Dobrý den,
prosím o pomoc. Mám hrozně zpomalený počítač a antivir mi našel mnoho infiltrací.
Děkuji
Prihazuji log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Misa at 2013-08-11 15:39:16
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 590 GB (65%) free of 908 GB
Total RAM: 3955 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:39:20, on 11.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Misa.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: TBLayoutBHO - {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (file missing)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [CAPOSD] C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Fast boot service of lenovo (NSDSvc) - Unknown owner - C:\Windows\System32\NSDSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 13221 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 35818144
\??\C:\Windows\system32\conhost.exe "-206764078055232515650195703368390158-1938131480112909987794538950-1625520496
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {10971C85-5B7C-4BD2-9447-DA85AF962FFA}
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Lenovo\Nsd\startup.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe" PanProcess
taskeng.exe {4A5CB0F0-65C5-46CB-B699-5DF215E6DBF1}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe"
"C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe"
"C:\Windows\system32\igfxtray.exe"
"C:\Windows\system32\hkcmd.exe"
"C:\Windows\system32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3684.0.1269936504\1068099212" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,20 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2712 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3684.1.153145781\579451505" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3684.3.1378651214\715756676" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3684.4.2065744064\1130119373" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3684.5.1654249711\413771273" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_2/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3684.8.859212384\612957654" /prefetch:673131151
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3684.9.1164251529\784659368" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
WLIDSvcM.exe 5972
"C:\Users\Misa\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\
{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12 6308736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
TBLayoutBHO Class - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18 343784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12 4532096]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
AlxHelper Class - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18 343784]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EA582743-9076-4178-9AA6-7393FDF4D5CE} - Amazon Browser Bar - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll []
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19 164496]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-12-18 343784]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-31 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-31 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-31 439064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-11-10 2847016]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 1156712]
"SynLenovoGestureMgr"=C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [2011-11-10 408872]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2012-08-08 789856]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-08-08 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-08-08 6202416]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2012-08-08 206176]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2919168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\332BigDog]
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2011-12-10 548864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-12-18 825560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-12-18 39136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30 499608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Home Theater v4]
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2011-06-01 506712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Misa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-23 138096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-01-31 12446824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-21 19875944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-27 222504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-14 222504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2012-02-02 1380128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickTV.lnk]
C:\PROGRA~2\AVERTV~1.0\AVerQT.exe [2006-09-11 516096]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-21 291648]
"MuteSync"=C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [2012-02-04 343040]
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26 4351712]
"Intelligent Touchpad"=C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [2011-12-08 291272]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2012-08-08 329056]
"CAPOSD"=C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe [2012-02-09 1876992]
""= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-27 434688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2013-08-05 19:54:23 ----D---- C:\ProgramData\Installations
2013-08-05 19:26:33 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2013-08-05 19:26:27 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2013-07-23 21:14:59 ----D---- C:\Windows\temp
2013-07-23 21:14:39 ----A---- C:\ComboFix.txt
2013-07-23 20:57:24 ----D---- C:\$RECYCLE.BIN
2013-07-23 19:30:46 ----A---- C:\Windows\zip.exe
2013-07-23 19:30:46 ----A---- C:\Windows\SWSC.exe
2013-07-23 19:30:46 ----A---- C:\Windows\SWREG.exe
2013-07-23 19:30:46 ----A---- C:\Windows\sed.exe
2013-07-23 19:30:46 ----A---- C:\Windows\PEV.exe
2013-07-23 19:30:46 ----A---- C:\Windows\NIRCMD.exe
2013-07-23 19:30:46 ----A---- C:\Windows\MBR.exe
2013-07-23 19:30:46 ----A---- C:\Windows\grep.exe
