Zdravím a prosím o pomoc s neustale vyskakujúcimi reklamnými oknami a otváraním nechcených stránok, ktoré pravdepodobne sposobuje proces techgile:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Michal (administrator) on MICHAL-THINK on 10-11-2014 21:11:31
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
() C:\Program Files (x86)\Techgile\updateTechgile.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\Techgile\bin\utilTechgile.exe
() C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter.exe
() C:\Program Files (x86)\Techgile\bin\Techgile.BrowserAdapter64.exe
() C:\Program Files (x86)\Techgile\bin\Techgile.BOASHelper.exe
() C:\Program Files (x86)\Techgile\bin\Techgile.PurBrowse64.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-30] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [BCSSync] => C:\Programy\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [231896 2014-11-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187352 2014-11-03] (Client Connect LTD)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3 ... 37A1&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programy\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programy\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Programy\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @swiftview.com/SwiftView -> C:\Program Files (x86)\SwiftView\npsview.dll (SwiftView, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2004369296-1101146853-885742024-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\user.js
FF SearchPlugin: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\searchplugins\trovi-search.xml
FF Extension: Ghostery - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\firefox@ghostery.com.xpi [2014-04-05]
FF Extension: Adblock Plus - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-01-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Programy\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google Search) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Techgile) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\odimognccioelmebaecjhapdbcoaboao [2014-11-07]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3054552 2014-11-03] (Client Connect LTD)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MaintainerSvc4.29.2173613; C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe [123632 2014-11-10] ()
S3 Microsoft SharePoint Workspace Audit Service; C:\Programy\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 Update Techgile; C:\Program Files (x86)\Techgile\updateTechgile.exe [525552 2014-11-10] ()
R2 Util Techgile; C:\Program Files (x86)\Techgile\bin\utilTechgile.exe [525552 2014-11-10] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-21] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R1 {3254b624-3dc6-470b-b41f-230aff035acc}Gw64; C:\Windows\System32\drivers\{3254b624-3dc6-470b-b41f-230aff035acc}Gw64.sys [48784 2014-11-07] (StdLib)
R1 {b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64; C:\Windows\System32\drivers\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64.sys [48784 2014-11-10] (StdLib)
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 21:11 - 2014-11-10 21:12 - 00019774 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-11-10 21:10 - 2014-11-10 21:11 - 00000000 ____D () C:\FRST
2014-11-10 21:07 - 2014-11-10 21:07 - 02116096 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-11-10 21:07 - 2014-11-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-11-10 20:54 - 2014-11-10 20:54 - 00000460 _____ () C:\Windows\AutoKMS.log
2014-11-10 20:53 - 2014-11-10 20:53 - 00001328 _____ () C:\Windows\PFRO.log
2014-11-10 20:53 - 2014-11-10 20:53 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-11-10 20:53 - 2014-11-10 20:53 - 00000056 _____ () C:\Windows\setupact.log
2014-11-10 20:53 - 2014-11-10 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 20:13 - 2014-11-10 20:16 - 00000000 ____D () C:\Users\Michal\Desktop\hijackthis
2014-11-10 19:50 - 2014-11-10 19:50 - 00000000 ____D () C:\Windows\pss
2014-11-10 17:59 - 2014-11-10 08:35 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64.sys
2014-11-10 17:40 - 2014-11-10 17:40 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-07 15:31 - 2014-11-10 16:17 - 00000000 ____D () C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669
2014-11-07 15:02 - 2014-11-07 02:31 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{3254b624-3dc6-470b-b41f-230aff035acc}Gw64.sys
2014-11-07 13:56 - 2014-11-10 21:05 - 00000000 ____D () C:\Program Files (x86)\Techgile
2014-11-07 13:55 - 2014-11-07 13:55 - 00000841 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-11-07 13:55 - 2014-11-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2014-11-07 11:36 - 2014-11-07 11:41 - 00000000 ____D () C:\Users\Michal\Desktop\karta mobil
2014-11-07 00:12 - 2014-11-07 00:31 - 1426457280 _____ () C:\Users\Michal\Desktop\CODEXIS ACADEMIA.mdx
2014-11-07 00:11 - 2014-11-07 11:25 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-11-06 17:26 - 2014-11-07 15:04 - 00000000 ____D () C:\Users\Michal\AppData\Local\CodexisRPD
2014-11-06 17:26 - 2014-11-07 00:35 - 00000964 _____ () C:\Users\Public\Desktop\CODEXIS 6 ACADEMIA.lnk
2014-11-06 17:26 - 2014-11-07 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CODEXIS 6 ACADEMIA
2014-10-29 22:17 - 2014-10-29 22:22 - 00000000 ____D () C:\Users\Michal\Desktop\citaty
2014-10-29 16:35 - 2014-10-29 16:35 - 00000764 _____ () C:\Users\Michal\Desktop\World of Tanks.lnk
2014-10-29 16:35 - 2014-10-29 16:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-23 20:46 - 2014-11-05 11:08 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnuteee
2014-10-22 18:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-22 18:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-22 18:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-22 18:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-22 18:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-22 18:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-22 18:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-22 18:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-22 18:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-22 18:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-22 18:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-22 18:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-22 18:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-22 18:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-22 18:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-22 18:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-22 18:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-22 18:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-22 18:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-22 18:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-22 18:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-22 18:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-22 18:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-22 18:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-22 18:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-22 18:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-22 18:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-22 18:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-22 18:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-22 17:15 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-22 17:15 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 17:15 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-22 17:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-22 17:15 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-22 16:35 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-22 16:35 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-22 16:27 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-22 16:27 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 23:02 - 2014-10-21 23:02 - 00000000 ____D () C:\Users\Michal\Desktop\Drive (2011)
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 21:08 - 2014-04-05 11:39 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnute
2014-11-10 21:05 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-10 21:03 - 2014-04-05 20:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-10 21:01 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 21:01 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 20:58 - 2012-01-27 17:44 - 00658296 _____ () C:\Windows\system32\perfh005.dat
2014-11-10 20:58 - 2012-01-27 17:44 - 00139982 _____ () C:\Windows\system32\perfc005.dat
2014-11-10 20:58 - 2009-07-14 06:13 - 01465948 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 20:54 - 2014-04-08 12:17 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2014-11-10 20:54 - 2012-01-27 18:34 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 20:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 20:51 - 2012-01-27 18:34 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 20:51 - 2012-01-27 18:04 - 01752227 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 20:50 - 2014-04-05 20:30 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\uTorrent
2014-11-10 20:29 - 2014-06-08 11:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Skype
2014-11-10 20:29 - 2014-04-04 18:52 - 00000000 ____D () C:\Users\Michal\Desktop\diplomka
2014-11-10 20:26 - 2014-06-07 13:21 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
2014-11-10 20:15 - 2014-04-05 00:23 - 00000000 ____D () C:\Users\Michal\AppData\Local\VirtualStore
2014-11-10 19:49 - 2014-07-06 12:47 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2014-11-10 19:49 - 2014-04-08 14:06 - 00000000 ____D () C:\Users\Michal\AppData\Local\CrashDumps
2014-11-10 17:40 - 2014-08-17 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-10 14:41 - 2014-06-07 13:21 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
2014-11-10 13:29 - 2014-04-05 14:38 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\vlc
2014-11-07 16:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-07 13:55 - 2014-04-05 11:37 - 00000000 ____D () C:\Programy
2014-11-01 12:23 - 2014-09-28 17:34 - 00002002 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2014-11-01 12:23 - 2014-04-08 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2014-10-29 16:41 - 2014-04-05 00:22 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-29 16:41 - 2012-01-27 18:34 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-29 16:35 - 2014-04-07 18:21 - 00000000 ____D () C:\Hry
2014-10-29 04:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 03:31 - 2014-04-05 00:22 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-29 03:31 - 2009-07-14 05:45 - 00411920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 05:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 10:00 - 2014-04-05 00:22 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-24 09:46 - 2012-01-27 18:34 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 09:46 - 2012-01-27 18:34 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 17:47 - 2014-10-04 08:52 - 00000000 ____D () C:\Users\Michal\Desktop\jelene
2014-10-19 21:35 - 2014-09-22 13:09 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\.minecraft
Some content of TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 12:24
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:154.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.69 GB) NTFS
Available physical RAM: 2522.39 MB
Total physical RAM: 4007.23 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 331C7E82)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Michal\Desktop" je 65569 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ForteConfig
C:\Program Files\Conexant\ForteConfig\fmapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTT
C:\Program Files\PC-Doctor\EnableToolbarW32.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
"C:\Programy\Tor\Vidalia\vidalia.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
C:\Programy\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Techgile
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Techgile
- Přílohy
-
- Addition.rar
- (8.87 KiB) Staženo 49 x
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Techgile
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Techgile
tu je log z Adw:
# AdwCleaner v4.101 - Report created 10/11/2014 at 21:37:39
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michal - MICHAL-THINK
# Running from : C:\Users\Michal\Desktop\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
Service Deleted : SPPD
[#] Service Deleted : Update Techgile
[#] Service Deleted : Util Techgile
Service Deleted : {3254b624-3dc6-470b-b41f-230aff035acc}Gw64
Service Deleted : {b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\SearchProtect
[!] Folder Deleted : C:\Program Files (x86)\Techgile
Folder Deleted : C:\Users\Michal\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
File Deleted : C:\Windows\System32\\drivers\{3254b624-3dc6-470b-b41f-230aff035acc}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64.sys
File Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\user.js
File Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Techgile
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Techgile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Techgile
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Techgile
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Techgile
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (cs)
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP227785BB-7AA[...]
