Google Chrome ads.ads-ki.com

[rademaner]

Dobrý den,
mám problém s Google Chromem. Vždy když ho otevřu místo okamžitého otevření domovské stránky se nejprve otevře adresa http://ads.ads-ki.com a poté ihned naběhne www.google.cz. Toto by mi ani tak nevadilo, ale vždy když potřebuji otevřít nové okno google chromu otevře se pouze nová karta se stejnou adresou jakou jsem již zmiňoval. Dále se také občas sám od sebe Chrome ukončí bez jakékoli možnosti obnovení stránek.
Prosím o radu.
Děkuji
S pozdravem Rademaner.

[vyosek]

Zdravim

Dejte na uvod log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a kouknem na to

[rademaner]

Zde máte požadovaný log a Addition


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Karlos (administrator) on RADEMANER on 20-01-2015 11:53:29
Running from C:\Users\Karlos\Desktop
Loaded Profiles: Karlos (Available profiles: Karlos)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TuneUp Software) D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG) D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(Valve Corporation) D:\Programy\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Programy\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Karlos\Desktop\FRSTLauncher (3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => D:\Programy\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-07-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-07-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-10-15] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\Run: [GoogleChromeAutoLaunch_FE5EE8F378CB352EC496614D3C291DA8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: {25f5f654-5cf6-11e4-91b6-201a069a0e32} - F:\HTC_Sync_Manager_PC.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default
FF NetworkProxy: "type",
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\Karlos\AppData\Local\Screenleap\npscreenleap1.1.dll (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.cz/"
CHR Profile: C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Dokumenty Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Disk Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (YouTube) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-20]
CHR Extension: (Vyhledávání Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Tabulky Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Twitch Now) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-01-20]
CHR Extension: (Peněženka Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-22] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-22] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-22] (BlueStack Systems, Inc.)
R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed]
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-22] (BlueStack Systems)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [25216 2014-07-28] (Dev47Apps)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-30] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-13] (Sony Mobile Communications)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0059.sys [28768 2014-11-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-09-18] (The OpenVPN Project)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-04-05] (Spotflux, Inc.)
R3 TuneUpUtilitiesDrv; D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59856 2014-05-06] (Windows (R) Win 7 DDK provider) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 11:53 - 2015-01-20 11:54 - 00015652 _____ () C:\Users\Karlos\Desktop\FRST.txt
2015-01-20 11:53 - 2015-01-20 11:53 - 00000000 ____D () C:\FRST
2015-01-20 11:51 - 2015-01-20 11:51 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Desktop\FRSTLauncher (3).exe
2015-01-20 11:50 - 2015-01-20 11:50 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 81351.crdownload
2015-01-20 11:49 - 2015-01-20 11:49 - 02126848 _____ (Farbar) C:\Users\Karlos\Desktop\FRST64.exe
2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 652548.crdownload
2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 486852.crdownload
2015-01-20 11:42 - 2015-01-20 11:42 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-20 11:42 - 2015-01-20 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-20 11:41 - 2015-01-20 11:46 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 11:41 - 2015-01-20 11:46 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 11:41 - 2015-01-20 11:42 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 11:41 - 2015-01-20 11:41 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-20 11:41 - 2015-01-20 11:41 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-20 11:37 - 2015-01-20 11:37 - 00029654 _____ () C:\Users\Karlos\Documents\záložky_20.01.15.html
2015-01-20 11:09 - 2015-01-20 11:13 - 00000000 ____D () C:\Users\Karlos\Downloads\backups
2015-01-20 11:09 - 2015-01-20 11:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Karlos\Downloads\hijackthis.exe
2015-01-20 11:01 - 2015-01-20 11:01 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Mixesoft
2015-01-20 11:00 - 2015-01-20 11:01 - 00282624 _____ () C:\Users\Karlos\Downloads\appnhost.msi
2015-01-16 20:06 - 2015-01-16 20:06 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Logitech
