 2015-08-06 22:00 - 00000000 ____D C:\Program Files (x86)\My IP address
2015-09-20 07:10 - 2015-08-03 15:48 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder
2015-09-20 07:09 - 2015-04-26 14:01 - 00000000 ____D C:\Program Files (x86)\sound on click
2015-09-20 07:02 - 2015-05-17 13:06 - 00000000 ____D C:\Program Files (x86)\Epic Soccer Barcelona
2015-09-20 07:01 - 2015-06-05 18:24 - 00000000 ____D C:\Program Files (x86)\SickBeardConnect
2015-09-20 06:57 - 2015-02-18 14:27 - 00000000 ____D C:\Program Files (x86)\Hearthstone Stream Browser
2015-09-20 06:55 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\MicrOOMaSteers
2015-09-19 17:12 - 2014-12-09 05:56 - 00000000 ____D C:\Users\Owner
2015-09-19 17:11 - 2015-04-04 23:50 - 00000000 ___SD C:\windows\system32\GWX
2015-09-19 17:10 - 2014-12-25 18:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-09-19 17:10 - 2014-12-09 06:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-19 17:10 - 2014-12-09 05:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-09-19 17:04 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-09-19 17:03 - 2015-06-16 10:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2015-09-15 08:31 - 2014-03-18 11:44 - 00019736 _____ C:\windows\PFRO.log
2015-09-03 20:09 - 2014-12-25 18:48 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2015-04-17 13:11 - 2015-08-06 21:59 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-08 19:32 - 2015-08-17 22:32 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr2.bin
2015-07-15 15:37 - 2015-08-14 18:38 - 0000024 _____ () C:\Users\Owner\AppData\Roaming\appdataFr25.bin
2014-12-09 06:19 - 2015-08-23 16:01 - 0000421 _____ () C:\Users\Owner\AppData\Roaming\burnaware.ini
2014-12-09 05:57 - 2015-10-02 22:20 - 1270130 _____ () C:\Users\Owner\AppData\Local\BTServer.log
2015-08-20 09:50 - 2015-08-20 09:50 - 0000031 _____ () C:\Users\Owner\AppData\Local\burnaware.ini
2015-10-02 19:16 - 2015-10-02 19:19 - 0029696 _____ () C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-03-12 08:17 - 2015-03-12 08:17 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-09-16 03:32 - 2014-09-16 03:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\supoptsetup.exe
C:\Users\Owner\AppData\Local\Temp\_unps.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-29 11:34

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 03 říj 2015 10:45

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [mncwvwsfSrv] => C:\windows\SysWOW64\mncwvwsf.vbe [7670 2014-03-05] ()
C:\windows\SysWOW64\mncwvwsf.vbe
HKLM-x32\...\Run: [NtVdmSrv] => C:\windows\inf\ntvdm.vbe
HKLM-x32\...\Run: [MSStp] => C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [mncjxdjSrv] => C:\windows\SysWOW64\mncjxdj.vbe [7670 2014-03-05] ()
C:\windows\inf\ntvdm.vbe
C:\windows\inf\msstp.vbe
C:\windows\SysWOW64\mncjxdj.vbe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-25]
C:\Program Files\McAfee Security Scan
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
CHR dev: Chrome dev build detected! <======= ATTENTION
S1 atshpnjq; \??\C:\windows\system32\drivers\atshpnjq.sys [X]
S1 awfztrnp; \??\C:\windows\system32\drivers\awfztrnp.sys [X]
S1 bgtgmhvu; \??\C:\windows\system32\drivers\bgtgmhvu.sys [X]
S1 ivtahkky; \??\C:\windows\system32\drivers\ivtahkky.sys [X]
C:\ProgramData\McAfee Security Scan
C:\ProgramData\DP45977C.lfl
C:\Users\Owner\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