2013-07-23 19:22:50 ----D---- C:\Qoobox
2013-07-23 19:22:39 ----D---- C:\Windows\erdnt
2013-07-23 19:10:56 ----D---- C:\Users\Misa\AppData\Roaming\SearchProtect
2013-07-23 17:59:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-07-23 17:17:56 ----D---- C:\rsit
2013-07-23 17:17:56 ----D---- C:\Program Files\trend micro
2013-07-23 17:08:34 ----D---- C:\Users\Misa\AppData\Roaming\Mozilla
2013-07-23 17:08:29 ----D---- C:\ProgramData\Mozilla
2013-07-23 17:08:29 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-23 17:08:25 ----D---- C:\Program Files (x86)\Mozilla Firefox.bak
2013-07-23 13:43:26 ----SHD---- C:\Windows\SYSWOW64\%APPDATA%
2013-07-23 13:42:48 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-23 13:42:37 ----D---- C:\Windows\system32\Macromed
2013-07-23 13:18:44 ----D---- C:\Program Files (x86)\x264 Video Codec
======List of files/folders modified in the last 1 month======
2013-08-11 15:39:20 ----D---- C:\Windows\Prefetch
2013-08-11 15:37:59 ----A---- C:\Windows\SYSWOW64\log.txt
2013-08-11 15:36:21 ----D---- C:\Windows\system32\Tasks
2013-08-11 15:36:21 ----D---- C:\ProgramData\VeriFace
2013-08-11 15:35:58 ----D---- C:\Windows\system32\config
2013-08-10 19:24:13 ----D---- C:\Users\Misa\AppData\Roaming\Skype
2013-08-10 18:55:53 ----D---- C:\Users\Misa\AppData\Roaming\uTorrent
2013-08-10 11:20:35 ----AD---- C:\Windows
2013-08-10 11:18:39 ----D---- C:\Windows\system32\catroot
2013-08-09 07:07:31 ----D---- C:\Windows\inf
2013-08-09 07:07:31 ----AD---- C:\Windows\System32
2013-08-09 07:07:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-08 09:44:27 ----SHD---- C:\System Volume Information
2013-08-05 20:16:51 ----SHD---- C:\Windows\Installer
2013-08-05 20:16:50 ----D---- C:\Program Files (x86)\Nokia
2013-08-05 20:16:50 ----D---- C:\Program Files (x86)\Common Files
2013-08-05 20:16:30 ----D---- C:\Windows\ModemLogs
2013-08-05 20:16:24 ----D---- C:\Windows\system32\DriverStore
2013-08-05 19:56:25 ----D---- C:\Users\Misa\AppData\Roaming\PC Suite
2013-08-05 19:56:24 ----D---- C:\Users\Misa\AppData\Roaming\Nokia
2013-08-05 19:56:08 ----D---- C:\Program Files\DIFX
2013-08-05 19:54:23 ----D---- C:\ProgramData
2013-08-05 19:51:57 ----D---- C:\Windows\winsxs
2013-08-05 19:41:54 ----D---- C:\ProgramData\Nokia
2013-08-05 19:41:40 ----D---- C:\Users\Misa\AppData\Roaming\Nokia Suite
2013-08-05 19:36:39 ----D---- C:\Windows\system32\drivers
2013-08-05 19:26:33 ----DC---- C:\Windows\system32\DRVSTORE
2013-08-05 19:26:27 ----RD---- C:\Program Files (x86)
2013-08-05 09:24:52 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-07-29 22:05:35 ----D---- C:\Program Files (x86)\The KMPlayer
2013-07-26 10:51:44 ----D---- C:\Users\Misa\AppData\Roaming\BSplayer
2013-07-23 20:57:36 ----A---- C:\Windows\system.ini
2013-07-23 20:57:22 ----D---- C:\Windows\system32\drivers\etc
2013-07-23 20:52:16 ----D---- C:\Windows\Tasks
2013-07-23 20:48:51 ----D---- C:\Windows\SYSWOW64\drivers
2013-07-23 20:48:51 ----D---- C:\Windows\SysWOW64
2013-07-23 20:48:51 ----D---- C:\Windows\AppPatch
2013-07-23 19:41:32 ----D---- C:\Program Files (x86)\Amazon Browser Bar
2013-07-23 19:26:14 ----D---- C:\Windows\SoftwareDistribution
2013-07-23 17:33:36 ----D---- C:\Windows\Minidump
2013-07-23 17:33:36 ----D---- C:\Windows\Logs
2013-07-23 17:33:36 ----D---- C:\Windows\debug
2013-07-23 17:17:56 ----RD---- C:\Program Files
2013-07-23 15:24:29 ----D---- C:\Windows\system32\catroot2
2013-07-23 13:23:19 ----D---- C:\ProgramData\Skype
2013-07-23 13:23:17 ----RD---- C:\Program Files (x86)\Skype
2013-07-23 13:19:05 ----SD---- C:\ProgramData\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 fbfmon;fbfmon; C:\Windows\system32\drivers\fbfmon.sys [2012-08-08 57952]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2012-08-08 39008]
R0 NSD;NSD; C:\Windows\system32\drivers\nsd.sys [2011-12-24 24160]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-10-03 30056]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 BPntDrv;BPntDrv; C:\Windows\system32\drivers\BPntDrv.sys [2012-08-08 13408]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 Nsdfltr;Nsdfltr; C:\Windows\system32\drivers\Nsdfltr.sys [2011-12-22 59488]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2012-08-08 30816]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-10 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-02-02 211496]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-27 14748416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-01-31 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2012-04-20 25528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 11417088]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-11-10 401456]
R3 vm332avs;Lenovo Camera2; C:\Windows\System32\Drivers\vm332avs.sys [2011-12-15 958800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\Windows\system32\drivers\averhbtv.sys [2006-09-08 329472]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-10-10 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 116992]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2012-04-20 35256]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2011-10-24 313960]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-02-02 945440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-08 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-08 277784]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 136176]
S2 NSDSvc;Fast boot service of lenovo; C:\Windows\System32\NSDSvc.exe [2011-12-24 120160]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-03 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-31 276248]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 42360]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-23 117144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojský kůň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Trojský kůň
Zdravim 
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbanr
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
- Provedte aktualizaci
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
Díky za reakci
Ještě než se do toho pustím, došlo mi, že jsem měla k počítači připojený v týdnu i externí disk, může být infikovaný i ten?