2015-01-16 20:05 - 2015-01-16 20:05 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Logitech
2015-01-16 20:05 - 2015-01-16 20:05 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Logishrd
2015-01-16 20:03 - 2015-01-16 20:05 - 67350808 _____ (Logitech Inc.) C:\Users\Karlos\Downloads\LGS_8.57.145_x64_Logitech.exe
2015-01-16 19:15 - 2014-03-22 15:36 - 50175486 _____ (Majkumi) C:\Users\Karlos\Desktop\Rayman-Legends-čeština.exe
2015-01-16 19:14 - 2015-01-16 19:14 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Majkumi
2015-01-16 19:10 - 2015-01-16 19:12 - 45383260 _____ () C:\Users\Karlos\Downloads\Rayman-Legends-CZ.zip
2015-01-16 19:07 - 2015-01-16 19:07 - 00000503 _____ () C:\Users\Public\Desktop\Rayman Legends.lnk
2015-01-16 19:07 - 2015-01-16 19:07 - 00000503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rayman Legends.lnk
2015-01-16 10:25 - 2015-01-16 10:26 - 00000000 ____D () C:\Users\Karlos\Documents\Rayman Legends
2015-01-16 09:51 - 2015-01-16 09:51 - 00262144 ____N () C:\Windows\Minidump\011615-46301-01.dmp
2015-01-13 16:46 - 2015-01-13 16:46 - 00116678 _____ () C:\Users\Karlos\Downloads\D0426F9E1EE2D17954AEFE14FC3A46835A76DBDA.torrent
2015-01-13 13:23 - 2015-01-13 13:23 - 00004138 _____ () C:\Windows\system32\.crusader
2015-01-13 13:10 - 2015-01-13 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 13:10 - 2015-01-13 13:10 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-13 13:08 - 2015-01-13 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 13:02 - 2015-01-13 13:03 - 00000000 ____D () C:\AdwCleaner
2015-01-13 13:00 - 2015-01-13 13:00 - 00000000 ____D () C:\Program Files (x86)\coinsAvee
2015-01-12 21:45 - 2015-01-12 21:45 - 00011528 _____ () C:\Users\Karlos\Downloads\[kickass.so]the.simpsons.s26e11.hdtv.x264.killers.ettv.torrent
2015-01-12 17:14 - 2015-01-13 13:04 - 00000000 ____D () C:\ProgramData\coinsAvee
2015-01-12 17:13 - 2015-01-12 21:14 - 00000000 ____D () C:\ProgramData\shoppI
2015-01-12 01:15 - 2015-01-12 01:15 - 00020066 _____ () C:\Users\Karlos\Downloads\[kickass.so]rayman.legends.2013.pc.eng.rus.multi9.repack.torrent
2015-01-11 21:44 - 2015-01-11 21:44 - 00033532 _____ () C:\Users\Karlos\Downloads\isaac-ng (2).CT
2015-01-11 21:40 - 2015-01-11 21:40 - 00108886 _____ () C:\Users\Karlos\Downloads\isaac-ng (1).CT
2015-01-11 21:38 - 2015-01-11 21:38 - 00007299 _____ () C:\Users\Karlos\Downloads\isaac-ng.CT
2015-01-11 18:54 - 2015-01-11 19:01 - 00000000 ____D () C:\Program Files (x86)\ShellfireVPN
2015-01-11 16:41 - 2015-01-11 16:41 - 00001851 _____ () C:\Users\Public\Desktop\Kepard.lnk
2015-01-11 16:41 - 2015-01-11 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
2015-01-10 10:52 - 2015-01-11 16:26 - 00000000 ____D () C:\ProgramData\takeshoop
2015-01-10 10:52 - 2015-01-11 16:26 - 00000000 ____D () C:\ProgramData\adSy
2015-01-09 21:48 - 2015-01-09 21:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\PACE Anti-Piracy
2015-01-09 21:48 - 2015-01-09 21:52 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-01-09 21:48 - 2015-01-09 21:48 - 00000000 ____D () C:\Users\Karlos\AppData\Local\PACE Anti-Piracy
2015-01-09 21:46 - 2015-01-09 21:46 - 00000000 ____D () C:\Program Files (x86)\InterLok
2015-01-09 21:44 - 2015-01-09 21:44 - 00000000 ____D () C:\Users\Karlos\Documents\Mixcraft Projects
2015-01-09 21:42 - 2015-01-09 21:42 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\SynthMaker
2015-01-09 21:42 - 2015-01-09 21:42 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Acoustica
2015-01-09 21:41 - 2015-01-19 21:13 - 00000000 ____D () C:\Program Files (x86)\VST
2015-01-09 21:40 - 2015-01-09 21:41 - 00000000 ____D () C:\ProgramData\Acoustica
2015-01-09 21:23 - 2015-01-09 21:23 - 00900015 _____ () C:\Windows\SysWOW64\TmpA39519124
2015-01-09 21:23 - 2015-01-09 21:23 - 00900015 _____ () C:\Windows\SysWOW64\TmpA39483166
2015-01-08 19:56 - 2015-01-08 19:56 - 00007305 _____ () C:\Users\Karlos\Downloads\MONOVA.ORG The_Simpsons_S26E10_HDTV_x264-ASAP_(eztv).torrent
2015-01-08 00:14 - 2015-01-20 10:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\glitz
2015-01-07 20:47 - 2015-01-07 20:47 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Unity
2015-01-04 00:41 - 2015-01-04 00:42 - 00000000 ____D () C:\Users\Karlos\Documents\AirDroid
2015-01-04 00:41 - 2015-01-04 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-01-04 00:40 - 2015-01-04 00:40 - 08510089 _____ () C:\Users\Karlos\Downloads\AirDroid_Desktop_Client_3.0.2.exe
2015-01-03 22:21 - 2015-01-03 22:21 - 00003855 _____ () C:\Users\Karlos\Downloads\[TorrentDownloads.me]_Fraps 3 5 99 Build 15618[A4] zip.torrent
2014-12-30 13:29 - 2014-12-30 13:29 - 00013986 _____ () C:\Users\Karlos\Downloads\The.Binding.of.Isaac.Rebirth.torrent
2014-12-29 19:59 - 2014-12-29 19:59 - 00880784 _____ (Google Inc.) C:\Users\Karlos\Downloads\ChromeSetup.exe
2014-12-29 19:59 - 2014-12-29 19:59 - 00029916 _____ () C:\Users\Karlos\Documents\záložky_29.12.14.html
2014-12-25 16:54 - 2014-12-25 16:54 - 00117248 _____ (Jaex) C:\Users\Karlos\Desktop\HearthstoneResizer.exe
2014-12-25 16:27 - 2014-12-25 16:27 - 04132226 _____ () C:\Users\Karlos\Downloads\CSGO-MOVIEMAKING-BY-nmL.zip
