HJT + ostatní

Fucza · Příspěvekod **Fucza** » 10 úno 2015 22:32

Prosím o pomoc s odvirováním notebook s Win 8.1. Moc děkuji.
ATF a TFC Cleaner jsou použil.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:30, on 10. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Barbara\Desktop\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSStp] C:\WINDOWS\inf\msstp.vbe
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10400 bytes

--------------------------------------------------------------------------------------------
# AdwCleaner v3.304 - Report created 12/08/2014 at 14:52:43
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Barbara - IDEA-PC
# Running from : C:\Users\Barbara\Desktop\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [782 octets] - [11/08/2014 20:00:53]
AdwCleaner[R1].txt - [703 octets] - [12/08/2014 14:52:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [762 octets] ##########
# AdwCleaner v4.110 - Logfile created 10/02/2015 at 22:36:23
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Barbara - IDEA-PC
# Running from : C:\Users\Barbara\Desktop\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Barbara\AppData\Roaming\OpenCandy

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

-\\ Google Chrome v40.0.2214.111

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [1675 bytes] - [11/08/2014 19:00:53]
AdwCleaner[R1].txt - [1602 bytes] - [12/08/2014 13:52:43]
AdwCleaner[S0].txt - [1798 bytes] - [12/08/2014 13:53:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1720 bytes] ##########

-------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10. 2. 2015
Scan Time: 22:42:21
Logfile: mban.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.10.11
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Barbara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 409349
Time Elapsed: 13 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\WINDOWS\inf\msstp.vbe, , [4e859e7edab05ed85ec32a96b54ef20e]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy, , [1eb5c458642646f0eeadea6651b253ad],
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\413D2EA341B5416B8169736920F94AD5, , [1eb5c458642646f0eeadea6651b253ad],
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\528254A5092F44669B46E015A7A6C058, , [1eb5c458642646f0eeadea6651b253ad],

Files: 7
Trojan.Bitminer, C:\Program Files (x86)\microsoft office 2010 cz full key plna verze\microsoft office 2010 cz full key plna verze.exe, , [d5fefe1e781257df376068d009f7d828],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumnckjvw.exe, , [607334e8cac0290d9327c27307fbf20e],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmnckjvw.exe, , [0cc7a478f496f046d0e512341ae8748c],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmnckjvw.exe, , [f4df20fc8307b77f446cba7a6c95a35d],
Trojan.Agent.SCR, C:\Windows\Inf\msstp.vbe, , [4e859e7edab05ed85ec32a96b54ef20e],
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\413D2EA341B5416B8169736920F94AD5\Opera_NI_stable.exe, , [1eb5c458642646f0eeadea6651b253ad],
PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\528254A5092F44669B46E015A7A6C058\AVG-PC-TuneUp2015_CS_2200604.exe, , [1eb5c458642646f0eeadea6651b253ad],

Physical Sectors: 0
(No malicious items detected)

(end)

Díky moc. Zatím jsem nic nemazal.

Reklama

Příspěvekod **jaro3** » 11 úno 2015 09:59

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Fucza · Příspěvekod **Fucza** » 11 úno 2015 17:02

Moc díky. Tady to je:

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 16:59:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Barbara - IDEA-PC
# Running from : C:\Users\Barbara\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Barbara\AppData\Roaming\OpenCandy

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

-\\ Google Chrome v40.0.2214.111

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [1675 bytes] - [11/08/2014 19:00:53]
AdwCleaner[R1].txt - [1799 bytes] - [12/08/2014 13:52:43]
AdwCleaner[R2].txt - [1015 bytes] - [11/02/2015 16:57:08]
AdwCleaner[S0].txt - [1798 bytes] - [12/08/2014 13:53:17]
AdwCleaner[S1].txt - [946 bytes] - [11/02/2015 16:59:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1004 bytes] ##########

-------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Barbara on st 11. 02. 2015 at 17:03:15,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 11. 02. 2015 at 17:06:07,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 11. 2. 2015
Scan Time: 17:09:54
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.11.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Barbara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410267
Time Elapsed: 12 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Barbara [Práva správce]
Mód : Prohledat -- Datum : 02/11/2015 17:32:26

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbyqkcl (System32\drivers\pxhc.sys) -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{726E2361-FF36-47FA-8DEE-44E852DDD4E0} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{726E2361-FF36-47FA-8DEE-44E852DDD4E0} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-1EJ162 +++++
--- User ---
[MBR] aa1c1e007b9e16f6e4f37aeb7b31282d
[BSP] a204e14e473ca5e8295dcfeaa3179d05 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_08142014_203343.log - RKreport_DEL_08152014_143454.log - RKreport_SCN_08142014_134340.log - RKreport_SCN_08142014_203137.log
RKreport_SCN_08152014_143222.log

Příspěvekod **jaro3** » 11 úno 2015 18:03

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + info o problémech

Fucza · Příspěvekod **Fucza** » 11 úno 2015 20:55

Díky. Pořád mám na spodní liště 2x prohlížeč Chrome. Jednou funguje a druhá "ikona" - tak tam je ten Chrome kruh v černím čtverci. Když na to kliknu, otevře se jakoby jen černé okno a "Aplikace se nedá otevřít". Divné.

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Barbara [Práva správce]
Mód : Smazat -- Datum : 02/11/2015 20:29:31

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbyqkcl -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{726E2361-FF36-47FA-8DEE-44E852DDD4E0} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{726E2361-FF36-47FA-8DEE-44E852DDD4E0} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-1EJ162 +++++
--- User ---
[MBR] aa1c1e007b9e16f6e4f37aeb7b31282d
[BSP] a204e14e473ca5e8295dcfeaa3179d05 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_08142014_203343.log - RKreport_DEL_08152014_143454.log - RKreport_SCN_02112015_173226.log - RKreport_SCN_08142014_134340.log
RKreport_SCN_08142014_203137.log - RKreport_SCN_08152014_143222.log - RKreport_SCN_02112015_202535.log

Zoek.exe v5.0.0.0 Updated 10-February-2015
Tool run by Barbara on st 11. 02. 2015 at 20:57:40,08.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Barbara\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11. 2. 2015 20:58:39 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default\prefs.js:

Added to C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default\extensions\abs@avira.com deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14. 07. 2014 17:22]

Skype Click to Call - Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{64CB089C-95F0-4A52-9767-8590BEDA34BB} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Barbara\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Barbara\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\SearchScopes\{64CB089C-95F0-4A52-9767-8590BEDA34BB} deleted successfully
HKEY_USERS\S-1-5-21-1625381792-3266785749-893686978-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{64CB089C-95F0-4A52-9767-8590BEDA34BB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\WFKTGL9M will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Barbara\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=165 folders=33 8742212 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Barbara\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Barbara\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\WFKTGL9M" not found
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on st 11. 02. 2015 at 21:33:26,66 ======================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:35:42, on 11. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Barbara\Desktop\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10592 bytes

Příspěvekod **jaro3** » 12 úno 2015 10:15

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Fucza · Příspěvekod **Fucza** » 12 úno 2015 15:44

Díky, zde to je:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Barbara at 2015-02-12 15:40:13
Running from C:\Users\Barbara\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.5.33.0 - Lenovo Group Limited)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
LibreOffice 4.3 Help Pack (Czech) (HKLM-x32\...\{38313EFE-097D-4FF5-A6A3-9EE54CB4ED2C}) (Version: 4.3.1.2 - The Document Foundation)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6859 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1625381792-3266785749-893686978-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

28-01-2015 12:03:00 Windows Update
02-02-2015 19:53:08 Removed Microsoft Office
08-02-2015 12:40:08 Windows Update
09-02-2015 22:42:17 Installed Microsoft Office Professional Plus 2010
11-02-2015 20:58:06 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-02-11 20:58 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {57C9298C-FBFF-495B-854E-1A2CFFCCBCFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-14] (Google Inc.)
Task: {78A763B7-AACE-4FCC-9C75-965E83DCBE33} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-10] ()
Task: {BF0BFA72-353F-4EBA-B373-75BEA2518E93} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CC295F20-C781-4F7C-9914-B6591156212A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CD1FDCD1-D897-4164-921E-C56592A10C18} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-09] (Synaptics Incorporated)
Task: {CF0F60E8-B277-4D8A-BB99-CF23D9193DCC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-20] (Microsoft Corporation)
Task: {EC3CE68B-3D30-4D70-B2B3-9822805F3184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-14] (Google Inc.)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 19:43 - 2013-12-10 19:43 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-12-10 19:43 - 2013-12-10 19:43 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-09 13:43 - 2014-12-09 13:43 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-12-10 19:16 - 2012-10-23 14:22 - 01199648 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-05 19:53 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 19:53 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 19:53 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 19:53 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Barbara\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Barbara\OneDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1625381792-3266785749-893686978-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1625381792-3266785749-893686978-500 - Administrator - Disabled) => C:\Users\Administrator
Barbara (S-1-5-21-1625381792-3266785749-893686978-1001 - Administrator - Enabled) => C:\Users\Barbara
Guest (S-1-5-21-1625381792-3266785749-893686978-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 08:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Aplikaci DefaultBrowser_NOPUBLISHERID!Chrome se nepovedlo aktivovat, protože došlo k chybě: -2144927151. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/11/2015 05:06:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Aplikaci DefaultBrowser_NOPUBLISHERID!Chrome se nepovedlo aktivovat, protože došlo k chybě: -2144927151. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/11/2015 05:06:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Aplikaci DefaultBrowser_NOPUBLISHERID!Chrome se nepovedlo aktivovat, protože došlo k chybě: -2144927151. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