Mám postupovat, jak jste mi napsal s připojeným diskem nebo vám mám nejdřív vložit nový RSIT log s diskem?
Ještě než se do toho pustím, došlo mi, že jsem měla k počítači připojený v týdnu i externí disk, může být infikovaný i ten?
Mám postupovat, jak jste mi napsal s připojeným diskem nebo vám mám nejdřív vložit nový RSIT log s diskem?
Re: Trojský kůň
Pripojte disk a nechte jej proskenovat MBAR a tez predevsim MBAM"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
MBAR log:
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
Database version: v2013.08.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Misa :: MISA-NB [administrator]
11.8.2013 22:15:02
mbar-log-2013-08-11 (22-15-02).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 267221
Time elapsed: 10 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\Windows\Installer\{8dd83ede-1f0e-c97c-67dd-b739152bfd2d}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{8dd83ede-1f0e-c97c-67dd-b739152bfd2d}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
MBAM log:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2013.08.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Misa :: MISA-NB [administrátor]
Ochrana: Povolena
11.8.2013 22:36:17
MBAM-log-2013-08-12 (08-09-58).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 510870
Uplynulý čas: 1 hodin, 25 minut, 30 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Misa\AppData\Roaming\uTorrent\ism.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Users\Misa\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.SearchProtect.A) -> Nebyla provedena žádná instrukce.
(konec)
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
Database version: v2013.08.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Misa :: MISA-NB [administrator]
11.8.2013 22:15:02
mbar-log-2013-08-11 (22-15-02).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 267221
Time elapsed: 10 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\Windows\Installer\{8dd83ede-1f0e-c97c-67dd-b739152bfd2d}\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\Installer\{8dd83ede-1f0e-c97c-67dd-b739152bfd2d}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
MBAM log:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2013.08.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Misa :: MISA-NB [administrátor]
Ochrana: Povolena
11.8.2013 22:36:17
MBAM-log-2013-08-12 (08-09-58).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 510870
Uplynulý čas: 1 hodin, 25 minut, 30 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
C:\Users\Misa\AppData\Roaming\uTorrent\ism.exe (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
C:\Users\Misa\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.SearchProtect.A) -> Nebyla provedena žádná instrukce.
(konec)
Re: Trojský kůň
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
Ok.
A ty dvě detekce, které mi našel MBAM? Ignorovat a zavřít nebo odstranit?
A ty dvě detekce, které mi našel MBAM? Ignorovat a zavřít nebo odstranit?
Re: Trojský kůň
Rkill:
Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/12/2013 03:27:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 08/12/2013 03:28:47 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
Combofix:
ComboFix 13-08-12.01 - Misa 12.08.2013 15:33:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.2088 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-12 do 2013-08-12 )))))))))))))))))))))))))))))))
.
.
2013-08-12 13:39 . 2013-08-12 13:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-12 13:39 . 2013-08-12 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 20:33 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 20:32 . 2013-08-11 20:32 -------- d-----w- c:\users\Misa\AppData\Local\Programs
2013-08-11 20:14 . 2013-08-11 20:14 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-11 19:41 . 2013-08-11 20:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-11 19:39 . 2013-08-11 19:39 -------- d-----w- c:\programdata\Malwarebytes
2013-08-05 17:54 . 2013-08-05 17:54 -------- d-----w- c:\programdata\Installations
2013-08-05 17:26 . 2012-10-17 12:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-05 17:26 . 2013-08-05 17:26 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-08-05 17:08 . 2013-08-05 17:08 -------- d-----w- c:\users\Misa\AppData\Local\NokiaAccount
2013-07-26 03:37 . 2013-08-12 00:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A0BA8F-D27F-4331-BC36-5E0A130FBD6B}\offreg.dll
2013-07-23 17:10 . 2013-07-23 17:10 -------- d-----w- c:\users\Misa\AppData\Roaming\SearchProtect
2013-07-23 15:17 . 2013-08-11 13:39 -------- d-----w- c:\program files\trend micro
2013-07-23 15:17 . 2013-07-23 15:21 -------- d-----w- C:\rsit
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Macromedia
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Mozilla
2013-07-23 15:08 . 2013-07-23 17:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-23 11:43 . 2013-07-23 11:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-07-23 11:42 . 2013-07-23 12:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 11:42 . 2013-07-23 12:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 11:42 . 2013-07-23 11:42 -------- d-----w- c:\windows\system32\Macromed
2013-07-23 11:19 . 2013-07-23 11:19 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-23 11:18 . 2013-07-23 11:18 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 08:33 . 2012-12-28 09:45 75016696 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"MuteSync"="c:\program files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" [2012-02-04 343040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-08 329056]
"CAPOSD"="c:\progra~2\Lenovo\LENOVO~2\CAPOSD.exe" [2012-02-09 1876992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys;c:\windows\SYSNATIVE\drivers\averhbtv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:58 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 12:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-08 00:12 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-08 789856]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-08 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-08 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-08-08 206176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.101.13
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-07-23 17:08; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2013-07-23 19:10; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-08-12 15:41:08
ComboFix-quarantined-files.txt 2013-08-12 13:41
ComboFix2.txt 2013-07-23 19:14
ComboFix3.txt 2013-07-23 17:52
.