2014-12-25 16:17 - 2014-12-25 16:17 - 01908225 _____ () C:\Users\Karlos\Downloads\VirtualDub-1.10.4.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 11:42 - 2014-06-26 12:56 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Google
2015-01-20 11:41 - 2014-06-26 12:56 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Deployment
2015-01-20 11:19 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 11:19 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 11:17 - 2009-07-14 16:18 - 00668792 _____ () C:\Windows\system32\perfh005.dat
2015-01-20 11:17 - 2009-07-14 16:18 - 00141420 _____ () C:\Windows\system32\perfc005.dat
2015-01-20 11:17 - 2009-07-14 06:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 11:15 - 2014-05-30 11:30 - 01082776 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 11:14 - 2014-05-30 11:36 - 00001393 _____ () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 11:12 - 2014-11-10 16:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-20 11:12 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-20 11:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 11:12 - 2009-07-14 05:51 - 00129145 _____ () C:\Windows\setupact.log
2015-01-20 11:11 - 2014-05-31 21:42 - 27228040 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-20 10:42 - 2009-07-14 05:45 - 04964168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 10:41 - 2014-06-01 03:20 - 00069290 _____ () C:\Windows\PFRO.log
2015-01-20 00:48 - 2014-05-30 12:06 - 00084576 _____ () C:\Users\Karlos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 00:12 - 2014-05-30 13:03 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Skype
2015-01-19 19:47 - 2014-05-30 13:10 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Battle.net
2015-01-19 13:05 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-18 13:29 - 2014-05-30 12:35 - 00000000 ____D () C:\Users\Karlos\Desktop\Obrázky
2015-01-17 19:34 - 2014-08-06 15:41 - 00000000 ____D () C:\Users\Karlos\Documents\Bluetooth Folder
2015-01-16 20:07 - 2014-08-12 08:11 - 00000000 ____D () C:\Users\Karlos\AppData\Local\CrashDumps
2015-01-16 20:06 - 2014-06-06 07:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-16 19:08 - 2014-06-01 16:47 - 00314284 _____ () C:\Windows\DirectX.log
2015-01-16 10:24 - 2014-06-01 16:53 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-16 09:51 - 2014-07-19 12:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 13:52 - 2014-05-31 01:01 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\uTorrent
2015-01-14 10:22 - 2014-05-30 14:59 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\vlc
2015-01-13 13:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-01-13 13:05 - 2014-05-30 21:10 - 00116646 _____ () C:\Windows\AutoKMS.log
2015-01-13 13:05 - 2014-05-30 13:33 - 00002740 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2015-01-13 12:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 21:15 - 2014-10-06 18:48 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2015-01-12 16:07 - 2014-10-06 18:50 - 00000000 ____D () C:\Users\Karlos\AppData\Local\HockeyCrashes
2015-01-12 01:50 - 2014-07-20 00:09 - 00000000 ____D () C:\ProgramData\Origin
2015-01-12 01:33 - 2014-11-11 15:26 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-12 01:33 - 2014-09-29 21:17 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-11 16:41 - 2014-11-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Kepard
2015-01-11 16:35 - 2014-05-30 11:36 - 00000000 ____D () C:\Users\Karlos
2015-01-11 16:34 - 2014-08-06 15:45 - 00000000 ____D () C:\ProgramData\Atheros
2015-01-11 16:34 - 2014-07-15 13:17 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-01-11 16:34 - 2014-07-09 11:45 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Winamp
2015-01-11 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-06 04:36 - 2014-05-30 12:29 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 00:45 - 2014-05-30 13:23 - 00000000 ___RD () C:\Users\Karlos\Desktop\Programy
2015-01-03 00:31 - 2014-05-30 13:10 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Battle.net
2015-01-03 00:31 - 2014-05-30 12:58 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-03 00:31 - 2009-07-14 16:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-29 16:25 - 2014-07-13 13:14 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-27 14:18 - 2014-05-31 17:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors
2014-12-27 14:18 - 2014-05-31 17:52 - 00000000 ____D () C:\Program Files (x86)\Actual Multiple Monitors
2014-12-23 20:55 - 2014-06-11 16:36 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\TS3Client
2014-12-23 14:19 - 2014-08-12 02:02 - 00000000 ____D () C:\Users\Karlos\Documents\TrackMania
2014-12-23 14:08 - 2014-08-12 02:02 - 00000000 ____D () C:\ProgramData\TrackMania
2014-12-21 13:19 - 2014-10-10 14:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 13:19 - 2014-05-30 13:03 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======
2014-09-21 21:04 - 2014-09-25 20:48 - 0000600 _____ () C:\Users\Karlos\AppData\Roaming\winscp.rnd
2014-09-28 01:05 - 2014-09-28 01:05 - 0000000 ___SH () C:\Users\Karlos\AppData\Local\LumaEmu
2014-05-31 19:34 - 2014-05-31 19:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-07-28 23:00 - 2014-07-28 23:11 - 0000032 _____ () C:\ProgramData\droidcam-settings

