Kontrola logu HijackThis Vyřešeno

[jesoun]

Dobrý den,
v souvislosti s tímto problémem viewtopic.php?f=47&t=150126 bych vás rád poprosil o kontrolu logu. Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:13, on 14.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
CHROME: 40.0.2214.111
FIREFOX: 35.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Drake\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\Drake\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_2.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BS Player ControlBar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\Drake\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_2.dll (file missing)
O3 - Toolbar: BS Player ControlBar Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Users\Drake\AppData\LocalLow\BS_Player_ControlBar\prxtbBS_2.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Drake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Drake\AppData\Local\Tbccint\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Drake\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Wireless - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - Unknown owner - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9337 bytes

[Reklama]

[Orcus]

Nevidím antivir.

===================================================

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[jesoun]

Na počítači je akorát Microsof Security Essentials no.

Tady je log z ADW cleaner:
# AdwCleaner v4.110 - Logfile created 14/02/2015 at 15:14:17
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Drake - DRAKE-PC
# Running from : C:\Users\Drake\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
File Found : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\user.js
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\Tbccint
Folder Found : C:\Program Files (x86)\Toolbar Cleaner
Folder Found : C:\ProgramData\2d7948e3a2316a55
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Tbccint
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Found : C:\Users\ASPNET\AppData\Local\torch
Folder Found : C:\Users\Drake\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Drake\AppData\Local\Conduit
Folder Found : C:\Users\Drake\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Drake\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Drake\AppData\Local\Tbccint
Folder Found : C:\Users\Drake\AppData\Local\torch
Folder Found : C:\Users\Drake\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Drake\AppData\LocalLow\BS_Player_ControlBar
Folder Found : C:\Users\Drake\AppData\LocalLow\Conduit
Folder Found : C:\Users\Drake\AppData\LocalLow\Tbccint
Folder Found : C:\Users\Drake\AppData\Roaming\Babylon
Folder Found : C:\Users\Drake\AppData\Roaming\FoxTab
Folder Found : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Folder Found : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\citsj@euohlhjmpf.edu
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch

***** [ Scheduled tasks ] *****

Task Found : FoxTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Tbccint
Key Found : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{461F4145-5894-4075-8047-F85F621CCBBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKCU\Software\Tbccint
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{461F4145-5894-4075-8047-F85F621CCBBB}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Tbccint
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : HKLM\SOFTWARE\adawaretb
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT1750559
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 cs)

[qknc5ial.default] - Line Found : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358277765761");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.cda.returnValue", "hide");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.mode.debug", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.newtab.created", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.newtab.enable", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.|apps.)?facebook\\.com.*");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(http://www.|apps.)?facebook\\.com.*");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.callback", "");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.simapp_id", "{65137B4C-4C2D-11E2-9E9A-4061867C42D5}");
[qknc5ial.default] - Line Found : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [15376 bytes] - [14/02/2015 15:14:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15436 bytes] ##########



Log z antimalware mi nejde vyjet - detailed log nic neukazuje a txt soubor je prazdny, nevim co s tim je. Jedině xml log něco málo ukazuje. Každopádně to vypadá, že to našlo jen nějaký problém u BS player, viz screen v příloze. Je tam jen část obrazovky, každopádně vše další když scrolluju dolů je jen to "Pub.Optional.BSPlayerControlbar.A"

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[jesoun]

Tady je ADW log:
# AdwCleaner v4.110 - Logfile created 14/02/2015 at 20:43:25
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Drake - DRAKE-PC
# Running from : C:\Users\Drake\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\2d7948e3a2316a55
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Drake\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Drake\AppData\Local\Conduit
Folder Deleted : C:\Users\Drake\AppData\Local\Tbccint
Folder Deleted : C:\Users\Drake\AppData\Local\torch
Folder Deleted : C:\Users\Drake\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Drake\AppData\LocalLow\BS_Player_ControlBar
Folder Deleted : C:\Users\Drake\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Drake\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Drake\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Drake\AppData\Roaming\FoxTab
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
[!] Folder Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Folder Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\citsj@euohlhjmpf.edu
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Drake\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Drake\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbdgkhgbkbmnbammjmbkadjegllhdmmm
File Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
File Deleted : C:\END
File Deleted : C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\user.js
File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : FoxTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{461F4145-5894-4075-8047-F85F621CCBBB}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 cs)