smidakm · #7 Příspěvek od **smidakm** » 03 říj 2015 11:15

Fix result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by Owner (2015-10-03 12:09:58) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [mncwvwsfSrv] => C:\windows\SysWOW64\mncwvwsf.vbe [7670 2014-03-05] ()
C:\windows\SysWOW64\mncwvwsf.vbe
HKLM-x32\...\Run: [NtVdmSrv] => C:\windows\inf\ntvdm.vbe
HKLM-x32\...\Run: [MSStp] => C:\windows\inf\msstp.vbe [1584 2014-03-05] ()
HKLM-x32\...\Run: [mncjxdjSrv] => C:\windows\SysWOW64\mncjxdj.vbe [7670 2014-03-05] ()
C:\windows\inf\ntvdm.vbe
C:\windows\inf\msstp.vbe
C:\windows\SysWOW64\mncjxdj.vbe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-25]
C:\Program Files\McAfee Security Scan
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
CHR dev: Chrome dev build detected! <======= ATTENTION
S1 atshpnjq; \??\C:\windows\system32\drivers\atshpnjq.sys [X]
S1 awfztrnp; \??\C:\windows\system32\drivers\awfztrnp.sys [X]
S1 bgtgmhvu; \??\C:\windows\system32\drivers\bgtgmhvu.sys [X]
S1 ivtahkky; \??\C:\windows\system32\drivers\ivtahkky.sys [X]
C:\ProgramData\McAfee Security Scan
C:\ProgramData\DP45977C.lfl
C:\Users\Owner\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncwvwsfSrv => value removed successfully
C:\windows\SysWOW64\mncwvwsf.vbe => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NtVdmSrv => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncjxdjSrv => value removed successfully
"C:\windows\inf\ntvdm.vbe" => File/Folder not found.
C:\windows\inf\msstp.vbe => moved successfully
C:\windows\SysWOW64\mncjxdj.vbe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan => moved successfully
C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
atshpnjq => service removed successfully
awfztrnp => service removed successfully
bgtgmhvu => service removed successfully
ivtahkky => service removed successfully
C:\ProgramData\McAfee Security Scan => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Owner\AppData\Local\Temp => moved successfully

==== End of Fixlog 12:09:59 ====

#8 Příspěvek od **Rudy** » 03 říj 2015 12:11

Smazáno. Nastala nějaká změna?