Some content of TEMP:
====================
C:\Users\Karlos\AppData\Local\Temp\ammemb.dll
C:\Users\Karlos\AppData\Local\Temp\ammemb64.dll
C:\Users\Karlos\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Karlos\AppData\Local\Temp\optprosetup.exe
C:\Users\Karlos\AppData\Local\Temp\Quarantine.exe
C:\Users\Karlos\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karlos\AppData\Local\Temp\sqlite-3.8.2-amd64-sqlitejdbc.dll
C:\Users\Karlos\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 01:10




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:244.04 GB) (Free:164.17 GB) NTFS
Drive d: () (Fixed) (Total:687.37 GB) (Free:243.2 GB) NTFS

Available physical RAM: 5309.37 MB
Total physical RAM: 8108.36 MB
Percentage of memory in use: 34%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=687.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Microsoft:HF9qGGr3ApQoWrt2Gq3sxmF4IwW
AlternateDataStreams: C:\ProgramData\Microsoft:V5oukbGzMdOgiOSklbgs87
AlternateDataStreams: C:\Users\Karlos\Local Settings:T156dFca8uo2SFgdkUzAwOv
AlternateDataStreams: C:\Users\Karlos\AppData\Local:T156dFca8uo2SFgdkUzAwOv
AlternateDataStreams: C:\Users\Karlos\AppData\Local\Data aplikací:T156dFca8uo2SFgdkUzAwOv
AlternateDataStreams: C:\Users\Karlos\AppData\Local\Temporary Internet Files:kM4gkOw3GlYyq7mniW7BZcSo9

==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Karlos\Desktop" je 4097 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog
C:\Program Files (x86)\USB Camera\VM331STI.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3
D:\Programy\AirDroid\AirDroid.exe /start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray
"C:\Program Files (x86)\Bluetooth Suite\athbttray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files (x86)\BlueStacks\HD-Agent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSplay.exe
C:\Users\Karlos\AppData\Local\Temp\Rar$EXa0.786\GSplay.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPublicWiFi
C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap
D:\Programy\ProxyCap\pcapui.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk
C:\PROGRA~2\OPENVP~1\PRIVAT~1\PRIVAT~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote PC Server.lnk
D:\Programy\REMOTE~1.4\REMOTE~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[rademaner]

Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by Karlos on Łt 20.01.2015 at 12:17:15,56.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Karlos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.1.2015 12:18:16 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\coinsAvee deleted successfully
C:\PROGRA~2\InterLok deleted successfully
C:\PROGRA~2\ShellfireVPN deleted successfully
C:\PROGRA~2\Sparx Systems deleted successfully
C:\PROGRA~2\VST deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\adSy deleted successfully
C:\PROGRA~3\BlueStacks deleted successfully
C:\PROGRA~3\coinsAvee deleted successfully
C:\PROGRA~3\shoppI deleted successfully
C:\PROGRA~3\takeshoop deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Karlos\AppData\Roaming\New Version Available deleted successfully
C:\Users\Karlos\AppData\Roaming\Opera Software deleted successfully
C:\Users\Karlos\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Karlos\AppData\Local\GHISLER deleted successfully
C:\Users\Karlos\AppData\Local\HockeyCrashes deleted successfully
C:\Users\Karlos\AppData\Local\Opera Software deleted successfully
C:\Users\Karlos\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Karlos\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default\prefs.js:

Added to C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Karlos\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\ufr43wd5.default\prefs.js:
user_pref("browser.startup.homepage", "resource://webapp/openvpn.html");