[qknc5ial.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358277765761");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(http://www.apps.)?facebook\\.com.*");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(http://www.apps.)?facebook\\.com.*");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{65137B4C-4C2D-11E2-9E9A-4061867C42D5}");
[qknc5ial.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v


-\\ Chromium v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [15544 bytes] - [14/02/2015 15:14:17]
AdwCleaner[S0].txt - [16131 bytes] - [14/02/2015 20:43:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16191 bytes] ##########




Tady je MbaM log:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 14.2.2015
Scan Time: 21:12:57
Logfile: log_mam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.14.05
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Drake

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471181
Time Elapsed: 21 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.BSPlayerControlBar.A, HKU\S-1-5-21-1865247094-3385080685-1780585921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BS_Player_ControlBar, Quarantined, [6eef829c3357a1956f16eca823e029d7],
PUP.Optional.BSPlayerControlBar.A, HKU\S-1-5-21-1865247094-3385080685-1780585921-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BS_Player_ControlBar, Quarantined, [124b42dc305a0e28e99dd8bc8b789f61],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)





Tady je RogueKiller:
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Drake [Práva správce]
Mód : Prohledat -- Datum : 02/14/2015 21:47:13

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0 (%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path?Suspicious.Startup][Soubor] PowerReg Scheduler V3.exe -- C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Nalezeno

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] qknc5ial.default : user_pref("browser.startup.homepage", "www.google.com"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3400820AS ATA Device +++++
--- User ---
[MBR] 7b57de5b2745912f6e4f11b8d7b2f7ba
[BSP] 9abecbb9fce91a2b1b39bc03c4330882 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 381552 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[jesoun]

Log z RogueKilleru:

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Drake [Práva správce]
Mód : Smazat -- Datum : 02/17/2015 19:07:47

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0 -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D3691663-51F5-44D5-8491-DE918C3DE9B1} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path?Suspicious.Startup][Soubor] PowerReg Scheduler V3.exe -- C:\Users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Smazáno

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 7 ¤¤¤
[FIREFX:Addon] qknc5ial.default : Selenium IDE: Java Formatters [javaformatters@seleniumhq.org] -> Smazáno
[FIREFX:Addon] qknc5ial.default : Selenium IDE: Python Formatters [pythonformatters@seleniumhq.org] -> Smazáno
[FIREFX:Addon] qknc5ial.default : Selenium IDE: Ruby Formatters [rubyformatters@seleniumhq.org] -> Smazáno
[FIREFX:Addon] qknc5ial.default : Selenium IDE: C# Formatters [csharpformatters@seleniumhq.org] -> Smazáno
[FIREFX:Addon] qknc5ial.default : Selenium IDE [{a6fd85ed-e919-4a43-a5af-8da18bda539f}] -> Smazáno
[FIREFX:Addon] qknc5ial.default : Lavasoft Search Plugin [jid1-yZwVFzbsyfMrqQ@jetpack] -> Smazáno
[PUM.HomePage][FIREFX:Config] qknc5ial.default : user_pref("browser.startup.homepage", "www.google.com"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3400820AS ATA Device +++++
--- User ---
[MBR] 7b57de5b2745912f6e4f11b8d7b2f7ba
[BSP] 9abecbb9fce91a2b1b39bc03c4330882 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 381552 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02142015_214713.log - RKreport_SCN_02172015_183651.log



Log z Zoeka:

Zoek.exe v5.0.0.0 Updated 17-February-2015
Tool run by Drake on Łt 17.02.2015 at 19:09:56,20.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Drake\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.2.2015 19:12:33 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Dungeon Defenders deleted successfully
C:\PROGRA~2\Hetman Software deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\Paradox Interactive deleted successfully
C:\PROGRA~2\SEGA deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Desura deleted successfully
C:\PROGRA~3\GlarySoft deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Drake\AppData\Roaming\Atari deleted successfully
C:\Users\Drake\AppData\Roaming\DiskDefrag deleted successfully
C:\Users\Drake\AppData\Roaming\GlarySoft deleted successfully
C:\Users\Drake\AppData\Roaming\HDDHealth deleted successfully
C:\Users\Drake\AppData\Roaming\New Version Available deleted successfully
C:\Users\Drake\AppData\Roaming\runic games deleted successfully
C:\Users\Drake\AppData\Roaming\Sapeo deleted successfully
C:\Users\Drake\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C8DDF6E-AAA4-496C-A1C7-9DBE8729A4A2} deleted successfully
HKEY_USERS\S-1-5-21-1865247094-3385080685-1780585921-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5E6FDE5-3691-4BBA-ABF8-014A6293A7CE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\prefs.js:
user_pref("browser.newtab.url", "http://www.google.com");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Drake\AppData\Roaming\Thunderbird\Profiles\681ycl22.default\prefs.js:

Added to C:\Users\Drake\AppData\Roaming\Thunderbird\Profiles\681ycl22.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default

user.js not found
---- Lines blekko removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- FireFox user.js and prefs.js backups ----

prefs_17.02.2015_1924_.backup

ProfilePath: C:\Users\Drake\AppData\Roaming\Thunderbird\Profiles\681ycl22.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_17.02.2015_1924_.backup

==== Deleting Files \ Folders ======================

C:\Users\Drake\.android deleted
C:\PROGRA~2\Stellar Phoenix JPEG Repair deleted
C:\install.exe deleted
C:\Users\Drake\AppData\Roaming\WB.CFG deleted
C:\Users\Drake\AppData\Roaming\Imminent deleted
C:\Users\Drake\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Drake\AppData\Local\Thinstall deleted
C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix JPEG Repair deleted
C:\Users\Drake\AppData\LocalLow\{4FAEF599-D432-0524-53AB-D061213E75D6} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BS_Player_ControlBar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\Invalidprefs.js deleted
C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\jetpack deleted
C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\adawaretb deleted
"C:\ProgramData\droidcam-settings" deleted
"C:\Users\Drake\AppData\Roaming\Iqpux\iwom.opr" deleted
"C:\Users\Drake\AppData\Roaming\Xoliu\levou.tmp" deleted
"C:\Users\Drake\AppData\Roaming\Arorec\kuogv.erx" deleted
"C:\Users\Drake\AppData\Roaming\Hiytqo\udde.tmp" deleted
"C:\Users\Drake\AppData\Roaming\Hiytqo\udde.uwo" deleted
"C:\Users\Drake\AppData\Roaming\Iqpux" deleted
"C:\Users\Drake\AppData\Roaming\Xoliu" deleted
"C:\Users\Drake\AppData\Roaming\Arorec" deleted
"C:\Users\Drake\AppData\Roaming\Hiytqo" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Drake\AppData\Roaming\Thunderbird\Profiles\681ycl22.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Drake\AppData\Roaming\Thunderbird\Profiles\681ycl22.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default
98137411B9C632095F919E2CE70B288A - C:\Users\Drake\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\ASPNET\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\ASPNET\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\ASPNET\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Drake\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Drake\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================



==== Chromium Fix ======================

C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{7E4D2BDE-7878-4553-ACBB-5BEDF9D83EC9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{7E4D2BDE-7878-4553-ACBB-5BEDF9D83EC9} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE-C:/Users/Drake/AppData/Local/Sony Online Entertainment/ApplicationUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Drake\AppData\Local\Mozilla\Firefox\Profiles\qknc5ial.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Drake\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=557 folders=689 2490695130 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Drake\AppData\Local\Temp will be emptied at reboot
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Drake\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 17.02.2015 at 19:54:23,86 ======================

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[jesoun]

Při spuštění mi to zahlásí varování s tím, že jsou zapnuté následující rezidentní štíty:
antivirus: MicrosoftSecurityEssentials
antispyware: MicrosoftSecurityEssentials

Ochrana v reálné čase je u Essentials vypnuta, ale když si přes správce úloh zobrazím služby, tak tyhle 2 jsou zapnuté a nejdou zastavit (přístup odepřen).

Nevadí když ComboFix spustím i tak?