smidakm · #9 Příspěvek od **smidakm** » 03 říj 2015 12:53

Beze změn stále vyskakují reklamy.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Owner (administrator) on LENOVO-PC (03-10-2015 13:52:01)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2808560 2014-06-25] (Synaptics Incorporated)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-16] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\...\MountPoints2: {f7bfb0cc-fe25-11e4-827c-38b1db5ead96} - "F:\Startme.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A67282DE-1FD5-4F0A-9F44-5488AA98A3E8}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4198438056-3133198569-554230774-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: The AdBlocker - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fyl0t5bl.default-1437126649091\Extensions\chdrdfoofd_fvdef@qrdkdqnymijvofby.com [2015-08-31]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-16]
CHR Extension: (Dokumenty Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-16]
CHR Extension: (Disk Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-16]
CHR Extension: (Tabulky Google) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-16] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-16] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-06-25] (Synaptics Incorporated)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-04-12] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3410136 2014-04-11] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 13:52 - 2015-10-03 13:52 - 00015262 _____ C:\Users\Owner\Desktop\FRST.txt
2015-10-03 12:13 - 2015-10-03 12:13 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-03 12:09 - 2015-10-03 12:09 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2015-10-02 22:16 - 2015-10-02 22:18 - 00000000 ____D C:\AdwCleaner
2015-10-02 22:15 - 2015-10-02 22:15 - 01670656 _____ C:\Users\Owner\Desktop\adwcleaner_5.009.exe
2015-10-02 19:20 - 2015-10-03 13:52 - 00000000 ____D C:\FRST
2015-10-02 19:20 - 2015-10-03 12:09 - 02193408 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-10-02 19:19 - 2015-10-02 19:19 - 00015327 _____ C:\Users\Owner\Desktop\LM.bat
2015-10-02 19:16 - 2015-10-02 19:19 - 00029696 _____ C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-09-27 17:09 - 2015-05-10 18:38 - 06669238 _____ C:\Users\Owner\Downloads\Kabát---Brousíme-nože---PROMO-SINGL---2015-(256kbit).m4a
2015-09-27 16:47 - 2015-09-27 17:06 - 326094085 _____ C:\Users\Owner\Downloads\100-Wiz-Khalifa-&-Iggy-Azalea---Go-Hard-Or-Go-Home.rar
2015-09-26 15:05 - 2015-09-26 15:05 - 00026356 _____ C:\windows\System32\Tasks\DNSSEADRIFT
2015-09-21 13:41 - 2015-09-21 13:49 - 00000000 ____D C:\Users\Owner\Downloads\hiphop
2015-09-19 17:22 - 2015-10-02 22:30 - 00001279 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-09-19 17:18 - 2015-09-19 17:27 - 00000000 ____D C:\Users\Owner\Desktop\EDM
2015-09-03 20:09 - 2015-09-03 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 13:52 - 2014-09-16 02:55 - 01742106 _____ C:\windows\WindowsUpdate.log
2015-10-03 13:33 - 2014-09-16 03:35 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-10-03 13:33 - 2014-09-16 03:35 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-10-03 13:33 - 2014-03-18 11:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-03 13:32 - 2014-12-09 05:57 - 01273569 _____ C:\Users\Owner\AppData\Local\BTServer.log
2015-10-03 13:32 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-10-03 12:08 - 2014-12-09 06:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ClassicShell
2015-10-03 10:06 - 2014-12-09 06:03 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4198438056-3133198569-554230774-1002
2015-10-03 09:55 - 2014-12-09 06:09 - 00003974 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{118BDF86-4DAF-493B-BB27-91CAA24A69C7}
2015-10-03 09:53 - 2015-01-25 22:32 - 00000829 _____ C:\Users\Owner\rgut
2015-10-02 22:51 - 2014-09-16 03:32 - 08737210 _____ C:\Users\Public\CAFADEBUG.log
2015-10-02 22:30 - 2014-09-16 04:38 - 00000000 ____D C:\ProgramData\LU
2015-10-02 22:20 - 2013-08-22 16:46 - 00050119 _____ C:\windows\setupact.log
2015-10-02 22:20 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-02 22:19 - 2014-09-16 03:27 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-10-02 22:19 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-10-02 22:18 - 2015-08-21 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-02 22:18 - 2014-09-16 04:15 - 00006656 _____ C:\windows\system32\VfService.trf
2015-09-26 10:09 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-20 07:12 - 2015-08-26 10:55 - 00000000 ____D C:\Program Files (x86)\Wise Ads Block
2015-09-20 07:11 - 2015-08-03 07:21 - 00000000 ____D C:\Program Files (x86)\AntiPorn Pro The best AntiPorn addon
2015-09-20 07:10 - 2015-08-06 22:00 - 00000000 ____D C:\Program Files (x86)\My IP address
2015-09-20 07:10 - 2015-08-03 15:48 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder
2015-09-20 07:09 - 2015-04-26 14:01 - 00000000 ____D C:\Program Files (x86)\sound on click
2015-09-20 07:02 - 2015-05-17 13:06 - 00000000 ____D C:\Program Files (x86)\Epic Soccer Barcelona
2015-09-20 07:01 - 2015-06-05 18:24 - 00000000 ____D C:\Program Files (x86)\SickBeardConnect
2015-09-20 06:57 - 2015-02-18 14:27 - 00000000 ____D C:\Program Files (x86)\Hearthstone Stream Browser
2015-09-20 06:55 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\MicrOOMaSteers
2015-09-19 17:12 - 2014-12-09 05:56 - 00000000 ____D C:\Users\Owner
2015-09-19 17:11 - 2015-04-04 23:50 - 00000000 ___SD C:\windows\system32\GWX
2015-09-19 17:10 - 2014-12-09 06:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-19 17:10 - 2014-12-09 05:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-09-19 17:04 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-09-19 17:03 - 2015-06-16 10:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2015-09-15 08:31 - 2014-03-18 11:44 - 00019736 _____ C:\windows\PFRO.log
2015-09-03 20:09 - 2014-12-25 18:48 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2015-04-17 13:11 - 2015-08-06 21:59 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-08 19:32 - 2015-08-17 22:32 - 0000020 _____ () C:\Users\Owner\AppData\Roaming\appdataFr2.bin
2015-07-15 15:37 - 2015-08-14 18:38 - 0000024 _____ () C:\Users\Owner\AppData\Roaming\appdataFr25.bin
2014-12-09 06:19 - 2015-08-23 16:01 - 0000421 _____ () C:\Users\Owner\AppData\Roaming\burnaware.ini
2014-12-09 05:57 - 2015-10-03 13:32 - 1273569 _____ () C:\Users\Owner\AppData\Local\BTServer.log
2015-08-20 09:50 - 2015-08-20 09:50 - 0000031 _____ () C:\Users\Owner\AppData\Local\burnaware.ini
2015-10-02 19:16 - 2015-10-02 19:19 - 0029696 _____ () C:\Users\Owner\AppData\Local\MSGBOX.EXE
2015-03-12 08:17 - 2015-03-12 08:17 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2015-10-03 12:13 - 2015-10-03 12:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-29 11:34