Added to C:\Users\Karlos\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\ufr43wd5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\Karlos\AppData\LocalLow\{4030EA39-6396-A4B1-2BAF-91C840F5787E} deleted
C:\Users\Karlos\AppData\LocalLow\{9863EE6F-C742-AFE4-E680-120447CEF866} deleted
C:\Users\Karlos\AppData\LocalLow\{EEAB1828-760A-7065-A40D-9EFA8E0597DA} deleted
C:\Users\Karlos\AppData\Local\Packages\windows_ie_ac_001\AC\{4030EA39-6396-A4B1-2BAF-91C840F5787E} deleted
C:\Users\Karlos\AppData\Local\Packages\windows_ie_ac_001\AC\{9863EE6F-C742-AFE4-E680-120447CEF866} deleted
C:\Users\Karlos\AppData\Local\Packages\windows_ie_ac_001\AC\{EEAB1828-760A-7065-A40D-9EFA8E0597DA} deleted
C:\Users\Karlos\.android deleted
C:\Users\Karlos\AppData\Roaming\MC Titan FTB deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Karlos\Downloads\OpenVPN-Certificate-Bundle-Server1.zip deleted
C:\Users\Karlos\AppData\LocalLow\{21104FC5-F36B-D3B7-23FE-9DD5EDD31FCE} deleted
C:\Users\Karlos\AppData\LocalLow\{8AC48F9B-4923-B2B4-B9B1-2B14F4D94769} deleted
C:\Users\Karlos\AppData\LocalLow\{BBE62B10-0D7A-8051-AB4E-22AB1EF33A97} deleted
C:\Users\Karlos\AppData\LocalLow\{FAF00B4F-0CD7-04B7-C9A3-18C8DE789301} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\SASrv.exe.TMP deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default\extensions\staged deleted
"C:\Users\Karlos\AppData\Local\LumaEmu" deleted
"C:\ProgramData\droidcam-settings" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Karlos\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\ufr43wd5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default
0CA4180B21C6B728578F3B0433BB740E - D:\Programy\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
CA36F6DCA9A783FF60CB2DC5D28FA5F0 - D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Karlos\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Twitch Now - Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSplay.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Karlos\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Karlos\AppData\Local\Mozilla\Firefox\Profiles\3awd22z6.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1522 folders=256 195047644 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Karlos\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Karlos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Łt 20.01.2015 at 12:30:41,31 ======================

# AdwCleaner v4.108 - Report created 20/01/2015 at 12:13:46
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karlos - RADEMANER
# Running from : C:\Users\Karlos\Downloads\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.99


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [11461 octets] - [13/01/2015 13:02:19]
AdwCleaner[R1].txt - [1038 octets] - [20/01/2015 12:12:48]
AdwCleaner[S0].txt - [11409 octets] - [13/01/2015 13:03:48]
AdwCleaner[S1].txt - [963 octets] - [20/01/2015 12:13:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1022 octets] ##########

[vyosek]