Edit: tak uz nic, chtel jsem to prozatim zrusit, ale naivne jsem si myslel, ze staci, kdyz varovani odklepnu krizkem namisto tlacitka Ok...kazdopadne combofix se spustil, tak snad se to nerozbije

[jesoun]

Uf, tak PC přežil :). Tady je log:
ComboFix 15-02-16.01 - Drake 19.02.2015 22:47:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6322 [GMT 1:00]
Spuštěný z: c:\users\Drake\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Drake\AppData\Local\assembly\tmp
c:\users\Drake\AppData\Roaming\poclbm
c:\users\Drake\AppData\Roaming\poclbm\poclbm.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-19 do 2015-02-19 )))))))))))))))))))))))))))))))
.
.
2015-02-19 20:17 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83002A53-0511-4345-8928-5EA70D35A375}\mpengine.dll
2015-02-18 18:51 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-17 18:55 . 2015-02-17 18:55 -------- d-----w- c:\users\Drake\AppData\Roaming\Thinstall
2015-02-17 18:55 . 2015-02-17 18:55 -------- d-----w- c:\users\Drake\AppData\Local\Thinstall
2015-02-17 18:30 . 2015-02-19 21:58 -------- d-----w- c:\users\Drake\AppData\Local\Temp
2015-02-17 18:30 . 2015-02-17 18:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-17 18:09 . 2015-02-17 18:27 -------- d-----w- C:\zoek_backup
2015-02-14 20:41 . 2015-02-17 17:32 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-14 20:41 . 2015-02-14 20:41 -------- d-----w- c:\programdata\RogueKiller
2015-02-14 15:15 . 2015-02-14 15:15 -------- d-----w- c:\users\Drake\AppData\Roaming\IrfanView
2015-02-14 15:15 . 2015-02-14 15:15 -------- d-----w- c:\program files (x86)\IrfanView
2015-02-14 15:13 . 2015-02-14 15:14 -------- d-----w- C:\Recovered
2015-02-14 14:14 . 2015-02-14 19:43 -------- d-----w- C:\AdwCleaner
2015-02-12 22:15 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 22:15 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 22:15 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 22:15 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 19:15 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 19:15 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 19:15 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 19:15 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 19:15 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 19:15 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 19:15 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 19:08 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 19:08 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 19:01 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 19:01 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-11 18:57 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 18:57 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 18:52 . 2014-09-17 16:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD0CA33-A263-4263-86A9-84FC34FE96CD}\gapaengine.dll
2015-02-11 18:49 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 18:49 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 18:42 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-05 19:18 . 2015-02-05 19:18 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 20:12 . 2014-12-14 19:15 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 23:30 . 2012-05-20 18:32 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 19:18 . 2012-05-20 19:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 19:18 . 2012-05-20 19:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-10 11:09 . 2015-01-08 20:47 2374688 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2015-01-08 20:38 . 2012-06-04 16:17 2422528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-12-31 11:14 . 2012-05-20 17:22 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-13 22:54 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 22:54 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 22:54 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-13 22:54 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 22:54 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 22:54 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2014-05-15 14303232]
"BitTorrent"="c:\users\Drake\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-02-09 1376600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
c:\users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2014-1-8 847360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 chromoting;Služba Vzdálené plochy Chrome;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x]
S3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 19:18]
.
2015-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001Core.job
- c:\users\Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-13 18:24]
.
2015-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001UA.job
- c:\users\Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-13 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Stellar Phoenix JPEG Repair_is1 - c:\program files (x86)\Stellar Phoenix JPEG Repair\unins000.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{53d408db-eb91-43fb-9d8f-167681c19763} - c:\programdata\Package Cache\{53d408db-eb91-43fb-9d8f-167681c19763}\VS2013.4.exe
AddRemove-{7dbba119-718a-4f68-b33e-454dc8aa5faf} - c:\programdata\Package Cache\{7dbba119-718a-4f68-b33e-454dc8aa5faf}\VS12-KB2932965.exe
AddRemove-{96a8b90c-0a91-4e76-ab34-730c23923d11} - c:\programdata\Package Cache\{96a8b90c-0a91-4e76-ab34-730c23923d11}\vs_community.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-02-19 23:05:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-19 22:05
.
Před spuštěním: Volných bajtů: 51 729 956 864
Po spuštění: Volných bajtů: 51 023 474 688
.
- - End Of File - - E080753A6E951F48BB4E2D1C777A2A63
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\efavdrv.sys
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001UA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\users\Drake\AppData\Local\Google\Update