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09[...]
-\\ Google Chrome v38.0.2125.111
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&SSPV=
-\\ Opera v20.0.1387.91
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [7923 octets] - [10/11/2014 21:35:26]
AdwCleaner[S0].txt - [7936 octets] - [10/11/2014 21:37:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7996 octets] ##########
# AdwCleaner v4.101 - Report created 10/11/2014 at 21:37:39
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michal - MICHAL-THINK
# Running from : C:\Users\Michal\Desktop\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
Service Deleted : SPPD
[#] Service Deleted : Update Techgile
[#] Service Deleted : Util Techgile
Service Deleted : {3254b624-3dc6-470b-b41f-230aff035acc}Gw64
Service Deleted : {b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\SearchProtect
[!] Folder Deleted : C:\Program Files (x86)\Techgile
Folder Deleted : C:\Users\Michal\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
File Deleted : C:\Windows\System32\\drivers\{3254b624-3dc6-470b-b41f-230aff035acc}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}Gw64.sys
File Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\user.js
File Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Techgile
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Techgile
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Techgile
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Techgile
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Techgile
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (cs)
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP227785BB-7AA[...]
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[s7brxi9f.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09[...]
-\\ Google Chrome v38.0.2125.111
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=55&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&SSPV=
-\\ Opera v20.0.1387.91
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC88081F2-62FF-425F-BEA0-A24E8472524A&SearchSource=58&CUI=&UM=5&UP=SP227785BB-7AA1-4B09-8EEA-3EFB52EA37A1&q={searchTerms}&SSPV=
[C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [7923 octets] - [10/11/2014 21:35:26]
AdwCleaner[S0].txt - [7936 octets] - [10/11/2014 21:37:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7996 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Techgile
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Techgile
zatial to vypadá to, ze problem je vyrieseny
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Michal (administrator) on MICHAL-THINK on 10-11-2014 22:19:37
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-30] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [BCSSync] => C:\Programy\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programy\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programy\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Programy\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @swiftview.com/SwiftView -> C:\Program Files (x86)\SwiftView\npsview.dll (SwiftView, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2004369296-1101146853-885742024-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Ghostery - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\firefox@ghostery.com.xpi [2014-04-05]
FF Extension: Techgile - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}.xpi [2014-11-10]
FF Extension: Adblock Plus - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-01-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Programy\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Hľadať v Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Peňaženka Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Techgile) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\odimognccioelmebaecjhapdbcoaboao [2014-11-07]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MaintainerSvc4.29.2173613; C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe [123632 2014-11-10] ()
S3 Microsoft SharePoint Workspace Audit Service; C:\Programy\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-21] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 22:19 - 2014-11-10 22:20 - 00016745 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-11-10 21:35 - 2014-11-10 21:37 - 00000000 ____D () C:\AdwCleaner
2014-11-10 21:33 - 2014-11-10 21:34 - 02140160 _____ () C:\Users\Michal\Desktop\adwcleaner_4.101.exe
2014-11-10 21:17 - 2014-11-10 21:17 - 00009078 _____ () C:\Users\Michal\Desktop\Addition.rar
2014-11-10 21:10 - 2014-11-10 22:19 - 00000000 ____D () C:\FRST
2014-11-10 21:07 - 2014-11-10 21:07 - 02116096 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-11-10 21:07 - 2014-11-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-11-10 20:54 - 2014-11-10 21:39 - 00000920 _____ () C:\Windows\AutoKMS.log
2014-11-10 20:53 - 2014-11-10 21:39 - 00000112 _____ () C:\Windows\setupact.log
2014-11-10 20:53 - 2014-11-10 21:38 - 00003344 _____ () C:\Windows\PFRO.log
2014-11-10 20:53 - 2014-11-10 20:53 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-11-10 20:53 - 2014-11-10 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 20:13 - 2014-11-10 20:16 - 00000000 ____D () C:\Users\Michal\Desktop\hijackthis
2014-11-10 19:50 - 2014-11-10 19:50 - 00000000 ____D () C:\Windows\pss
2014-11-10 17:40 - 2014-11-10 17:40 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-07 15:31 - 2014-11-10 21:24 - 00000000 ____D () C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669
2014-11-07 13:56 - 2014-11-10 21:37 - 00000000 ____D () C:\Program Files (x86)\Techgile
2014-11-07 13:55 - 2014-11-07 13:55 - 00000841 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-11-07 13:55 - 2014-11-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2014-11-07 11:36 - 2014-11-07 11:41 - 00000000 ____D () C:\Users\Michal\Desktop\karta mobil
2014-11-07 00:12 - 2014-11-07 00:31 - 1426457280 _____ () C:\Users\Michal\Desktop\CODEXIS ACADEMIA.mdx
2014-11-07 00:11 - 2014-11-07 11:25 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-11-06 17:26 - 2014-11-07 15:04 - 00000000 ____D () C:\Users\Michal\AppData\Local\CodexisRPD
2014-11-06 17:26 - 2014-11-07 00:35 - 00000964 _____ () C:\Users\Public\Desktop\CODEXIS 6 ACADEMIA.lnk
2014-11-06 17:26 - 2014-11-07 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CODEXIS 6 ACADEMIA
2014-10-29 22:17 - 2014-10-29 22:22 - 00000000 ____D () C:\Users\Michal\Desktop\citaty
2014-10-29 16:35 - 2014-10-29 16:35 - 00000764 _____ () C:\Users\Michal\Desktop\World of Tanks.lnk
2014-10-29 16:35 - 2014-10-29 16:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-23 20:46 - 2014-11-05 11:08 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnuteee
2014-10-22 18:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-22 18:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-22 18:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-22 18:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-22 18:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-22 18:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-22 18:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-22 18:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-22 18:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-22 18:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-22 18:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-22 18:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-22 18:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-22 18:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-22 18:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-22 18:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-22 18:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-22 18:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-22 18:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-22 18:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-22 18:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-22 18:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-22 18:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-22 18:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-22 18:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-22 18:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-22 18:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-22 18:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-22 18:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-22 17:15 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-22 17:15 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 17:15 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-22 17:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-22 17:15 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-22 16:35 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-22 16:35 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-22 16:27 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-22 16:27 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 23:02 - 2014-10-21 23:02 - 00000000 ____D () C:\Users\Michal\Desktop\Drive (2011)
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 22:20 - 2012-01-27 18:04 - 01816475 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 21:51 - 2012-01-27 18:34 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 21:46 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 21:46 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 21:44 - 2012-01-27 17:44 - 00658296 _____ () C:\Windows\system32\perfh005.dat
2014-11-10 21:44 - 2012-01-27 17:44 - 00139982 _____ () C:\Windows\system32\perfc005.dat
2014-11-10 21:44 - 2009-07-14 06:13 - 01465948 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 21:39 - 2014-04-08 12:17 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2014-11-10 21:39 - 2012-01-27 18:34 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 21:37 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-10 21:34 - 2014-04-05 11:39 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnute
2014-11-10 20:50 - 2014-04-05 20:30 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\uTorrent
2014-11-10 20:29 - 2014-06-08 11:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Skype
2014-11-10 20:29 - 2014-04-04 18:52 - 00000000 ____D () C:\Users\Michal\Desktop\diplomka
2014-11-10 20:26 - 2014-06-07 13:21 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
2014-11-10 20:15 - 2014-04-05 00:23 - 00000000 ____D () C:\Users\Michal\AppData\Local\VirtualStore
2014-11-10 19:49 - 2014-07-06 12:47 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2014-11-10 19:49 - 2014-04-08 14:06 - 00000000 ____D () C:\Users\Michal\AppData\Local\CrashDumps
2014-11-10 17:40 - 2014-08-17 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-10 14:41 - 2014-06-07 13:21 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
2014-11-10 13:29 - 2014-04-05 14:38 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\vlc
2014-11-07 16:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-07 13:55 - 2014-04-05 11:37 - 00000000 ____D () C:\Programy
2014-11-01 12:23 - 2014-09-28 17:34 - 00002002 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2014-11-01 12:23 - 2014-04-08 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2014-10-29 16:41 - 2014-04-05 00:22 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-29 16:41 - 2012-01-27 18:34 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-29 16:35 - 2014-04-07 18:21 - 00000000 ____D () C:\Hry
2014-10-29 04:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 03:31 - 2014-04-05 00:22 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-29 03:31 - 2009-07-14 05:45 - 00411920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 05:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 10:00 - 2014-04-05 00:22 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-24 09:46 - 2012-01-27 18:34 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 09:46 - 2012-01-27 18:34 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 17:47 - 2014-10-04 08:52 - 00000000 ____D () C:\Users\Michal\Desktop\jelene
2014-10-19 21:35 - 2014-09-22 13:09 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\.minecraft
Some content of TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\Quarantine.exe
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 12:24
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:154.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.69 GB) NTFS
Available physical RAM: 1989.45 MB
Total physical RAM: 4007.23 MB
Percentage of memory in use: 50%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 331C7E82)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Michal\Desktop" je 65573 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ForteConfig
C:\Program Files\Conexant\ForteConfig\fmapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTT
C:\Program Files\PC-Doctor\EnableToolbarW32.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
"C:\Programy\Tor\Vidalia\vidalia.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
C:\Programy\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Michal (administrator) on MICHAL-THINK on 10-11-2014 22:19:37
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-30] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2014-09-22] (ESET)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [BCSSync] => C:\Programy\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ582
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programy\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programy\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Programy\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @swiftview.com/SwiftView -> C:\Program Files (x86)\SwiftView\npsview.dll (SwiftView, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2004369296-1101146853-885742024-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Ghostery - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\firefox@ghostery.com.xpi [2014-04-05]
FF Extension: Techgile - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\{b0aa2e34-2206-4d3d-8f9b-da4d3c817ee7}.xpi [2014-11-10]
FF Extension: Adblock Plus - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\s7brxi9f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-01-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Programy\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Hľadať v Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Peňaženka Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Techgile) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\odimognccioelmebaecjhapdbcoaboao [2014-11-07]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1350112 2014-09-16] (ESET)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MaintainerSvc4.29.2173613; C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669\maintainer.exe [123632 2014-11-10] ()
S3 Microsoft SharePoint Workspace Audit Service; C:\Programy\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Group Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-06-30] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-21] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-09-22] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-09-22] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-22] (ESET)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 22:19 - 2014-11-10 22:20 - 00016745 _____ () C:\Users\Michal\Desktop\FRST.txt
2014-11-10 21:35 - 2014-11-10 21:37 - 00000000 ____D () C:\AdwCleaner
2014-11-10 21:33 - 2014-11-10 21:34 - 02140160 _____ () C:\Users\Michal\Desktop\adwcleaner_4.101.exe
2014-11-10 21:17 - 2014-11-10 21:17 - 00009078 _____ () C:\Users\Michal\Desktop\Addition.rar
2014-11-10 21:10 - 2014-11-10 22:19 - 00000000 ____D () C:\FRST
2014-11-10 21:07 - 2014-11-10 21:07 - 02116096 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2014-11-10 21:07 - 2014-11-10 21:07 - 00112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2014-11-10 20:54 - 2014-11-10 21:39 - 00000920 _____ () C:\Windows\AutoKMS.log
2014-11-10 20:53 - 2014-11-10 21:39 - 00000112 _____ () C:\Windows\setupact.log
2014-11-10 20:53 - 2014-11-10 21:38 - 00003344 _____ () C:\Windows\PFRO.log
2014-11-10 20:53 - 2014-11-10 20:53 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-11-10 20:53 - 2014-11-10 20:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 20:13 - 2014-11-10 20:16 - 00000000 ____D () C:\Users\Michal\Desktop\hijackthis
2014-11-10 19:50 - 2014-11-10 19:50 - 00000000 ____D () C:\Windows\pss
2014-11-10 17:40 - 2014-11-10 17:40 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-07 15:31 - 2014-11-10 21:24 - 00000000 ____D () C:\ProgramData\685d26dc-c30a-434b-bda2-3004e8743669
2014-11-07 13:56 - 2014-11-10 21:37 - 00000000 ____D () C:\Program Files (x86)\Techgile
2014-11-07 13:55 - 2014-11-07 13:55 - 00000841 _____ () C:\Users\Public\Desktop\Google Books Downloader.lnk
2014-11-07 13:55 - 2014-11-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
2014-11-07 11:36 - 2014-11-07 11:41 - 00000000 ____D () C:\Users\Michal\Desktop\karta mobil
2014-11-07 00:12 - 2014-11-07 00:31 - 1426457280 _____ () C:\Users\Michal\Desktop\CODEXIS ACADEMIA.mdx
2014-11-07 00:11 - 2014-11-07 11:25 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-11-06 17:26 - 2014-11-07 15:04 - 00000000 ____D () C:\Users\Michal\AppData\Local\CodexisRPD
2014-11-06 17:26 - 2014-11-07 00:35 - 00000964 _____ () C:\Users\Public\Desktop\CODEXIS 6 ACADEMIA.lnk
2014-11-06 17:26 - 2014-11-07 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CODEXIS 6 ACADEMIA
2014-10-29 22:17 - 2014-10-29 22:22 - 00000000 ____D () C:\Users\Michal\Desktop\citaty
2014-10-29 16:35 - 2014-10-29 16:35 - 00000764 _____ () C:\Users\Michal\Desktop\World of Tanks.lnk
2014-10-29 16:35 - 2014-10-29 16:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-10-23 20:46 - 2014-11-05 11:08 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnuteee
2014-10-22 18:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-22 18:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-22 18:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-22 18:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-22 18:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-22 18:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-22 18:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-22 18:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-22 18:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-22 18:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-22 18:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-22 18:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-22 18:23 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-22 18:23 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-22 18:23 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-22 18:23 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-22 18:23 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-22 18:23 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-22 18:23 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-22 18:23 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-22 18:23 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-22 18:23 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-22 18:23 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-22 18:23 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-22 18:23 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-22 18:23 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-22 18:23 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-22 18:23 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-22 18:23 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-22 18:23 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-22 18:23 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-22 18:23 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-22 18:23 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-22 18:23 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-22 18:23 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-22 18:23 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-22 18:23 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-22 18:23 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-22 18:23 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-22 18:23 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-22 18:23 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-22 17:15 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-22 17:15 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-22 17:15 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 17:15 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-22 17:15 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-22 17:15 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-22 17:15 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-22 17:15 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-22 17:15 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-22 16:35 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-22 16:35 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-22 16:35 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-22 16:27 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-22 16:27 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 23:02 - 2014-10-21 23:02 - 00000000 ____D () C:\Users\Michal\Desktop\Drive (2011)
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 22:20 - 2012-01-27 18:04 - 01816475 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 21:51 - 2012-01-27 18:34 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 21:46 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 21:46 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 21:44 - 2012-01-27 17:44 - 00658296 _____ () C:\Windows\system32\perfh005.dat
2014-11-10 21:44 - 2012-01-27 17:44 - 00139982 _____ () C:\Windows\system32\perfc005.dat
2014-11-10 21:44 - 2009-07-14 06:13 - 01465948 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 21:39 - 2014-04-08 12:17 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2014-11-10 21:39 - 2012-01-27 18:34 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 21:37 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-10 21:34 - 2014-04-05 11:39 - 00000000 ____D () C:\Users\Michal\Desktop\stiahnute
2014-11-10 20:50 - 2014-04-05 20:30 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\uTorrent
2014-11-10 20:29 - 2014-06-08 11:35 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\Skype
2014-11-10 20:29 - 2014-04-04 18:52 - 00000000 ____D () C:\Users\Michal\Desktop\diplomka
2014-11-10 20:26 - 2014-06-07 13:21 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
2014-11-10 20:15 - 2014-04-05 00:23 - 00000000 ____D () C:\Users\Michal\AppData\Local\VirtualStore
2014-11-10 19:49 - 2014-07-06 12:47 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2014-11-10 19:49 - 2014-04-08 14:06 - 00000000 ____D () C:\Users\Michal\AppData\Local\CrashDumps
2014-11-10 17:40 - 2014-08-17 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-10 14:41 - 2014-06-07 13:21 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
2014-11-10 13:29 - 2014-04-05 14:38 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\vlc
2014-11-07 16:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-07 13:55 - 2014-04-05 11:37 - 00000000 ____D () C:\Programy
2014-11-01 12:23 - 2014-09-28 17:34 - 00002002 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2014-11-01 12:23 - 2014-04-08 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2014-10-29 16:41 - 2014-04-05 00:22 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-10-29 16:41 - 2012-01-27 18:34 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-29 16:35 - 2014-04-07 18:21 - 00000000 ____D () C:\Hry
2014-10-29 04:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-29 03:31 - 2014-04-05 00:22 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-29 03:31 - 2009-07-14 05:45 - 00411920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 05:34 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 10:00 - 2014-04-05 00:22 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-24 09:46 - 2012-01-27 18:34 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 09:46 - 2012-01-27 18:34 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 17:47 - 2014-10-04 08:52 - 00000000 ____D () C:\Users\Michal\Desktop\jelene
2014-10-19 21:35 - 2014-09-22 13:09 - 00000000 ____D () C:\Users\Michal\AppData\Roaming\.minecraft
Some content of TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\Quarantine.exe
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 12:24
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:154.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:4.69 GB) NTFS
Available physical RAM: 1989.45 MB
Total physical RAM: 4007.23 MB
Percentage of memory in use: 50%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: 331C7E82)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job => C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personálny Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Michal\Desktop" je 65573 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ForteConfig
C:\Program Files\Conexant\ForteConfig\fmapp.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTT
C:\Program Files\PC-Doctor\EnableToolbarW32.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
"C:\Programy\Tor\Vidalia\vidalia.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
C:\Programy\Winamp\winampa.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Techgile
Ješzě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
C:\Users\Michal\AppData\Local\Temp
C:\Windows\AutoKMS.exe
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Techgile
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Michal at 2014-11-11 19:52:31 Run:1
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
C:\Users\Michal\AppData\Local\Temp
C:\Windows\AutoKMS.exe
End
*****************
"HKU\S-1-5-21-2004369296-1101146853-885742024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63bb7462-f1cf-11e3-aa7b-f0def1c072fc}" => Key deleted successfully.
"HKCR\CLSID\{63bb7462-f1cf-11e3-aa7b-f0def1c072fc}" => Key not found.
"HKU\S-1-5-21-2004369296-1101146853-885742024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f10411c6-4907-11e1-8c4e-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{f10411c6-4907-11e1-8c4e-806e6f6e6963}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job => Moved successfully.
"C:\Users\Michal\AppData\Local\Temp" directory move:
C:\Users\Michal\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\CProgram Files (x86)Opera20.0.1387.91opera_autoupdate.lock => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\CVRE478.tmp.cvr => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Donate.ico => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\etilqs_7wxAM40WVdhLcjK" => Scheduled to move on reboot.
Could not move "C:\Users\Michal\AppData\Local\Temp\etilqs_Opbd0vlRXmjlgbg" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
Could not move "C:\Users\Michal\AppData\Local\Temp\opera_crashreporter.log" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\ulg => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~160.bat => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~160.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~3820.bat => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~3820.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~6E9A.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~80A4.tmp => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\~DF050B238BB5C8106A.TMP" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\~DFCC79CFB4988746F0.TMP => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\nsDialogs.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\NSISEncrypt.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\nsProcess.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\System.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\UserInfo.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nsn3EF9.tmp\ccsetup.exe => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\AutoKMS.exe => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-11 19:55:05)<=
C:\Users\Michal\AppData\Local\Temp\etilqs_7wxAM40WVdhLcjK => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\etilqs_Opbd0vlRXmjlgbg => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\opera_crashreporter.log => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\~DF050B238BB5C8106A.TMP => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
Ran by Michal at 2014-11-11 19:52:31 Run:1
Running from C:\Users\Michal\Desktop
Loaded Profile: Michal (Available profiles: Michal)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {63bb7462-f1cf-11e3-aa7b-f0def1c072fc} - E:\Startme.exe
HKU\S-1-5-21-2004369296-1101146853-885742024-1000\...\MountPoints2: {f10411c6-4907-11e1-8c4e-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job
C:\Users\Michal\AppData\Local\Temp
C:\Windows\AutoKMS.exe
End
*****************
"HKU\S-1-5-21-2004369296-1101146853-885742024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63bb7462-f1cf-11e3-aa7b-f0def1c072fc}" => Key deleted successfully.