Před spuštěním: Volných bajtů: 629 341 446 144
Po spuštění: Volných bajtů: 629 046 517 760
.
- - End Of File - - 932FE27B45D80FC0ADAB7718902C78F3
D41D8CD98F00B204E9800998ECF8427E
Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/12/2013 03:27:53 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 08/12/2013 03:28:47 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
Combofix:
ComboFix 13-08-12.01 - Misa 12.08.2013 15:33:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.2088 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-12 do 2013-08-12 )))))))))))))))))))))))))))))))
.
.
2013-08-12 13:39 . 2013-08-12 13:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-12 13:39 . 2013-08-12 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 20:33 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 20:32 . 2013-08-11 20:32 -------- d-----w- c:\users\Misa\AppData\Local\Programs
2013-08-11 20:14 . 2013-08-11 20:14 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-11 19:41 . 2013-08-11 20:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-11 19:39 . 2013-08-11 19:39 -------- d-----w- c:\programdata\Malwarebytes
2013-08-05 17:54 . 2013-08-05 17:54 -------- d-----w- c:\programdata\Installations
2013-08-05 17:26 . 2012-10-17 12:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-05 17:26 . 2013-08-05 17:26 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-08-05 17:08 . 2013-08-05 17:08 -------- d-----w- c:\users\Misa\AppData\Local\NokiaAccount
2013-07-26 03:37 . 2013-08-12 00:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A0BA8F-D27F-4331-BC36-5E0A130FBD6B}\offreg.dll
2013-07-23 17:10 . 2013-07-23 17:10 -------- d-----w- c:\users\Misa\AppData\Roaming\SearchProtect
2013-07-23 15:17 . 2013-08-11 13:39 -------- d-----w- c:\program files\trend micro
2013-07-23 15:17 . 2013-07-23 15:21 -------- d-----w- C:\rsit
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Macromedia
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Mozilla
2013-07-23 15:08 . 2013-07-23 17:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-23 11:43 . 2013-07-23 11:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-07-23 11:42 . 2013-07-23 12:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 11:42 . 2013-07-23 12:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 11:42 . 2013-07-23 11:42 -------- d-----w- c:\windows\system32\Macromed
2013-07-23 11:19 . 2013-07-23 11:19 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-23 11:18 . 2013-07-23 11:18 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 08:33 . 2012-12-28 09:45 75016696 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"MuteSync"="c:\program files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" [2012-02-04 343040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-08 329056]
"CAPOSD"="c:\progra~2\Lenovo\LENOVO~2\CAPOSD.exe" [2012-02-09 1876992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys;c:\windows\SYSNATIVE\drivers\averhbtv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:58 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 12:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-08 00:12 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-08 789856]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-08 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-08 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-08-08 206176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.101.13
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-07-23 17:08; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2013-07-23 19:10; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-08-12 15:41:08
ComboFix-quarantined-files.txt 2013-08-12 13:41
ComboFix2.txt 2013-07-23 19:14
ComboFix3.txt 2013-07-23 17:52
.
Před spuštěním: Volných bajtů: 629 341 446 144
Po spuštění: Volných bajtů: 629 046 517 760
.
- - End Of File - - 932FE27B45D80FC0ADAB7718902C78F3
D41D8CD98F00B204E9800998ECF8427E
Re: Trojský kůň
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Prohledat
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
Adw Cleaner log:
# AdwCleaner v2.306 - Log vytvooen 13/08/2013 v 18:48:21
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Misa - MISA-NB
# Spuštin systém : Normální
# Spuštino z : C:\Users\Misa\Desktop\adwcleaner.exe
# Volba [Prohledat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Nalezeno : C:\Program Files (x86)\Amazon Browser Bar
Složka Nalezeno : C:\Program Files (x86)\RegClean
Složka Nalezeno : C:\Program Files (x86)\TornTV.com
Složka Nalezeno : C:\ProgramData\Partner
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\CT3298566
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\SearchProtect
Soubor Nalezeno : C:\END
Soubor Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\searchplugins\Conduit.xml
***** [Registry] *****
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Klíe Nalezeno : HKCU\Software\1ClickDownload
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\StartSearch
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry jsou eisté.