System errors:
=============
Error: (02/12/2015 03:31:05 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/12/2015 02:18:16 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/12/2015 00:43:48 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/11/2015 09:10:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2015 09:10:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2015 09:09:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2015 09:09:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2015 09:09:59 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/11/2015 08:52:22 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/11/2015 08:19:52 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Microsoft Office Sessions:
=========================
Error: (02/11/2015 08:54:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927151

Error: (02/11/2015 05:06:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927151

Error: (02/11/2015 05:06:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927151

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 3987.27 MB
Available physical RAM: 2319.27 MB
Total Pagefile: 4691.27 MB
Available Pagefile: 2492.03 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:424.42 GB) (Free:372.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4C24C638)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Barbara (administrator) on IDEA-PC on 12-02-2015 15:39:23
Running from C:\Users\Barbara\Downloads
Loaded Profiles: Barbara (Available profiles: Barbara & Administrator)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Barbara\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1625381792-3266785749-893686978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1625381792-3266785749-893686978-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\FeQPRR5z.default\extensions\abs@avira.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Dokumenty Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Disk Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Tabulky Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Skype Click to Call) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-04]
CHR Extension: (Peněženka Google) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164736 2012-11-08] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-02] (LENOVO INCORPORATED.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-05] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-02] (Disc Soft Ltd)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-09] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-05] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 15:39 - 2015-02-12 15:39 - 00015870 _____ () C:\Users\Barbara\Downloads\FRST.txt
2015-02-12 15:39 - 2015-02-12 15:39 - 00000000 ____D () C:\FRST
2015-02-12 15:38 - 2015-02-12 15:38 - 02134016 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64 (2).exe
2015-02-12 15:36 - 2015-02-12 15:36 - 02134016 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64 (1).exe
2015-02-12 15:32 - 2015-02-12 15:32 - 02134016 _____ (Farbar) C:\Users\Barbara\Downloads\FRST64.exe
2015-02-12 09:16 - 2015-02-12 09:16 - 00003391 _____ () C:\Users\Barbara\Downloads\winmail.dat
2015-02-11 21:11 - 2015-02-11 20:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-11 20:58 - 2015-02-11 21:33 - 00007350 _____ () C:\zoek-results.log
2015-02-11 20:57 - 2015-02-11 21:28 - 00000000 ____D () C:\zoek_backup
2015-02-11 17:23 - 2015-02-11 17:23 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\pxhc.sys
2015-02-10 22:02 - 2015-02-10 22:02 - 01322458 _____ () C:\Users\Barbara\Desktop\Prezentacja1.pptx
2015-02-10 20:50 - 2015-02-10 20:50 - 00001473 _____ () C:\Users\Barbara\Desktop\gimp-2.8.lnk
2015-02-10 20:48 - 2015-02-10 20:48 - 00000853 _____ () C:\Users\Barbara\AppData\Local\recently-used.xbel
2015-02-10 20:48 - 2015-02-10 20:48 - 00000000 ____D () C:\Users\Barbara\AppData\Local\gtk-2.0
2015-02-10 20:48 - 2015-02-10 20:48 - 00000000 ____D () C:\Users\Barbara\.thumbnails
2015-02-10 20:46 - 2015-02-10 20:49 - 00000000 ____D () C:\Users\Barbara\.gimp-2.8
2015-02-10 20:46 - 2015-02-10 20:46 - 00000000 ____D () C:\Users\Barbara\AppData\Local\gegl-0.2
2015-02-10 20:44 - 2015-02-10 20:44 - 00000921 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-02-10 20:43 - 2015-02-10 20:43 - 00000000 ____D () C:\Program Files\GIMP 2
2015-02-10 20:35 - 2015-02-10 20:35 - 00001913 _____ () C:\Users\Barbara\Desktop\IrfanView Thumbnails.lnk
2015-02-10 20:35 - 2015-02-10 20:35 - 00001021 _____ () C:\Users\Barbara\Desktop\IrfanView.lnk
2015-02-10 20:35 - 2015-02-10 20:35 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-02-10 20:13 - 2015-02-10 20:13 - 00000000 ____D () C:\Program Files\IrfanView
2015-02-10 20:12 - 2015-02-10 20:35 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-10 20:12 - 2015-02-10 20:12 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\IrfanView
2015-02-10 20:06 - 2015-02-11 21:45 - 00002900 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-10 20:06 - 2015-02-11 21:45 - 00000290 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-02-10 20:06 - 2015-02-10 20:52 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-02-10 20:00 - 2015-02-10 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-02-10 19:59 - 2015-02-10 19:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-02-10 19:59 - 2015-02-10 19:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-02-10 19:59 - 2015-02-10 19:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-10 19:58 - 2015-02-10 19:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-10 19:58 - 2015-02-10 19:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-02-10 19:58 - 2015-02-10 19:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-10 19:50 - 2015-02-10 19:52 - 19497069 _____ () C:\Users\Barbara\Desktop\Office-2010-Toolkit-v2.2.3-(sfx).exe
2015-02-09 22:39 - 2012-09-24 06:13 - 00000000 ____D () C:\Users\Barbara\Desktop\Microsoft Office 2010 CZ Full version
2015-02-09 19:14 - 2015-02-09 19:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\bitstreams
2015-02-09 19:14 - 2015-02-09 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\microsoft office 2010 cz
2015-02-09 19:14 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00538126 ____S () C:\WINDOWS\SysWOW64\libcurl-4.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00192512 ____S () C:\WINDOWS\SysWOW64\libidn-11.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\WINDOWS\SysWOW64\libssh2.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00133632 ____S () C:\WINDOWS\SysWOW64\librtmp.dll
2015-02-09 19:14 - 2013-10-26 20:30 - 00044727 ____S () C:\WINDOWS\SysWOW64\diablo130302.cl
2015-02-09 19:14 - 2013-10-26 20:30 - 00043810 ____S () C:\WINDOWS\SysWOW64\poclbm130302.cl
2015-02-09 19:14 - 2013-10-26 20:30 - 00030802 ____S () C:\WINDOWS\SysWOW64\diakgcn121016.cl
2015-02-09 19:14 - 2013-10-26 20:30 - 00023825 ____S () C:\WINDOWS\SysWOW64\scrypt130511.cl
2015-02-09 19:14 - 2013-10-26 20:30 - 00013062 ____S () C:\WINDOWS\SysWOW64\phatk121016.cl
2015-02-09 19:14 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\WINDOWS\SysWOW64\pthreadGC2.dll
2015-02-09 19:14 - 2013-06-12 15:15 - 00100864 ____S () C:\WINDOWS\SysWOW64\zlib1.dll
2015-02-09 19:14 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\WINDOWS\SysWOW64\cudart32_50_35.dll
2015-02-09 19:14 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\WINDOWS\SysWOW64\pthreadVC2.dll
2015-02-02 21:01 - 2015-02-02 21:01 - 00000384 _____ () C:\WINDOWS\ODBC.INI
2015-02-02 21:00 - 2015-02-10 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-02 21:00 - 2015-02-10 19:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-02 21:00 - 2015-02-02 21:00 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Opera Software
2015-02-02 20:58 - 2015-02-02 20:58 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Opera Software
2015-02-02 20:57 - 2015-02-02 21:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-02 20:57 - 2015-02-02 20:57 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\AVG
2015-02-02 20:57 - 2015-02-02 20:57 - 00000000 ____D () C:\ProgramData\AVG
2015-02-02 20:57 - 2015-02-02 20:57 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-02 20:56 - 2015-02-02 20:58 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\DAEMON Tools Lite
2015-02-02 20:56 - 2015-02-02 20:58 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-02 20:56 - 2015-02-02 20:56 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-02-02 20:56 - 2015-02-02 20:56 - 00001973 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-02-02 20:56 - 2015-02-02 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-02 20:56 - 2015-02-02 20:56 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-02-02 18:59 - 2015-02-02 18:59 - 02139408 _____ () C:\Users\Barbara\Desktop\10__JÍDEL__SMRTI.ppsx
2015-01-25 17:17 - 2015-01-25 21:50 - 00000000 ____D () C:\Users\Barbara\Desktop\nasi
2015-01-25 17:17 - 2015-01-25 21:47 - 00000000 ____D () C:\Users\Barbara\Desktop\václavci
2015-01-24 10:46 - 2015-01-24 10:46 - 02060800 _____ () C:\Users\Barbara\Desktop\slovník.pps
2015-01-22 22:02 - 2015-01-25 21:55 - 00000000 ____D () C:\Users\Barbara\Desktop\bláža
2015-01-22 22:01 - 2015-01-25 21:54 - 00000000 ____D () C:\Users\Barbara\Desktop\relkesz
2015-01-22 21:43 - 2015-01-22 22:12 - 00000000 ____D () C:\Users\Barbara\Desktop\2014_listopad
2015-01-22 21:29 - 2015-01-22 21:30 - 00000000 ____D () C:\Users\Barbara\Desktop\2014_prosinec_vanoce
2015-01-13 21:48 - 2015-01-14 21:52 - 00023349 _____ () C:\Users\Barbara\Desktop\dopis.odt
2015-01-13 21:33 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 21:33 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 21:33 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 21:33 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 21:33 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 21:33 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 21:33 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 21:33 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 21:33 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 21:33 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 21:33 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 21:33 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 21:33 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 21:33 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 21:33 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 21:33 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 21:33 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 21:33 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 21:33 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 21:33 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 21:33 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 21:33 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 21:33 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 21:33 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 21:33 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 15:35 - 2014-12-05 15:42 - 02063325 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 15:35 - 2014-09-03 20:18 - 00000000 ____D () C:\Users\Barbara\AppData\Roaming\Skype
2015-02-12 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 14:57 - 2014-08-14 20:36 - 00000976 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 13:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 13:14 - 2014-08-15 13:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1625381792-3266785749-893686978-1001
2015-02-12 09:13 - 2015-01-08 21:12 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B938320-AFBA-4FFF-8295-8D55A099E1FD}
2015-02-12 09:10 - 2014-12-05 16:12 - 00000000 __RDO () C:\Users\Barbara\OneDrive
2015-02-12 09:10 - 2014-08-14 20:36 - 00000972 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 21:49 - 2014-09-24 17:23 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 21:49 - 2014-09-24 16:39 - 00740962 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-11 21:49 - 2014-09-24 16:39 - 00152146 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-11 21:45 - 2014-09-24 08:10 - 00031766 _____ () C:\WINDOWS\PFRO.log
2015-02-11 21:45 - 2013-12-10 19:43 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-11 21:45 - 2013-08-22 15:46 - 00328209 _____ () C:\WINDOWS\setupact.log
2015-02-11 21:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 21:40 - 2014-11-06 18:57 - 00000000 ____D () C:\Users\Barbara\AppData\Local\Microsoft Help
2015-02-11 21:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 20:22 - 2014-08-14 12:30 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-11 17:23 - 2014-08-15 13:41 - 00000000 ____D () C:\WINDOWS\erdnt
2015-02-11 16:59 - 2014-08-11 19:00 - 00000000 ____D () C:\AdwCleaner
2015-02-11 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-10 22:30 - 2014-08-12 14:59 - 00000000 ____D () C:\Users\Barbara\AppData\Local\VirtualStore
2015-02-10 20:52 - 2013-08-22 15:44 - 00543792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 20:48 - 2014-12-05 15:25 - 00000000 ____D () C:\Users\Barbara
2015-02-10 20:03 - 2014-11-06 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 20:03 - 2014-09-24 16:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-10 20:02 - 2012-07-26 06:26 - 00000188 _____ () C:\WINDOWS\win.ini
2015-02-10 19:59 - 2014-12-05 14:56 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-10 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-09 22:57 - 2014-08-31 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 22:57 - 2014-08-31 08:43 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-07 07:52 - 2014-08-14 20:36 - 00003948 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 07:52 - 2014-08-14 20:36 - 00003712 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 07:47 - 2014-08-14 20:36 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 20:31 - 2014-09-24 20:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 20:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System
2015-01-20 16:56 - 2014-08-14 19:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-20 16:52 - 2014-08-14 19:40 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-20 16:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

==================== Files in the root of some directories =======

2015-02-10 20:48 - 2015-02-10 20:48 - 0000853 _____ () C:\Users\Barbara\AppData\Local\recently-used.xbel
2014-08-12 14:58 - 2014-08-12 14:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-11 21:56

==================== End Of Log ============================

Příspěvekod **jaro3** » 12 úno 2015 18:56

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Task: {57C9298C-FBFF-495B-854E-1A2CFFCCBCFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-14] (Google Inc.)
Task: {78A763B7-AACE-4FCC-9C75-965E83DCBE33} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-10] ()
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1625381792-3266785749-893686978-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF NewTab: about:newtab
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\WINDOWS\System32\Tasks\AutoKMS
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\AutoKMS
C:\ProgramData\AVG
C:\Program Files (x86)\AVG
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\SysWOW64\libeay32.dll
C:\WINDOWS\SysWOW64\libcurl-4.dll
C:\WINDOWS\SysWOW64\ssleay32.dll
C:\WINDOWS\SysWOW64\libidn-11.dll
C:\WINDOWS\SysWOW64\libssh2.dll
C:\WINDOWS\SysWOW64\librtmp.dll
C:\WINDOWS\SysWOW64\diablo130302.cl
C:\WINDOWS\SysWOW64\poclbm130302.cl
C:\WINDOWS\SysWOW64\diakgcn121016.cl
C:\WINDOWS\SysWOW64\scrypt130511.cl
C:\WINDOWS\SysWOW64\phatk121016.cl
C:\WINDOWS\SysWOW64\pthreadGC2.dll
C:\WINDOWS\SysWOW64\zlib1.dll
C:\WINDOWS\SysWOW64\cudart32_50_35.dll
C:\WINDOWS\SysWOW64\pthreadVC2.dll
C:\WINDOWS\system32\VfService.trf

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

C:\WINDOWS\System

podívej se , co je v té složce.

Fucza · Příspěvekod **Fucza** » 15 úno 2015 20:19

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Barbara at 2015-02-15 20:17:49 Run:1
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available profiles: Barbara & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {57C9298C-FBFF-495B-854E-1A2CFFCCBCFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-14] (Google Inc.)
Task: {78A763B7-AACE-4FCC-9C75-965E83DCBE33} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-10] ()
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKU\S-1-5-21-1625381792-3266785749-893686978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1625381792-3266785749-893686978-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF NewTab: about:newtab
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
C:\WINDOWS\System32\Tasks\AutoKMS
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\AutoKMS
C:\ProgramData\AVG
C:\Program Files (x86)\AVG
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57C9298C-FBFF-495B-854E-1A2CFFCCBCFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57C9298C-FBFF-495B-854E-1A2CFFCCBCFB}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{78A763B7-AACE-4FCC-9C75-965E83DCBE33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A763B7-AACE-4FCC-9C75-965E83DCBE33}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\WINDOWS\Tasks\AutoKMS.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"HKU\S-1-5-21-1625381792-3266785749-893686978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1625381792-3266785749-893686978-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found.
Firefox newtab deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"C:\WINDOWS\System32\Tasks\AutoKMS" => File/Directory not found.
"C:\WINDOWS\Tasks\AutoKMS.job" => File/Directory not found.
C:\WINDOWS\AutoKMS => Moved successfully.
C:\ProgramData\AVG => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => File/Directory not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => File/Directory not found.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => File/Directory not found.
C:\ProgramData\DP45977C.lfl => Moved successfully.

==== End of Fixlog 20:17:50 ====

Moc díky. Zatím se mi nepodařilo to testování na Virustotal. Já s W 8 docela bojuju, povolil jsem to zobrazování skrytých souborů. Jenže kdyžve Virustotal dám "vybrat", otevře se mi "One Drive" a tam ty skryté složky nejdou vidět. Jdu googlit, jak to udělat. Moc díky.

Příspěvekod **jaro3** » 16 úno 2015 10:41

Tak si ten soubor zkopíruj na plochu a odtud ho dej testovat.

Fucza · Příspěvekod **Fucza** » 16 úno 2015 19:15

Příspěvekod **jaro3** » 17 úno 2015 10:11

názvy jsou u několika jiné.

udělej znovu tyto:
C:\WINDOWS\SysWOW64\diablo130302.cl
C:\WINDOWS\SysWOW64\poclbm130302.cl
C:\WINDOWS\SysWOW64\diakgcn121016.cl
C:\WINDOWS\SysWOW64\scrypt130511.cl
C:\WINDOWS\SysWOW64\phatk121016.cl
C:\WINDOWS\SysWOW64\zlib1.dll
C:\WINDOWS\system32\VfService.trf

HJT + ostatní

HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Re: HJT + ostatní

Kdo je online