==================== End of FRST.txt ============================

#10 Příspěvek od **Rudy** » 03 říj 2015 15:46

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

smidakm · #11 Příspěvek od **smidakm** » 03 říj 2015 17:37

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3. 10. 2015
Čas skenování: 18:12
Protokol: ani.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.03.03
Databáze rootkitů: v2015.10.02.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Owner

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 350438
Uplynulý čas: 14 min, 15 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, , [0689c48ebfcc4ee8e63cad354aba5fa1],
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSSEADRIFT, , [e2ad0c46682381b599a464db9f64669a],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0826528E-6122-4F77-92A1-CCF0A846CB33}|NameServer, 82.163.143.172,82.163.142.174, Dobré: (), Špatné: (82.163.143.172,82.163.142.174),,[c4cb5bf7543776c010efd8b07293f907]

Složky: 2
PUP.Optional.MyIPAddress, C:\Program Files (x86)\My IP address, , [09866ae88cff1e18b3c92793bf4547b9],
PUP.Optional.MiniAdblocker, C:\ProgramData\Mini - Adblocker, , [f29db1a165261e18ba3d5fcc8e75b749],

Soubory: 12
PUP.Optional.MultiPlug.Uns, C:\ProgramData\Mini - Adblocker\Mini - Adblocker.exe, , [a7e864eecfbcd2643f2b009337cbca36],
PUP.Optional.BitCoinMiner, C:\Windows\SysWOW64\acumncjxdj.exe, , [226d173b9deeb1850d86267eec161fe1],
PUP.Optional.BitCoinMiner, C:\Windows\SysWOW64\acumncwvwsf.exe, , [7a15262cbdcecf678d061193da28b64a],
Trojan.BitCoinMiner, C:\Windows\SysWOW64\dcgmncjxdj.exe, , [7e1196bce1aa2f07a130a004e61c7090],
Trojan.BitCoinMiner, C:\Windows\SysWOW64\dcgmncwvwsf.exe, , [751ac58d0784a294b918d8ccfa0809f7],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncjxdj.exe, , [2768480aeba03ff7faf322c53cc4bb45],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncwvwsf.exe, , [a7e80f43d2b9d26416d7a83f05fbdc24],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Windows\System32\Tasks\DNSSEADRIFT, , [ccc3fa58b4d77abc1724d06f4cb79f61],
Malware.Trace, C:\Windows\Inf\ntvdm.inf, , [c7c83e1453387eb8e76e1c4d788c57a9],
PUP.Optional.MyIPAddress, C:\Program Files (x86)\My IP address\My IP address.dat, , [09866ae88cff1e18b3c92793bf4547b9],
PUP.Optional.VisualDiscovery, C:\Windows\Temp\VisualDiscovery.log, , [e6a95200503b1e1822aa6b6732d26799],
PUP.Optional.VisualDiscovery, C:\Windows\Temp\VisualDiscoveryr.log, , [137c6be7f09bee483b929c36b15326da],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#12 Příspěvek od **Rudy** » 03 říj 2015 17:43

Všechny nálezy smažte.

smidakm · #13 Příspěvek od **smidakm** » 03 říj 2015 18:10

Smazáno. Vypadá že to pomohlo.

#14 Příspěvek od **Rudy** » 03 říj 2015 19:05

Tak to jsem rád.

VIRY.CZ

Vyskakují reklamy

Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy

Re: Vyskakují reklamy