Driver::
SkypeUpdate
efavdrv

DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[jesoun]

ComboFix log:
ComboFix 15-02-16.01 - Drake 23.02.2015 23:24:15.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6523 [GMT 1:00]
Spuštěný z: c:\users\Drake\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Drake\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
.
FILE ::
"c:\windows\system32\drivers\efavdrv.sys"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1865247094-3385080685-1780585921-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\users\Drake\AppData\Local\Google\Update
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdate.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_am.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ar.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_bg.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_bn.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ca.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_cs.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_da.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_de.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_el.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_en-GB.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_en.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_es-419.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_es.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_et.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_fa.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_fi.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_fil.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_fr.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_gu.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_hi.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_hr.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_hu.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_id.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_is.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_it.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_iw.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ja.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_kn.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ko.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_lt.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_lv.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ml.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_mr.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ms.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_nl.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_no.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_pl.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_pt-BR.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_pt-PT.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ro.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ru.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_sk.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_sl.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_sr.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_sv.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_sw.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ta.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_te.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_th.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_tr.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_uk.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_ur.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_vi.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_zh-CN.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\goopdateres_zh-TW.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\psmachine.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\psmachine_64.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\psuser.dll
c:\users\Drake\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll
c:\users\Drake\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
c:\users\Drake\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\users\Drake\AppData\Local\Google\Update\GoogleUpdate.exe
c:\users\Drake\AppData\Local\Google\Update\Install\{56003142-FA36-43D6-A6D4-0A62901D535D}\GoogleUpdateSetup.exe
c:\users\Drake\AppData\Local\Google\Update\Install\{7634A5A2-89A5-494D-A721-D44F658D5BED}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EFAVDRV
-------\Service_efavdrv
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-23 do 2015-02-23 )))))))))))))))))))))))))))))))
.
.
2015-02-23 22:36 . 2015-02-23 22:36 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-02-23 22:36 . 2015-02-23 22:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-02-23 22:36 . 2015-02-23 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-23 22:36 . 2015-02-23 22:36 -------- d-----w- c:\users\ASPNET\AppData\Local\temp
2015-02-23 22:36 . 2015-02-23 22:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-02-22 22:16 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44EA4033-EDEC-480C-83D1-51E2282EE277}\mpengine.dll
2015-02-19 21:38 . 2015-02-23 22:38 -------- d-----w- c:\windows\system32\wbem\repository
2015-02-19 20:17 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-17 18:55 . 2015-02-17 18:55 -------- d-----w- c:\users\Drake\AppData\Roaming\Thinstall
2015-02-17 18:55 . 2015-02-17 18:55 -------- d-----w- c:\users\Drake\AppData\Local\Thinstall
2015-02-17 18:30 . 2015-02-23 22:38 -------- d-----w- c:\users\Drake\AppData\Local\Temp
2015-02-17 18:30 . 2015-02-17 18:09 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-17 18:09 . 2015-02-17 18:27 -------- d-----w- C:\zoek_backup
2015-02-14 20:41 . 2015-02-17 17:32 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-14 20:41 . 2015-02-14 20:41 -------- d-----w- c:\programdata\RogueKiller
2015-02-14 15:15 . 2015-02-14 15:15 -------- d-----w- c:\users\Drake\AppData\Roaming\IrfanView
2015-02-14 15:15 . 2015-02-14 15:15 -------- d-----w- c:\program files (x86)\IrfanView
2015-02-14 15:13 . 2015-02-14 15:14 -------- d-----w- C:\Recovered
2015-02-14 14:14 . 2015-02-14 19:43 -------- d-----w- C:\AdwCleaner
2015-02-12 22:15 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 22:15 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 22:15 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 22:15 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 19:15 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 19:15 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 19:15 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 19:15 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 19:15 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 19:15 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 19:15 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 19:08 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 19:08 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 19:01 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 19:01 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-11 18:57 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 18:57 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 18:52 . 2014-09-17 16:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CD0CA33-A263-4263-86A9-84FC34FE96CD}\gapaengine.dll
2015-02-11 18:49 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 18:49 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 18:42 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-05 19:18 . 2015-02-05 19:18 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 20:12 . 2014-12-14 19:15 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-11 23:30 . 2012-05-20 18:32 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 19:18 . 2012-05-20 19:37 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 19:18 . 2012-05-20 19:37 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-10 11:09 . 2015-01-08 20:47 2374688 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2015-01-08 20:38 . 2012-06-04 16:17 2422528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-12-31 11:14 . 2012-05-20 17:22 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-13 22:54 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 22:54 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 22:54 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-13 22:54 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 22:54 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 22:54 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Bloody2"="c:\program files (x86)\Bloody5\Bloody5\Bloody5.exe" [2014-05-15 14303232]
"BitTorrent"="c:\users\Drake\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-02-09 1376600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
c:\users\Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Drake\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2014-1-8 847360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 chromoting;Služba Vzdálené plochy Chrome;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\DRIVERS\droidcam.sys;c:\windows\SYSNATIVE\DRIVERS\droidcam.sys [x]
S3 DroidCamVideo;DroidCam Source 3;c:\windows\system32\DRIVERS\droidcamvideo.sys;c:\windows\SYSNATIVE\DRIVERS\droidcamvideo.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Drake\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Drake\AppData\Roaming\Mozilla\Firefox\Profiles\qknc5ial.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Stellar Phoenix JPEG Repair_is1 - c:\program files (x86)\Stellar Phoenix JPEG Repair\unins000.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{53d408db-eb91-43fb-9d8f-167681c19763} - c:\programdata\Package Cache\{53d408db-eb91-43fb-9d8f-167681c19763}\VS2013.4.exe
AddRemove-{7dbba119-718a-4f68-b33e-454dc8aa5faf} - c:\programdata\Package Cache\{7dbba119-718a-4f68-b33e-454dc8aa5faf}\VS12-KB2932965.exe
AddRemove-{96a8b90c-0a91-4e76-ab34-730c23923d11} - c:\programdata\Package Cache\{96a8b90c-0a91-4e76-ab34-730c23923d11}\vs_community.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Celkový čas: 2015-02-23 23:44:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-02-23 22:44
ComboFix2.txt 2015-02-19 22:05
.
Před spuštěním: Volných bajtů: 50 543 661 056
Po spuštění: Volných bajtů: 49 833 635 840
.
- - End Of File - - 73A860304A50995E15438357DC34A0A8
A36C5E4F47E84449FF07ED3517B43A31




aswMBR log:
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-02-23 23:49:41
-----------------------------
23:49:41.459 OS Version: Windows x64 6.1.7601 Service Pack 1
23:49:41.459 Number of processors: 4 586 0x402
23:49:41.460 ComputerName: DRAKE-PC UserName: Drake
23:49:42.924 Initialize success
23:49:42.997 VM: initialized successfully
23:49:42.998 VM: Amd CPU supported
23:49:51.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
23:49:51.661 Disk 0 Vendor: ST3400820AS 3.AAD Size: 381554MB BusType: 3
23:49:52.180 Disk 0 MBR read successfully
23:49:52.187 Disk 0 MBR scan
23:49:52.192 Disk 0 Windows 7 default MBR code
23:49:52.201 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381552 MB offset 2048
23:49:52.210 Disk 0 default boot code
23:49:52.251 Disk 0 scanning C:\Windows\system32\drivers
23:49:58.774 Service scanning
23:50:15.585 Modules scanning
23:50:15.602 Disk 0 trace - called modules:
23:50:15.618 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:50:15.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079de060]
23:50:15.630 3 CLASSPNP.SYS[fffff8800187043f] -> nt!IofCallDriver -> [0xfffffa800755d9b0]
23:50:15.636 5 ACPI.sys[fffff88000f497a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80079ee060]
23:50:15.642 Disk 0 statistics 104384/0/0 @ 7,97 MB/s
23:50:15.648 Scan finished successfully
23:50:26.789 Disk 0 MBR has been saved successfully to "C:\Users\Drake\Documents\MBR.dat"
23:50:26.793 The log file has been saved successfully to "C:\Users\Drake\Documents\aswMBR.txt"