Poprosim o novy log z FRST

[rademaner]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Karlos (administrator) on RADEMANER on 22-01-2015 14:55:50
Running from C:\Users\Karlos\Desktop
Loaded Profiles: Karlos (Available profiles: Karlos)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TuneUp Software) D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(AVG) D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) D:\Programy\Steam\Steam.exe
(Valve Corporation) D:\Programy\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Programy\Steam\bin\steamwebhelper.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Nullsoft, Inc.) D:\Programy\Winamp\winamp.exe
(TeamSpeak Systems GmbH) D:\Programy\TeamSpeak 3\ts3client_win64.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
() D:\HRY\Hearthstone\Hearthstone\Hearthstone.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Karlos\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => D:\Programy\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2014-07-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2014-07-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1023104 2012-10-15] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-04-04] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\Run: [GoogleChromeAutoLaunch_FE5EE8F378CB352EC496614D3C291DA8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-09] (Google Inc.)
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: {25f5f654-5cf6-11e4-91b6-201a069a0e32} - F:\HTC_Sync_Manager_PC.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-609816593-2029407241-4199411759-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-609816593-2029407241-4199411759-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\3awd22z6.default
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "type",
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programy\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Programy\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Programy\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\Karlos\AppData\Local\Screenleap\npscreenleap1.1.dll (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-609816593-2029407241-4199411759-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.cz/"
CHR Profile: C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Dokumenty Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Disk Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (YouTube) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-20]
CHR Extension: (Vyhledávání Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Tabulky Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Twitch Now) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-01-20]
CHR Extension: (Peněženka Google) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-22] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-22] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-22] (BlueStack Systems, Inc.)
R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed]
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-22] (BlueStack Systems)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [25216 2014-07-28] (Dev47Apps)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-30] (Disc Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-13] (Sony Mobile Communications)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0059.sys [28768 2014-11-05] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-09-18] (The OpenVPN Project)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-04-05] (Spotflux, Inc.)
R3 TuneUpUtilitiesDrv; D:\Programy\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59856 2014-05-06] (Windows (R) Win 7 DDK provider) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 14:55 - 2015-01-22 14:56 - 00015541 _____ () C:\Users\Karlos\Desktop\FRST.txt
2015-01-22 14:55 - 2015-01-22 14:55 - 02126848 _____ (Farbar) C:\Users\Karlos\Downloads\FRST64.exe
2015-01-22 14:55 - 2015-01-22 14:55 - 02126848 _____ (Farbar) C:\Users\Karlos\Desktop\FRST64.exe
2015-01-22 14:55 - 2015-01-22 14:55 - 00015327 _____ () C:\Users\Karlos\Desktop\LM.bat
2015-01-22 14:54 - 2015-01-22 14:55 - 00029696 _____ () C:\Users\Karlos\AppData\Local\MSGBOX.EXE
2015-01-22 14:54 - 2015-01-22 14:54 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Desktop\FRSTLauncher.exe
2015-01-22 12:54 - 2015-01-22 12:54 - 00000693 _____ () C:\Users\Karlos\Desktop\TeamSpeak 3 Client.lnk
2015-01-21 22:13 - 2015-01-21 22:13 - 00000000 ____D () C:\ProgramData\Tekken 6
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tekken 6
2015-01-21 21:42 - 2015-01-21 22:10 - 751458730 _____ (#KUG ) C:\Users\Karlos\Downloads\Tekken6_PC.exe
2015-01-21 19:46 - 2015-01-21 19:46 - 00774825 _____ () C:\Users\Karlos\Downloads\steamcmd.zip
2015-01-20 12:28 - 2015-01-20 12:17 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-20 12:18 - 2015-01-20 12:30 - 00011356 _____ () C:\zoek-results.log
2015-01-20 12:17 - 2015-01-20 12:26 - 00000000 ____D () C:\zoek_backup
2015-01-20 12:17 - 2015-01-20 12:17 - 01295360 _____ () C:\Users\Karlos\Downloads\zoek.exe
2015-01-20 12:12 - 2015-01-20 12:12 - 02186752 _____ () C:\Users\Karlos\Downloads\adwcleaner_4.108.exe
2015-01-20 11:53 - 2015-01-22 14:55 - 00000000 ____D () C:\FRST
2015-01-20 11:50 - 2015-01-20 11:50 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 81351.crdownload
2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 652548.crdownload
2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 486852.crdownload
2015-01-20 11:42 - 2015-01-20 11:42 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-20 11:42 - 2015-01-20 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-20 11:41 - 2015-01-22 14:46 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 11:41 - 2015-01-22 11:46 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-20 11:41 - 2015-01-20 11:42 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 11:41 - 2015-01-20 11:41 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-20 11:41 - 2015-01-20 11:41 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-20 11:37 - 2015-01-20 11:37 - 00029654 _____ () C:\Users\Karlos\Documents\záložky_20.01.15.html
2015-01-20 11:09 - 2015-01-20 11:13 - 00000000 ____D () C:\Users\Karlos\Downloads\backups
2015-01-20 11:09 - 2015-01-20 11:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Karlos\Downloads\hijackthis.exe
2015-01-20 11:01 - 2015-01-20 11:01 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Mixesoft
2015-01-20 11:00 - 2015-01-20 11:01 - 00282624 _____ () C:\Users\Karlos\Downloads\appnhost.msi
2015-01-16 20:06 - 2015-01-16 20:06 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Logitech
2015-01-16 20:05 - 2015-01-16 20:05 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Logitech
2015-01-16 20:05 - 2015-01-16 20:05 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Logishrd
2015-01-16 20:03 - 2015-01-16 20:05 - 67350808 _____ (Logitech Inc.) C:\Users\Karlos\Downloads\LGS_8.57.145_x64_Logitech.exe
2015-01-16 19:14 - 2015-01-16 19:14 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Majkumi
2015-01-16 19:10 - 2015-01-16 19:12 - 45383260 _____ () C:\Users\Karlos\Downloads\Rayman-Legends-CZ.zip
2015-01-16 19:07 - 2015-01-16 19:07 - 00000503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rayman Legends.lnk
2015-01-16 10:25 - 2015-01-16 10:26 - 00000000 ____D () C:\Users\Karlos\Documents\Rayman Legends
2015-01-16 09:51 - 2015-01-16 09:51 - 00262144 ____N () C:\Windows\Minidump\011615-46301-01.dmp
2015-01-13 16:46 - 2015-01-13 16:46 - 00116678 _____ () C:\Users\Karlos\Downloads\D0426F9E1EE2D17954AEFE14FC3A46835A76DBDA.torrent
2015-01-13 13:23 - 2015-01-13 13:23 - 00004138 _____ () C:\Windows\system32\.crusader
2015-01-13 13:10 - 2015-01-13 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 13:08 - 2015-01-13 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 13:02 - 2015-01-20 12:13 - 00000000 ____D () C:\AdwCleaner