-\\ Mozilla Firefox v22.0 (cs)
Soubor : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\prefs.js
Nalezeno : user_pref("CT3298566.FF19Solved", "true");
Nalezeno : user_pref("CT3298566.UserID", "UN28664223515734255");
Nalezeno : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Nalezeno : user_pref("CT3298566.fullUserID", "UN28664223515734255.IN.20130723191055");
Nalezeno : user_pref("CT3298566.installDate", "23/07/2013 19:10:55");
Nalezeno : user_pref("CT3298566.installSessionId", "{3AEDB9ED-D67C-4407-841C-75F67180F005}");
Nalezeno : user_pref("CT3298566.installSp", "TRUE");
Nalezeno : user_pref("CT3298566.installerVersion", "1.5.4.4");
Nalezeno : user_pref("CT3298566.keyword", "true");
Nalezeno : user_pref("CT3298566.originalHomepage", "about:home");
Nalezeno : user_pref("CT3298566.originalSearchAddressUrl", "");
Nalezeno : user_pref("CT3298566.originalSearchEngine", "");
Nalezeno : user_pref("CT3298566.originalSearchEngineName", "");
Nalezeno : user_pref("CT3298566.searchRevert", "false");
Nalezeno : user_pref("CT3298566.searchUserMode", "2");
Nalezeno : user_pref("CT3298566.smartbar.homepage", "true");
Nalezeno : user_pref("CT3298566.versionFromInstaller", "10.16.70.5");
Nalezeno : user_pref("CT3298566.xpeMode", "0");
Nalezeno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Nalezeno : user_pref("browser.search.defaultenginename", "MixiDJ V30 Customized Web Search");
Nalezeno : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Nalezeno : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN286642235[...]
Nalezeno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Nalezeno : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.machineId", "PIQZP0C6+C5CTB/KUDFP6CLAOYPPSLHCIRYO/2AVGU7LI9UGT9OZ4WCAEV5Q+47GLT2[...]
-\\ Google Chrome v28.0.1500.95
Soubor : C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Soubor je eistý.
*************************
AdwCleaner[R1].txt - [10153 octets] - [13/08/2013 18:48:21]
########## EOF - C:\AdwCleaner[R1].txt - [10214 octets] ##########
# AdwCleaner v2.306 - Log vytvooen 13/08/2013 v 18:48:21
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Misa - MISA-NB
# Spuštin systém : Normální
# Spuštino z : C:\Users\Misa\Desktop\adwcleaner.exe
# Volba [Prohledat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Nalezeno : C:\Program Files (x86)\Amazon Browser Bar
Složka Nalezeno : C:\Program Files (x86)\RegClean
Složka Nalezeno : C:\Program Files (x86)\TornTV.com
Složka Nalezeno : C:\ProgramData\Partner
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\CT3298566
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Složka Nalezeno : C:\Users\Misa\AppData\Roaming\SearchProtect
Soubor Nalezeno : C:\END
Soubor Nalezeno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\searchplugins\Conduit.xml
***** [Registry] *****
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Klíe Nalezeno : HKCU\Software\1ClickDownload
Klíe Nalezeno : HKCU\Software\APN PIP
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Nalezeno : HKCU\Software\Conduit
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKCU\Software\PIP
Klíe Nalezeno : HKCU\Software\StartSearch
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\Software\PIP
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry jsou eisté.
-\\ Mozilla Firefox v22.0 (cs)
Soubor : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\prefs.js
Nalezeno : user_pref("CT3298566.FF19Solved", "true");
Nalezeno : user_pref("CT3298566.UserID", "UN28664223515734255");
Nalezeno : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Nalezeno : user_pref("CT3298566.fullUserID", "UN28664223515734255.IN.20130723191055");
Nalezeno : user_pref("CT3298566.installDate", "23/07/2013 19:10:55");
Nalezeno : user_pref("CT3298566.installSessionId", "{3AEDB9ED-D67C-4407-841C-75F67180F005}");
Nalezeno : user_pref("CT3298566.installSp", "TRUE");
Nalezeno : user_pref("CT3298566.installerVersion", "1.5.4.4");
Nalezeno : user_pref("CT3298566.keyword", "true");
Nalezeno : user_pref("CT3298566.originalHomepage", "about:home");
Nalezeno : user_pref("CT3298566.originalSearchAddressUrl", "");
Nalezeno : user_pref("CT3298566.originalSearchEngine", "");
Nalezeno : user_pref("CT3298566.originalSearchEngineName", "");
Nalezeno : user_pref("CT3298566.searchRevert", "false");
Nalezeno : user_pref("CT3298566.searchUserMode", "2");
Nalezeno : user_pref("CT3298566.smartbar.homepage", "true");
Nalezeno : user_pref("CT3298566.versionFromInstaller", "10.16.70.5");
Nalezeno : user_pref("CT3298566.xpeMode", "0");
Nalezeno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Nalezeno : user_pref("browser.search.defaultenginename", "MixiDJ V30 Customized Web Search");
Nalezeno : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Nalezeno : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN286642235[...]