"HKCR\CLSID\{63bb7462-f1cf-11e3-aa7b-f0def1c072fc}" => Key not found.
"HKU\S-1-5-21-2004369296-1101146853-885742024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f10411c6-4907-11e1-8c4e-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{f10411c6-4907-11e1-8c4e-806e6f6e6963}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2004369296-1101146853-885742024-1000Core.job => Moved successfully.
"C:\Users\Michal\AppData\Local\Temp" directory move:
C:\Users\Michal\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\CProgram Files (x86)Opera20.0.1387.91opera_autoupdate.lock => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\CVRE478.tmp.cvr => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Donate.ico => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\etilqs_7wxAM40WVdhLcjK" => Scheduled to move on reboot.
Could not move "C:\Users\Michal\AppData\Local\Temp\etilqs_Opbd0vlRXmjlgbg" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
Could not move "C:\Users\Michal\AppData\Local\Temp\opera_crashreporter.log" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\ulg => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~160.bat => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~160.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~3820.bat => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~3820.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~6E9A.tmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\~80A4.tmp => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp\~DF050B238BB5C8106A.TMP" => Scheduled to move on reboot.
C:\Users\Michal\AppData\Local\Temp\~DFCC79CFB4988746F0.TMP => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\nsDialogs.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\NSISEncrypt.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\nsProcess.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\System.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nspCE6E.tmp\UserInfo.dll => Moved successfully.
C:\Users\Michal\AppData\Local\Temp\nsn3EF9.tmp\ccsetup.exe => Moved successfully.
Could not move "C:\Users\Michal\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\AutoKMS.exe => Moved successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-11 19:55:05)<=
C:\Users\Michal\AppData\Local\Temp\etilqs_7wxAM40WVdhLcjK => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\etilqs_Opbd0vlRXmjlgbg => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\opera_crashreporter.log => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp\~DF050B238BB5C8106A.TMP => Is moved successfully.
C:\Users\Michal\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Techgile
Smazáno. Pokud problém pominul, je to vše.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Techgile
Ano problem pominul, Dakujem!
Este by som chcel zmienit jeden problem, ktory sa vyskytol uz pred problemom s reklamami. Google Chrome aj Mozzila mi po spusteni a nabehnuti uvodneho okna zamrznu a programy vlastne nejde pouzivat. Po spusteni IE mi dokonca po chvili pada system a nabieha "blue screen of death" Jediny prehliadac, ktory mi v pc funguje je opera. Reinstalaciu a pod. som skusal a nepomohlo ani na nete som sa nedpatral k rieseniu podobneho problemu. Myslite ,ze by to mohol sposobovat nejaky skodlivy softwer, vir alebo to bude skor nejaka systemova porucha?
Este by som chcel zmienit jeden problem, ktory sa vyskytol uz pred problemom s reklamami. Google Chrome aj Mozzila mi po spusteni a nabehnuti uvodneho okna zamrznu a programy vlastne nejde pouzivat. Po spusteni IE mi dokonca po chvili pada system a nabieha "blue screen of death" Jediny prehliadac, ktory mi v pc funguje je opera. Reinstalaciu a pod. som skusal a nepomohlo ani na nete som sa nedpatral k rieseniu podobneho problemu. Myslite ,ze by to mohol sposobovat nejaky skodlivy softwer, vir alebo to bude skor nejaka systemova porucha?
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Techgile
Reinstalovat musíte tak, že smažete i profil. Před tím musíte profily zazálohovat pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ , resp. ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ a zpět do nově naistalovaného prohlížeče nakopírovat pouze záložky a hesla. Dělal jste to tak?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?