2015-01-12 21:45 - 2015-01-12 21:45 - 00011528 _____ () C:\Users\Karlos\Downloads\[kickass.so]the.simpsons.s26e11.hdtv.x264.killers.ettv.torrent
2015-01-12 01:15 - 2015-01-12 01:15 - 00020066 _____ () C:\Users\Karlos\Downloads\[kickass.so]rayman.legends.2013.pc.eng.rus.multi9.repack.torrent
2015-01-11 21:44 - 2015-01-11 21:44 - 00033532 _____ () C:\Users\Karlos\Downloads\isaac-ng (2).CT
2015-01-11 21:40 - 2015-01-11 21:40 - 00108886 _____ () C:\Users\Karlos\Downloads\isaac-ng (1).CT
2015-01-11 21:38 - 2015-01-11 21:38 - 00007299 _____ () C:\Users\Karlos\Downloads\isaac-ng.CT
2015-01-11 16:41 - 2015-01-11 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
2015-01-09 21:48 - 2015-01-09 21:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\PACE Anti-Piracy
2015-01-09 21:48 - 2015-01-09 21:52 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-01-09 21:44 - 2015-01-09 21:44 - 00000000 ____D () C:\Users\Karlos\Documents\Mixcraft Projects
2015-01-09 21:42 - 2015-01-09 21:42 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Acoustica
2015-01-09 21:40 - 2015-01-09 21:41 - 00000000 ____D () C:\ProgramData\Acoustica
2015-01-09 21:23 - 2015-01-09 21:23 - 00900015 _____ () C:\Windows\SysWOW64\TmpA39519124
2015-01-09 21:23 - 2015-01-09 21:23 - 00900015 _____ () C:\Windows\SysWOW64\TmpA39483166
2015-01-08 19:56 - 2015-01-08 19:56 - 00007305 _____ () C:\Users\Karlos\Downloads\MONOVA.ORG The_Simpsons_S26E10_HDTV_x264-ASAP_(eztv).torrent
2015-01-08 00:14 - 2015-01-20 10:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\glitz
2015-01-07 20:47 - 2015-01-07 20:47 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Unity
2015-01-04 00:41 - 2015-01-04 00:42 - 00000000 ____D () C:\Users\Karlos\Documents\AirDroid
2015-01-04 00:41 - 2015-01-04 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-01-04 00:40 - 2015-01-04 00:40 - 08510089 _____ () C:\Users\Karlos\Downloads\AirDroid_Desktop_Client_3.0.2.exe
2015-01-03 22:21 - 2015-01-03 22:21 - 00003855 _____ () C:\Users\Karlos\Downloads\[TorrentDownloads.me]_Fraps 3 5 99 Build 15618[A4] zip.torrent
2014-12-30 13:29 - 2014-12-30 13:29 - 00013986 _____ () C:\Users\Karlos\Downloads\The.Binding.of.Isaac.Rebirth.torrent
2014-12-29 19:59 - 2014-12-29 19:59 - 00880784 _____ (Google Inc.) C:\Users\Karlos\Downloads\ChromeSetup.exe
2014-12-29 19:59 - 2014-12-29 19:59 - 00029916 _____ () C:\Users\Karlos\Documents\záložky_29.12.14.html
2014-12-25 16:54 - 2014-12-25 16:54 - 00117248 _____ (Jaex) C:\Users\Karlos\Desktop\HearthstoneResizer.exe
2014-12-25 16:27 - 2014-12-25 16:27 - 04132226 _____ () C:\Users\Karlos\Downloads\CSGO-MOVIEMAKING-BY-nmL.zip
2014-12-25 16:17 - 2014-12-25 16:17 - 01908225 _____ () C:\Users\Karlos\Downloads\VirtualDub-1.10.4.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 14:53 - 2014-05-30 13:10 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Battle.net
2015-01-22 14:46 - 2009-07-14 05:51 - 00130713 _____ () C:\Windows\setupact.log
2015-01-22 13:05 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-01-22 12:54 - 2014-05-30 13:23 - 00000000 ___RD () C:\Users\Karlos\Desktop\Programy
2015-01-22 12:53 - 2014-06-03 20:04 - 00000000 ___RD () C:\Users\Karlos\Desktop\HRY
2015-01-22 12:51 - 2014-06-11 16:36 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\TS3Client
2015-01-22 12:47 - 2014-05-30 13:03 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Skype
2015-01-22 11:44 - 2014-05-30 11:30 - 01100060 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 11:09 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 11:09 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 11:08 - 2009-07-14 16:18 - 00668792 _____ () C:\Windows\system32\perfh005.dat
2015-01-22 11:08 - 2009-07-14 16:18 - 00141420 _____ () C:\Windows\system32\perfc005.dat
2015-01-22 11:08 - 2009-07-14 06:13 - 01583226 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 11:01 - 2014-11-10 16:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-22 11:01 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-22 11:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 02:51 - 2014-05-31 21:42 - 27620704 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-20 17:55 - 2014-05-30 12:35 - 00000000 ____D () C:\Users\Karlos\Desktop\Obrázky
2015-01-20 12:29 - 2014-06-12 12:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-20 12:29 - 2014-06-01 03:20 - 00070152 _____ () C:\Windows\PFRO.log
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Comodo
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-20 12:27 - 2014-07-23 11:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2015-01-20 12:26 - 2014-05-30 11:36 - 00000000 ____D () C:\Users\Karlos
2015-01-20 12:26 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-20 12:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-20 11:42 - 2014-06-26 12:56 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Google
2015-01-20 11:41 - 2014-06-26 12:56 - 00000000 ____D () C:\Users\Karlos\AppData\Local\Deployment
2015-01-20 11:14 - 2014-05-30 11:36 - 00001393 _____ () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 10:42 - 2009-07-14 05:45 - 04964168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 00:48 - 2014-05-30 12:06 - 00084576 _____ () C:\Users\Karlos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 19:34 - 2014-08-06 15:41 - 00000000 ____D () C:\Users\Karlos\Documents\Bluetooth Folder
2015-01-16 20:07 - 2014-08-12 08:11 - 00000000 ____D () C:\Users\Karlos\AppData\Local\CrashDumps
2015-01-16 19:08 - 2014-06-01 16:47 - 00314284 _____ () C:\Windows\DirectX.log
2015-01-16 10:24 - 2014-06-01 16:53 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-16 09:51 - 2014-07-19 12:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 13:52 - 2014-05-31 01:01 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\uTorrent
2015-01-14 10:22 - 2014-05-30 14:59 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\vlc
2015-01-13 13:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Branding
2015-01-13 13:05 - 2014-05-30 21:10 - 00116646 _____ () C:\Windows\AutoKMS.log
2015-01-13 13:05 - 2014-05-30 13:33 - 00002740 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2015-01-13 12:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-12 21:15 - 2014-10-06 18:48 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2015-01-12 01:50 - 2014-07-20 00:09 - 00000000 ____D () C:\ProgramData\Origin
2015-01-12 01:33 - 2014-11-11 15:26 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-12 01:33 - 2014-09-29 21:17 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-11 16:41 - 2014-11-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Kepard
2015-01-11 16:34 - 2014-08-06 15:45 - 00000000 ____D () C:\ProgramData\Atheros
2015-01-11 16:34 - 2014-07-15 13:17 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-01-11 16:34 - 2014-07-09 11:45 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Winamp
2015-01-11 16:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-06 04:36 - 2014-05-30 12:29 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 00:31 - 2014-05-30 13:10 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Battle.net
2015-01-03 00:31 - 2014-05-30 12:58 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-03 00:31 - 2009-07-14 16:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-29 16:25 - 2014-07-13 13:14 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-27 14:18 - 2014-05-31 17:52 - 00000000 ____D () C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Actual Multiple Monitors
2014-12-27 14:18 - 2014-05-31 17:52 - 00000000 ____D () C:\Program Files (x86)\Actual Multiple Monitors
2014-12-23 14:19 - 2014-08-12 02:02 - 00000000 ____D () C:\Users\Karlos\Documents\TrackMania
2014-12-23 14:08 - 2014-08-12 02:02 - 00000000 ____D () C:\ProgramData\TrackMania