Nalezeno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Nalezeno : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Nalezeno : user_pref("smartbar.machineId", "PIQZP0C6+C5CTB/KUDFP6CLAOYPPSLHCIRYO/2AVGU7LI9UGT9OZ4WCAEV5Q+47GLT2[...]
-\\ Google Chrome v28.0.1500.95
Soubor : C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Soubor je eistý.
*************************
AdwCleaner[R1].txt - [10153 octets] - [13/08/2013 18:48:21]
########## EOF - C:\AdwCleaner[R1].txt - [10214 octets] ##########
Re: Trojský kůň
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Smazat
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
# AdwCleaner v2.306 - Log vytvooen 14/08/2013 v 07:45:02
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Misa - MISA-NB
# Spuštin systém : Normální
# Spuštino z : C:\Users\Misa\Desktop\adwcleaner.exe
# Volba [Vymazat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Vymazáno : C:\Program Files (x86)\Amazon Browser Bar
Složka Vymazáno : C:\Program Files (x86)\RegClean
Složka Vymazáno : C:\Program Files (x86)\TornTV.com
Složka Vymazáno : C:\ProgramData\Partner
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\CT3298566
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\SearchProtect
Soubor Vymazáno : C:\END
Soubor Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\searchplugins\Conduit.xml
***** [Registry] *****
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Klíe Vymazáno : HKCU\Software\1ClickDownload
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\StartSearch
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry jsou eisté.
-\\ Mozilla Firefox v22.0 (cs)
Soubor : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\prefs.js
Vymazáno : user_pref("CT3298566.FF19Solved", "true");
Vymazáno : user_pref("CT3298566.UserID", "UN28664223515734255");
Vymazáno : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Vymazáno : user_pref("CT3298566.fullUserID", "UN28664223515734255.IN.20130723191055");
Vymazáno : user_pref("CT3298566.installDate", "23/07/2013 19:10:55");
Vymazáno : user_pref("CT3298566.installSessionId", "{3AEDB9ED-D67C-4407-841C-75F67180F005}");
Vymazáno : user_pref("CT3298566.installSp", "TRUE");
Vymazáno : user_pref("CT3298566.installerVersion", "1.5.4.4");
Vymazáno : user_pref("CT3298566.keyword", "true");
Vymazáno : user_pref("CT3298566.originalHomepage", "about:home");
Vymazáno : user_pref("CT3298566.originalSearchAddressUrl", "");
Vymazáno : user_pref("CT3298566.originalSearchEngine", "");
Vymazáno : user_pref("CT3298566.originalSearchEngineName", "");
Vymazáno : user_pref("CT3298566.searchRevert", "false");
Vymazáno : user_pref("CT3298566.searchUserMode", "2");
Vymazáno : user_pref("CT3298566.smartbar.homepage", "true");
Vymazáno : user_pref("CT3298566.versionFromInstaller", "10.16.70.5");
Vymazáno : user_pref("CT3298566.xpeMode", "0");
Vymazáno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Vymazáno : user_pref("browser.search.defaultenginename", "MixiDJ V30 Customized Web Search");
Vymazáno : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Vymazáno : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN286642235[...]
Vymazáno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Vymazáno : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.machineId", "PIQZP0C6+C5CTB/KUDFP6CLAOYPPSLHCIRYO/2AVGU7LI9UGT9OZ4WCAEV5Q+47GLT2[...]
-\\ Google Chrome v28.0.1500.95
Soubor : C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Soubor je eistý.
*************************
AdwCleaner[R1].txt - [10238 octets] - [13/08/2013 18:48:21]
AdwCleaner[S1].txt - [10212 octets] - [14/08/2013 07:45:02]
########## EOF - C:\AdwCleaner[S1].txt - [10273 octets] ##########
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Misa - MISA-NB
# Spuštin systém : Normální
# Spuštino z : C:\Users\Misa\Desktop\adwcleaner.exe
# Volba [Vymazat]
***** [Služby] *****
***** [Soubory / Složky] *****
Složka Vymazáno : C:\Program Files (x86)\Amazon Browser Bar
Složka Vymazáno : C:\Program Files (x86)\RegClean
Složka Vymazáno : C:\Program Files (x86)\TornTV.com
Složka Vymazáno : C:\ProgramData\Partner
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\CT3298566
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Složka Vymazáno : C:\Users\Misa\AppData\Roaming\SearchProtect
Soubor Vymazáno : C:\END
Soubor Vymazáno : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\searchplugins\Conduit.xml
***** [Registry] *****
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Klíe Vymazáno : HKCU\Software\1ClickDownload
Klíe Vymazáno : HKCU\Software\APN PIP
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKCU\Software\PIP
Klíe Vymazáno : HKCU\Software\StartSearch
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\Software\PIP
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
***** [Internetové prohlížeee] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry jsou eisté.
-\\ Mozilla Firefox v22.0 (cs)
Soubor : C:\Users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\prefs.js
Vymazáno : user_pref("CT3298566.FF19Solved", "true");
Vymazáno : user_pref("CT3298566.UserID", "UN28664223515734255");
Vymazáno : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Vymazáno : user_pref("CT3298566.fullUserID", "UN28664223515734255.IN.20130723191055");
Vymazáno : user_pref("CT3298566.installDate", "23/07/2013 19:10:55");
Vymazáno : user_pref("CT3298566.installSessionId", "{3AEDB9ED-D67C-4407-841C-75F67180F005}");
Vymazáno : user_pref("CT3298566.installSp", "TRUE");
Vymazáno : user_pref("CT3298566.installerVersion", "1.5.4.4");
Vymazáno : user_pref("CT3298566.keyword", "true");
Vymazáno : user_pref("CT3298566.originalHomepage", "about:home");
Vymazáno : user_pref("CT3298566.originalSearchAddressUrl", "");
Vymazáno : user_pref("CT3298566.originalSearchEngine", "");
Vymazáno : user_pref("CT3298566.originalSearchEngineName", "");
Vymazáno : user_pref("CT3298566.searchRevert", "false");
Vymazáno : user_pref("CT3298566.searchUserMode", "2");
Vymazáno : user_pref("CT3298566.smartbar.homepage", "true");
Vymazáno : user_pref("CT3298566.versionFromInstaller", "10.16.70.5");
Vymazáno : user_pref("CT3298566.xpeMode", "0");
Vymazáno : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Vymazáno : user_pref("browser.search.defaultenginename", "MixiDJ V30 Customized Web Search");
Vymazáno : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Vymazáno : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN286642235[...]
Vymazáno : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Vymazáno : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Vymazáno : user_pref("smartbar.machineId", "PIQZP0C6+C5CTB/KUDFP6CLAOYPPSLHCIRYO/2AVGU7LI9UGT9OZ4WCAEV5Q+47GLT2[...]
-\\ Google Chrome v28.0.1500.95
Soubor : C:\Users\Misa\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Soubor je eistý.
*************************
AdwCleaner[R1].txt - [10238 octets] - [13/08/2013 18:48:21]
AdwCleaner[S1].txt - [10212 octets] - [14/08/2013 07:45:02]
########## EOF - C:\AdwCleaner[S1].txt - [10273 octets] ##########
Re: Trojský kůň
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\users\Misa\AppData\Roaming\SearchProtect File:: c:\windows\Tasks\Adobe Flash Player Updater.job RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Trojský kůň
ComboFix 13-08-14.02 - Misa 15.08.2013 7:24.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.2495 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-15 do 2013-08-15 )))))))))))))))))))))))))))))))
.
.
2013-08-15 05:30 . 2013-08-15 05:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-15 05:30 . 2013-08-15 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-12 20:24 . 2013-08-12 20:24 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A0BA8F-D27F-4331-BC36-5E0A130FBD6B}\offreg.dll
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 20:33 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 20:32 . 2013-08-11 20:32 -------- d-----w- c:\users\Misa\AppData\Local\Programs
2013-08-11 20:14 . 2013-08-11 20:14 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-11 19:41 . 2013-08-11 20:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-11 19:39 . 2013-08-11 19:39 -------- d-----w- c:\programdata\Malwarebytes
2013-08-05 17:54 . 2013-08-05 17:54 -------- d-----w- c:\programdata\Installations
2013-08-05 17:26 . 2012-10-17 12:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-05 17:26 . 2013-08-05 17:26 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-08-05 17:08 . 2013-08-05 17:08 -------- d-----w- c:\users\Misa\AppData\Local\NokiaAccount
2013-07-23 15:17 . 2013-08-11 13:39 -------- d-----w- c:\program files\trend micro
2013-07-23 15:17 . 2013-07-23 15:21 -------- d-----w- C:\rsit
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Macromedia
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Mozilla
2013-07-23 15:08 . 2013-07-23 17:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-23 11:43 . 2013-07-23 11:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-07-23 11:42 . 2013-07-23 12:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 11:42 . 2013-07-23 12:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 11:42 . 2013-07-23 11:42 -------- d-----w- c:\windows\system32\Macromed
2013-07-23 11:19 . 2013-07-23 11:19 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-23 11:18 . 2013-07-23 11:18 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"MuteSync"="c:\program files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" [2012-02-04 343040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-08 329056]
"CAPOSD"="c:\progra~2\Lenovo\LENOVO~2\CAPOSD.exe" [2012-02-09 1876992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys;c:\windows\SYSNATIVE\drivers\averhbtv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:58 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-08 00:12 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-08 789856]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-08 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-08 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-08-08 206176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.101.17
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-07-23 17:08; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2013-07-23 19:10; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-08-15 07:37:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-15 05:37
ComboFix2.txt 2013-08-12 13:41
ComboFix3.txt 2013-07-23 19:14
ComboFix4.txt 2013-07-23 17:52
.
Před spuštěním: Volných bajtů: 624 234 979 328
Po spuštění: Volných bajtů: 628 102 094 848
.
- - End Of File - - 9D39A22C346873824B3B29999CEF7EF4
D41D8CD98F00B204E9800998ECF8427E
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3955.2495 [GMT 2:00]
Spuštěný z: c:\users\Misa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Misa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-15 do 2013-08-15 )))))))))))))))))))))))))))))))
.
.
2013-08-15 05:30 . 2013-08-15 05:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-15 05:30 . 2013-08-15 05:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-12 20:24 . 2013-08-12 20:24 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A0BA8F-D27F-4331-BC36-5E0A130FBD6B}\offreg.dll
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\users\Misa\AppData\Roaming\Malwarebytes
2013-08-11 20:33 . 2013-08-11 20:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-11 20:33 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 20:32 . 2013-08-11 20:32 -------- d-----w- c:\users\Misa\AppData\Local\Programs
2013-08-11 20:14 . 2013-08-11 20:14 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-08-11 19:41 . 2013-08-11 20:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-11 19:39 . 2013-08-11 19:39 -------- d-----w- c:\programdata\Malwarebytes
2013-08-05 17:54 . 2013-08-05 17:54 -------- d-----w- c:\programdata\Installations
2013-08-05 17:26 . 2012-10-17 12:53 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-05 17:26 . 2013-08-05 17:26 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-08-05 17:08 . 2013-08-05 17:08 -------- d-----w- c:\users\Misa\AppData\Local\NokiaAccount
2013-07-23 15:17 . 2013-08-11 13:39 -------- d-----w- c:\program files\trend micro
2013-07-23 15:17 . 2013-07-23 15:21 -------- d-----w- C:\rsit
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Macromedia
2013-07-23 15:08 . 2013-07-23 15:08 -------- d-----w- c:\users\Misa\AppData\Local\Mozilla
2013-07-23 15:08 . 2013-07-23 17:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-07-23 11:43 . 2013-07-23 11:43 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-07-23 11:42 . 2013-07-23 12:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-23 11:42 . 2013-07-23 12:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-23 11:42 . 2013-07-23 11:42 -------- d-----w- c:\windows\system32\Macromed
2013-07-23 11:19 . 2013-07-23 11:19 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-23 11:18 . 2013-07-23 11:18 -------- d-----w- c:\program files (x86)\x264 Video Codec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"MuteSync"="c:\program files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" [2012-02-04 343040]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-08 329056]
"CAPOSD"="c:\progra~2\Lenovo\LENOVO~2\CAPOSD.exe" [2012-02-09 1876992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys;c:\windows\SYSNATIVE\drivers\averhbtv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 04:58 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-08 00:12 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"SynLenovoGestureMgr"="c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-08 789856]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-08 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-08 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-08-08 206176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-18 2919168]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.16.101.17
FF - ProfilePath - c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-07-23 17:08; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: 2013-07-23 19:10; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Misa\AppData\Roaming\Mozilla\Firefox\Profiles\cjtjv4wn.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\PANDORA.TV\PanService\PanProcess.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-08-15 07:37:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-15 05:37
ComboFix2.txt 2013-08-12 13:41
ComboFix3.txt 2013-07-23 19:14
ComboFix4.txt 2013-07-23 17:52
.
Před spuštěním: Volných bajtů: 624 234 979 328
Po spuštění: Volných bajtů: 628 102 094 848
.
- - End Of File - - 9D39A22C346873824B3B29999CEF7EF4
D41D8CD98F00B204E9800998ECF8427E
Re: Trojský kůň
Fajn, jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?