==================== Files in the root of some directories =======
2014-09-21 21:04 - 2014-09-25 20:48 - 0000600 _____ () C:\Users\Karlos\AppData\Roaming\winscp.rnd
2015-01-22 14:54 - 2015-01-22 14:55 - 0029696 _____ () C:\Users\Karlos\AppData\Local\MSGBOX.EXE
2014-05-31 19:34 - 2014-05-31 19:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Karlos\AppData\Local\Temp\ammemb.dll
C:\Users\Karlos\AppData\Local\Temp\ammemb64.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 01:10

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
  HKU\S-1-5-21-609816593-2029407241-4199411759-1000\...\MountPoints2: {25f5f654-5cf6-11e4-91b6-201a069a0e32} - F:\HTC_Sync_Manager_PC.exe
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
  S3 taphss6; system32\DRIVERS\taphss6.sys [X]
  
  2015-01-22 14:55 - 2015-01-22 14:56 - 00015541 _____ () C:\Users\Karlos\Desktop\FRST.txt
  2015-01-22 14:55 - 2015-01-22 14:55 - 00015327 _____ () C:\Users\Karlos\Desktop\LM.bat
  2015-01-22 14:54 - 2015-01-22 14:55 - 00029696 _____ () C:\Users\Karlos\AppData\Local\MSGBOX.EXE
  2015-01-22 14:54 - 2015-01-22 14:54 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Desktop\FRSTLauncher.exe
  2015-01-20 12:28 - 2015-01-20 12:17 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2015-01-20 12:18 - 2015-01-20 12:30 - 00011356 _____ () C:\zoek-results.log
  2015-01-20 12:17 - 2015-01-20 12:26 - 00000000 ____D () C:\zoek_backup
  2015-01-20 12:17 - 2015-01-20 12:17 - 01295360 _____ () C:\Users\Karlos\Downloads\zoek.exe
  2015-01-20 12:12 - 2015-01-20 12:12 - 02186752 _____ () C:\Users\Karlos\Downloads\adwcleaner_4.108.exe
  2015-01-20 11:50 - 2015-01-20 11:50 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 81351.crdownload
  2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 652548.crdownload
  2015-01-20 11:49 - 2015-01-20 11:49 - 00112640 _____ (forum.viry.cz) C:\Users\Karlos\Downloads\Nepotvrzeno 486852.crdownload
  2015-01-20 11:09 - 2015-01-20 11:13 - 00000000 ____D () C:\Users\Karlos\Downloads\backups
  2015-01-20 11:09 - 2015-01-20 11:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Karlos\Downloads\hijackthis.exe
  2015-01-13 13:23 - 2015-01-13 13:23 - 00004138 _____ () C:\Windows\system32\.crusader
  2015-01-13 13:10 - 2015-01-13 13:23 - 00000000 ____D () C:\ProgramData\HitmanPro
  2015-01-13 13:08 - 2015-01-13 13:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
  2015-01-13 13:02 - 2015-01-20 12:13 - 00000000 ____D () C:\AdwCleaner
  C:\Windows\AutoKMS.exe
  
  2015-01-22 13:05 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
  2015-01-22 11:01 - 2014-05-30 13:33 - 00000202 _____ () C:\Windows\Tasks\AutoKMS.job
  2015-01-13 13:05 - 2014-05-30 21:10 - 00116646 _____ () C:\Windows\AutoKMS.log
  Task: {F702302B-3D9A-453D-81E3-8D2C773E980B} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
  Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
  Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: {35B0AEB8-05D4-4564-A72C-C1489BDD943B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt