Vyskakování reklamních záložek

[majkelju]

V Chromu se mi začly samovolně otevírat záložky otevírající adresy Linkbucks.com a Adf.ly (u té mi to píše account suspended, ačkoliv jsem tam nikdy žádný účet nezakládal). Pokud zavřu prohlížeč nebo zakážu připojení k wifi, stejně se záložka otevře.
Zde je log:

info.txt logfile of random's system information tool 1.09 2013-07-25 13:44:20

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
-->C:\Program Files (x86)\Toolbar Cleaner\uninstall.exe
-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801
-->C:\ProgramData\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
-->C:\ProgramData\{1371767C-22D7-476D-B3CE-8F7D5DB8449F}\Traktor Audio 10 Driver Setup PC.exe
-->C:\ProgramData\{4AE9D997-D987-49BD-B2B2-722F375AAD1C}\Traktor Audio 6 Driver Setup PC.exe
-->C:\ProgramData\{7E628211-2743-4D01-B609-258293529A1B}\Traktor Audio 2 Driver Setup PC.exe
-->C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
-->C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}\Controller Editor Setup PC.exe
-->C:\ProgramData\{C2D65241-ABB3-46FC-A66B-963FBA17F48C}\Traktor Kontrol F1 Driver Setup PC.exe
-->C:\ProgramData\{E659CA76-1025-4F77-9F6D-CC3CEF9E15C6}\Traktor 2 Setup PC.exe
-->C:\ProgramData\Ad-Aware Browsing Protection\uninstall.exe
ACDSee Pro 3-->MsiExec.exe /I{1B280FAF-AE10-4E31-A41A-DB3917D651DC}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A0087DDE-69D0-11E2-AD57-43CA6188709B}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader X - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA0000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Altap Salamander 2.54-->C:\Program Files (x86)\Altap Salamander\remove\remove.exe
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Assassin's Creed(R) III v1.06-->"C:\Program Files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe" -runfromtemp -l0x0005 -removeonly
Atheros Client Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}\setup.exe -runfromtemp -l0x0005 -removeonly
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\SETUP.EXE" -runfromtemp -l0x0005 -removeonly
ATI Catalyst Install Manager-->msiexec /q/x{D5C17B1C-08B6-687E-B900-BDF26BB24208} REBOOT=ReallySuppress
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin64\Atisetup.exe -uninstall all
Balíček ovladače systému Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)-->C:\PROGRA~1\DIFX\8C657473004ED4CD\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\vpc.inf_amd64_neutral_28dd80cc6c82ef03\vpc.inf
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.8)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_amd64_neutral_68b2fb14204f3667\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia Modem (10/07/2010 4.6)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_amd64_neutral_875547a32190c11c\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\F4092DA208C2C970\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfdx6_8A3BAB842294F8D9255C3CF2A3B1CECAEEB8EA7E\pccsmcfdx64.inf
Beatport Downloader-->msiexec /qb /x {A048F6D6-BECE-D521-9BC9-B8806BFB118C}
Beatport Downloader-->MsiExec.exe /I{A048F6D6-BECE-D521-9BC9-B8806BFB118C}
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
BrowserProtect-->"C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /su=696035ea8dd23225 /um
Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files (x86)\Codec Pack - All In 1\irunin.ini"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IPIWCC2wa.inf
Cool Edit Pro 2.1-->C:\Program Files (x86)\coolpro2\cep2unin.exe
Corel Graphics - Windows Shell Extension 64 Bit-->MsiExec.exe /I{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}
Corel Graphics - Windows Shell Extension-->c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellUninst.exe -ProductCode {B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F} -arp
Corel Graphics - Windows Shell Extension-->MsiExec.exe /X{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}
CorelDRAW Graphics Suite X5 - IPM-->MsiExec.exe /I{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}
CorelDRAW Graphics Suite X5 - WT-->MsiExec.exe /I{9244E956-5939-4B88-930C-0699D4AB2B95}
CorelDRAW(R) Graphics Suite X5-->c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Setup\SetupARP.exe /arp
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0405 -removeonly
Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
Exterminate It!-->C:\Program Files (x86)\Exterminate It!\ExterminateIt_Uninst.exe
FL Studio 10-->C:\Program Files (x86)\Image-Line\FL Studio 10\uninstall.exe
FlashFXP v4.0-->"C:\Program Files (x86)\FlashFXP 4\Uninstall.exe" "C:\Program Files (x86)\FlashFXP 4\install.log" -u
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->c:\Windows\SysWOW64\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Huawei Drivers-->C:\Program Files (x86)\Huawei\Drivers\uninstall.exe
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
Intel(R) Display Audio Driver-->C:\Program Files (x86)\Intel\Intel(R) Display Audio Driver\Uninstall\setup.exe -uninstall
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java 7 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217021FF}
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Java(TM) SE Development Kit 6 Update 24-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160240}
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
Lenovo EasyCamera-->C:\Program Files (x86)\InstallShield Installation Information\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0332}\setup.exe -runfromtemp -l0x0009 -removeonly
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Live 8.2.5-->C:\PROGRA~2\Ableton\LIVE82~1.5\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE82~1.5\Install\INSTALL.LOG
Malwarebytes Anti-Malware verze 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"
Metro 2033-->"C:\Program Files (x86)\THQ\Metro 2033\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79}
Mozilla Firefox 21.0 (x86 cs)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mozilla Thunderbird (3.1.20)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSI Afterburner 2.1.0-->"C:\Program Files (x86)\MSI Afterburner\uninstall.exe"
MSI Kombustor 2.0.0-->"C:\Program Files (x86)\MSI Kombustor\unins000.exe"
MSVC80_x64_v2-->MsiExec.exe /I{4D668D4F-FAA2-4726-834C-31F4614F312E}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
Native Instruments Controller Editor-->"C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}\Controller Editor Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center-->"C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor 2-->"C:\ProgramData\{E659CA76-1025-4F77-9F6D-CC3CEF9E15C6}\Traktor 2 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Audio 10 Driver-->"C:\ProgramData\{1371767C-22D7-476D-B3CE-8F7D5DB8449F}\Traktor Audio 10 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Audio 2 Driver-->"C:\ProgramData\{7E628211-2743-4D01-B609-258293529A1B}\Traktor Audio 2 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Audio 6 Driver-->"C:\ProgramData\{4AE9D997-D987-49BD-B2B2-722F375AAD1C}\Traktor Audio 6 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor DJ Studio v2.5.3-->C:\PROGRA~2\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~2\NATIVE~1\TRAKTO~1\INSTALL.LOG
Native Instruments Traktor Kontrol F1 Driver-->"C:\ProgramData\{C2D65241-ABB3-46FC-A66B-963FBA17F48C}\Traktor Kontrol F1 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Kontrol X1 Driver-->"C:\ProgramData\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Kontrol X1-->"C:\ProgramData\{BED8681D-E6A2-4463-8EEA-09588F09C890}\Traktor Kontrol X1 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
NetBeans IDE 6.9.1-->"C:\Program Files (x86)\NetBeans 6.9.1\uninstall.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{4216D328-0FE8-48B8-85B8-BD300E6F080F}
Nokia PC Suite-->C:\ProgramData\Installations\{F38FD0E4-B991-462B-873D-F2115EADD093}\Nokia_PC_Suite_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{F38FD0E4-B991-462B-873D-F2115EADD093}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.3-->MsiExec.exe /I{10B43A43-FF73-47FD-83E8-A503E84F9ED6}
Opera 12.15-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
PC Connectivity Solution-->MsiExec.exe /I{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}
PDF Editor 3-->C:\Windows\cadkasdeinst01e.exe "C:\Program Files (x86)\PDF Editor 3\"
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonly
Secure Download Manager-->MsiExec.exe /I{C28422FB-F2CD-427A-ADED-9F281745CDB2}
Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Sony Ericsson Update Engine-->C:\Program Files (x86)\Sony Ericsson\Update Engine\uninst.exe
Sony PC Companion 2.10.165-->"C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0409 -removeonly
Source SDK Base 2007-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/218
Star Wars: The Force Unleashed 2-->"C:\Program Files (x86)\LucasArts\Star Wars The Force Unleashed 2\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Mario 3 : Mario Forever-->C:\Program Files (x86)\softendo.com\Mario Forever\Uninstal.exe
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
T-Mobile Internet Manager-->C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\uninstall.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Uplay-->C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
VLC media player 2.0.0-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}
Windows Live Fotogalerie-->MsiExec.exe /X{FB79FDB7-4DE1-453D-99FE-9A880F57380E}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Movie Maker-->MsiExec.exe /X{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{78906B56-0E81-42A7-AC25-F54C946E1538}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
WinRAR 4.11 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
WMV9/VC-1 Video Playback-->MsiExec.exe /X{B61A8A18-808F-53A5-F2D9-FB5A2ED0E8D1}
XAMPP 1.7.4-->"c:\xampp\uninstall.exe"
Zeno Clash 2 (c) Atlus version 1-->"C:\Program Files (x86)\Zeno Clash 2\unins000.exe"

======System event log======

Computer Name: Michal-PC
Event Code: 12
Message: Operační systém byl spuštěn v systémovém čase ‎2012‎-‎11‎-‎18T02:08:52.125599300Z.
Record Number: 48630
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20121118020852.687200-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Michal-PC
Event Code: 7036
Message: Stav služby Superfetch byl změněn na: Zastaveno
Record Number: 48629
Source Name: Service Control Manager
Time Written: 20121117203439.286462-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 13
Message: Operační systém se vypíná v systémovém čase ‎2012‎-‎11‎-‎17T20:34:39.286462300Z.
Record Number: 48628
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20121117203439.286462-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 7036
Message: Stav služby Automatická konfigurace sítě WLAN byl změněn na: Zastaveno
Record Number: 48627
Source Name: Service Control Manager
Time Written: 20121117203437.492459-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 4001
Message: Služba automatické konfigurace sítě WLAN byla úspěšně ukončena.

Record Number: 48626
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20121117203437.492459-000
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: 37L4247F27-25
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20120306193122.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20120306193117.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20120306193112.000000-000
Event Type: Informace
User:

Computer Name: 37L4247F27-25
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120306193111.360501-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247F27-25
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: Byla změněna zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247F27-25$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Změněné atributy:
Název účtu SAM: -
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120306193042.952851-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4731
Message: Byla vytvořena zabezpečená místní skupina.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247F27-25$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Nová skupina:
ID zabezpečení: S-1-5-32-551
Název skupiny: Backup Operators
Doména skupiny: Builtin

Atributy:
Název účtu SAM: Backup Operators
Historie identifikátoru zabezpečení: -

Další informace:
Oprávnění: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120306193042.952851-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x310a3
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120306193042.547251-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120306193039.879646-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120306193039.661246-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\PC Connectivity Solution;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Lenovo\Bluetooth Software;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Stáhněte Farbar Recovery Scan Tool dle svého systému

• Pro 32-bitový operační systém - http://download.bleepingcomputer.com/farbar/FRST.exe
• Pro 64-bitový operační systém - http://download.bleepingcomputer.com/farbar/FRST64.exe

Nastavení FRST a získání logu:

• Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
• Dooznačíme položky List BCD, Drivers MD5 a Addition.txt.
  
• Klikneme na tlačítko Scan čímž spustíme skenování.
• Počkáme na dokončení skenování a odklikneme info o uložení logů.
• Otevřou se dva textové soubory s logy.
• Vložte mi sem obsah FRST.txt

[majkelju]

# AdwCleaner v2.306 - Log vytvooen 25/07/2013 v 16:09:44
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# U·ivatel : Michal - MICHAL-PC
# Spu±tin systém : Normální
# Spu±tino z : C:\Users\Michal\Downloads\adwcleaner.exe
# Volba [Prohledat]


***** [Slu·by] *****

Nalezeno : BrowserProtect

***** [Soubory / Slo·ky] *****

Slo·ka Nalezeno : C:\Program Files (x86)\iMesh Applications
Slo·ka Nalezeno : C:\ProgramData\Ask
Slo·ka Nalezeno : C:\ProgramData\Babylon
Slo·ka Nalezeno : C:\ProgramData\BrowserProtect
Slo·ka Nalezeno : C:\Users\Michal\AppData\Roaming\BabSolution
Slo·ka Nalezeno : C:\Users\Michal\AppData\Roaming\Babylon
Slo·ka Nalezeno : C:\Users\Michal\AppData\Roaming\file scout
Soubor Nalezeno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Soubor Nalezeno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Soubor Nalezeno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\qnh58vg8.default\bprotector_prefs.js

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Klíe Nalezeno : HKCU\Software\BabSolution
Klíe Nalezeno : HKCU\Software\BabylonToolbar
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\DataMngr_Toolbar
Klíe Nalezeno : HKCU\Software\Imesh
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klíe Nalezeno : HKCU\Software\5a53dbdce66ee546
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKLM\Software\adawaretb
Klíe Nalezeno : HKLM\Software\Babylon
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\Software\iMeshSRTB
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\5a53dbdce66ee546
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Nalezeno : HKU\S-1-5-21-1305115243-4134373400-1345323746-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internetové prohlí·eee] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=1E55F2DF9AE70288
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=1E55F2DF9AE70288

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\qnh58vg8.default\prefs.js

Nalezeno : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119520&babsrc=NT_ss&mntrId=1E55[...]
Nalezeno : user_pref("browser.search.order.1", "Delta Search");
Nalezeno : user_pref("browser.search.selectedEngine", "Delta Search");
Nalezeno : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrI[...]

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences

Nalezeno [l.2753] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=1E55F2DF9AE70288" ]

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Michal\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R2].txt - [3701 octets] - [25/07/2013 16:09:44]

########## EOF - C:\AdwCleaner[R2].txt - [3761 octets] ##########

[majkelju]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Michal (administrator) on 25-07-2013 16:12:06
Running from C:\Users\Michal\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Apache Software Foundation) c:\xampp\apache\bin\httpd.exe
() C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\xampp\mysql\bin\mysqld.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
() C:\Program Files (x86)\QIP Infium\infium.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\Yahoo Messenger.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Michal\Downloads\adwcleaner.exe
(Prog-Soft s.r.o.) C:\Program Files (x86)\PSPad editor\PSPad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2011-03-02] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9744800 2012-03-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5399456 2012-03-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [4030008 2011-09-08] (ESET)
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1483264 2010-12-21] (Nokia)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP Infium\infium.exe [5896656 2010-09-01] ()
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [T-Mobile CManager] - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2076952 2013-07-03] (Gemfor s.r.o.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [T-Mobile CManager] - "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [2076952 2013-07-03] (Gemfor s.r.o.)
HKU\Default User\...\Run: [T-Mobile CManager] - "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [2076952 2013-07-03] (Gemfor s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo Messenger!.lnk
ShortcutTarget: Yahoo Messenger!.lnk -> C:\Program Files (x86)\Yahoo Messenger.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119 ... DF9AE70288
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119 ... DF9AE70288
URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... DF9AE70288
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={search ... DF9AE70288
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: QipLI Class - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{3BCADE29-8185-48DF-AB3D-8C99AABCF413}: [NameServer]

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\qnh58vg8.default
FF NewTab: hxxp://www2.delta-search.com/?affID=119520&babsrc=NT_ss&mntrId=1E55F2DF9AE70288
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=1E55F2DF9AE70288
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Michal\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=1E55F2DF9AE70288"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Extension: (Vkontakte Music Downloader v2) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\eifflpnfppfheimpmmagplbanbceajjn\2.3.1_0
CHR Extension: (AdBlock) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Michal\AppData\Local\Temp\ccex.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-03-13] (Adobe Systems)
R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [20549 2010-10-18] (Apache Software Foundation)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [3085264 2013-06-03] ()
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-08] (ESET)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [414568 2013-05-27] (Gemfor s.r.o.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [8133120 2010-12-03] ()

==================== Drivers (Whitelisted) ====================

S3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [30720 2006-11-10] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-11] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-17] (GFI Software)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 kx1avs_x64; C:\Windows\System32\Drivers\kx1avs_x64.sys [45136 2009-12-07] (Native Instruments GmbH)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 ta10avs; C:\Windows\System32\Drivers\ta10avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta10usb_svc; C:\Windows\System32\Drivers\ta10usb.sys [80464 2012-02-22] (Native Instruments GmbH)
S3 ta2avs; C:\Windows\System32\Drivers\ta2avs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 ta2usb_svc; C:\Windows\System32\Drivers\ta2usb.sys [80464 2011-07-07] (Native Instruments GmbH)
S3 ta6avs; C:\Windows\System32\Drivers\ta6avs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 ta6usb_svc; C:\Windows\System32\Drivers\ta6usb.sys [75856 2012-02-22] (Native Instruments GmbH)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-15] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys 5BBFF8B826EC38D32C26334E079C7EFC
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 3384FF3988C9194695F09DB70F888583
C:\Windows\System32\DRIVERS\atikmpag.sys 72D5FB9003E0A31DA44D3DFF45CC064B
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 782D36BAD8DDBF008D02E055DBE70F82
C:\Windows\System32\DRIVERS\ATITool64.sys B07E6681D303A612680223C729B021E2
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 64C198198501F7560EE41D8D1EFA7952
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys 9DE56FA4533E485AE5409D3C11747143
C:\Windows\System32\drivers\btwaudio.sys F6135859A582A7294BA7A3336E08BAA1
C:\Windows\System32\DRIVERS\btwavdt.sys 3DEF2370E414B4E299673558BA171A51
C:\Windows\System32\DRIVERS\btwl2cap.sys E8D2BCD080EA91E74775B9F5EA051F97
C:\Windows\System32\DRIVERS\btwrchid.sys 9937E0E4DFC0030560A6DFE9D3A94B39
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys C4943B6C962E4B82197542447AD599F4
C:\Windows\System32\drivers\CHDRT64.sys 99B1B888B793DE320C5479B3C953781F
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\eamonm.sys 13533557D01B88C83110D5CF749F14D7
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys E097728129E7B79BF1089D7AEF42332B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfw.sys 198C6FBC30BBD9632EA051203DCCF204
C:\Windows\System32\DRIVERS\EpfwLWF.sys 56DE463F517710A8AA44EEF82C35B3C9
C:\Windows\System32\DRIVERS\epfwwfp.sys 710B0442BB2F99278D7B8E02A8849C11
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 55E0EDA185869F7EA67EA97FD0655B39
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 3B33B06D9A60CC8869CC280DAA36E414
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 871DE49EFF65CEABF15415F93148DF5A
C:\Windows\System32\DRIVERS\ew_juextctrl.sys 1EC67C791D2D3EAE203B5F2CBFFE867C
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 6DF7633CD4665BC6A1B3572751B8D260
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D469B77687E12FE43E344806740B624D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdpmd64.sys 78527E6A4D78B1153925914C55872BEB
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys DA1E991A61CFDD755A589E206B97644B
C:\Windows\System32\Drivers\ksecpkg.sys 7E33198D956943A4F11A5474C1E9106F
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\kx1avs.sys 4C0641D4DCDE9A84B9DB537277C2ADF8
C:\Windows\System32\Drivers\kx1avs_x64.sys 06AE2F4F4D166AF4A0893AA651F1EF69
C:\Windows\System32\Drivers\kx1usb.sys DF95DF5C8238B5A8C411538A2C834955
C:\Windows\System32\DRIVERS\L1C62x64.sys 95CA93FC12BE372BB952669F37FFF9C5
C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmbx64.sys 985A3F046DFCD58E26D3A95283BB8F1D
C:\Windows\System32\drivers\ccdcmbox64.sys 5EB41A9656388DC21119CCC33F0EE22A
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 6D76E6433574B058ADCB0C50DF834492
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 89DFB71B370D82DFE75183F677043CEE
C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 2E887E52E45BBA3C47CCD0E75FC5266F
C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 2E887E52E45BBA3C47CCD0E75FC5266F
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\drivers\ScreamingBAudio64.sys 490B0B68BB938D5C628EC4A67277BE75
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys B0C7D4DCF4800DF2F2145B500D0161E8
C:\Windows\System32\Drivers\ta10avs.sys 12E2935001CB4CB507627108ACF9E47C
C:\Windows\System32\Drivers\ta10usb.sys 2BD4C372746B99DE8746FDEB51AD566B
C:\Windows\System32\Drivers\ta2avs.sys 96275E6089A42BA7FA5ED2386B22053C
C:\Windows\System32\Drivers\ta2usb.sys BAE7B15F47F9D82F54C568F59F87DB84
C:\Windows\System32\Drivers\ta6avs.sys C23410CD905F67E4FA002C5DE45486AD
C:\Windows\System32\Drivers\ta6usb.sys 327B2FB5F2B9AB5FD8100599F5FEE230
C:\Windows\System32\drivers\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\DRIVERS\tcpip.sys FC62769E7BFF2896035AEED399108162
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys AFA3A0937B7044A8322D8BC91722C53B
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys B826F3FF5A1975CC9096B4CAADDE77B6
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\DRIVERS\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vm331avs.sys 2355B35BF277965EFA3DAE43B7D78239
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vmuvcflt.sys 40C39413A2458016FF43444750F467CA
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 16:11 - 2013-07-25 16:11 - 01779761 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2013-07-25 16:11 - 2013-07-25 16:11 - 00000000 ____D C:\FRST
2013-07-25 16:09 - 2013-07-25 16:09 - 00666633 _____ C:\Users\Michal\Downloads\adwcleaner.exe
2013-07-25 16:09 - 2013-07-25 16:09 - 00003826 _____ C:\AdwCleaner[R2].txt
2013-07-25 13:44 - 2013-07-25 13:44 - 00000000 ____D C:\rsit
2013-07-25 13:43 - 2013-07-25 13:44 - 00935175 _____ C:\Users\Michal\Downloads\RSITx64.exe
2013-07-25 02:22 - 2013-07-25 02:22 - 00007601 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2013-07-25 02:20 - 2013-07-25 02:20 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Curiolab
2013-07-25 02:14 - 2013-07-25 02:18 - 173846560 _____ (CURIOLAB S.M.B.A.) C:\Users\Michal\Downloads\ExterminateItSetup.exe
2013-07-24 21:50 - 2013-07-24 21:50 - 00000931 _____ C:\Users\Michal\Desktop\MineCraft.lnk
2013-07-24 21:50 - 2013-01-09 19:25 - 00424299 _____ C:\Program Files (x86)\Yahoo Messenger.exe
2013-07-24 21:17 - 2013-07-24 21:17 - 00000000 ____D C:\Users\Michal\Downloads\1.5.1
2013-07-24 20:12 - 2013-07-24 20:13 - 53292803 _____ C:\Users\Michal\Downloads\1.5.1.zip
2013-07-24 20:11 - 2013-07-24 20:11 - 00675988 _____ C:\Users\Michal\Downloads\Minecraft (1).exe
2013-07-24 20:02 - 2013-07-24 20:02 - 00675988 _____ C:\Users\Michal\Downloads\Minecraft.exe
2013-07-23 23:02 - 2013-07-24 22:57 - 00000000 ____D C:\Users\Michal\Downloads\TRON Legacy (2010) DVDRip XviD-MAXSPEED
2013-07-23 23:01 - 2013-07-23 23:01 - 00016754 _____ C:\Users\Michal\Downloads\[isoHunt] TRON_Legacy_(2010)_DVDRip_XviD-MAX.6212554.TPB.torrent
2013-07-23 22:42 - 2013-07-23 22:42 - 00754504 _____ C:\Windows\Minidump\072313-22011-01.dmp
2013-07-22 22:45 - 2013-07-22 22:45 - 00001851 _____ C:\Users\Michal\Desktop\SWTFU2.lnk
2013-07-22 22:45 - 2013-07-22 22:45 - 00000000 ____D C:\Users\Michal\Documents\LucasArts
2013-07-22 22:45 - 2013-07-22 22:45 - 00000000 ____D C:\Users\Michal\AppData\Local\LucasArts
2013-07-22 22:14 - 2013-07-22 22:14 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-07-18 04:14 - 2013-07-18 04:14 - 00729680 _____ C:\Windows\Minidump\071813-23696-01.dmp
2013-07-16 22:45 - 2013-07-17 00:15 - 1470144322 _____ C:\Users\Michal\Downloads\I.Love.You.Phillip.Morris.2010.R5-vlož.titulky-CZ-ikisan.avi
2013-07-15 17:43 - 2013-07-15 17:44 - 01000396 _____ C:\Users\Michal\Downloads\htmlpurifier-4.5.0.zip
2013-07-15 15:07 - 2013-07-15 15:07 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-07-14 22:25 - 2013-07-14 22:25 - 00000000 ____D C:\Users\Michal\Downloads\OP2013
2013-07-14 22:12 - 2013-07-14 22:21 - 149265915 _____ C:\Users\Michal\Downloads\OP2013.zip
2013-07-12 17:10 - 2013-07-12 17:10 - 00000000 ____D C:\Users\Michal\Documents\Assassin's Creed III
2013-07-12 17:10 - 2013-07-12 17:10 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Theta
2013-07-12 16:36 - 2013-07-12 16:36 - 00001785 _____ C:\Users\Michal\Desktop\AssassinsCreed3.lnk
2013-07-11 23:22 - 2013-07-11 23:22 - 00001730 _____ C:\Users\Michal\Desktop\ZC2.lnk
2013-07-11 23:21 - 2013-07-12 17:02 - 00000000 ____D C:\Users\Michal\Downloads\Star.Wars.The.Force.Unleashed.2-RELOADED
2013-07-11 23:19 - 2013-07-11 23:19 - 00488716 _____ C:\Users\Michal\Downloads\[isoHunt] Star.Wars.The.Force.Unleashed.2-RELOADED-[tracker.BTARENA.org].5913374.TPB.torrent
2013-07-11 15:48 - 2013-07-11 19:42 - 00000000 ____D C:\Users\Michal\Downloads\Assassins.Creed.III-SKIDROW
2013-07-11 15:48 - 2013-07-11 15:48 - 00000000 ____D C:\Users\Michal\Downloads\Assassin's Creed 3 Assassins Creed III - CRACK WITHOUT UPLAY - Works With All Versions - PHTX
2013-07-11 15:47 - 2013-07-11 15:47 - 00001052 _____ C:\Users\Michal\Downloads\[isoHunt] 3898745.torrent
2013-07-11 15:45 - 2013-07-11 15:45 - 00079475 _____ C:\Users\Michal\Downloads\[isoHunt] Assassins.Creed.III-SKIDROW.torrent
2013-07-09 22:09 - 2013-07-09 22:09 - 01220608 _____ (3DMGAME) C:\Users\Michal\Downloads\Metro_Last Light v1.0 Plus 10 Trainer.exe
2013-07-09 22:09 - 2013-07-09 22:09 - 00000000 ____D C:\Users\Michal\Documents\FLiNGTrainer
2013-07-08 16:18 - 2013-07-08 16:18 - 00000000 ____D C:\Users\Michal\Documents\4A Games
2013-07-07 20:45 - 2013-07-25 11:02 - 00000000 ____D C:\Users\Michal\Downloads\STKCOP1602+14
2013-07-06 22:24 - 2013-07-06 22:24 - 00262144 _____ C:\Windows\Minidump\070613-30295-01.dmp
2013-07-04 02:06 - 2013-07-05 23:24 - 00006617 _____ C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx
2013-07-03 17:48 - 2013-07-03 17:48 - 00001126 _____ C:\Users\Public\Desktop\Metro 2033.lnk
2013-07-03 17:40 - 2013-07-03 17:40 - 00000000 ____D C:\Program Files (x86)\THQ
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Michal\AppData\Local\4A Games
2013-07-03 17:18 - 2013-07-04 01:31 - 00000000 ____D C:\Users\Michal\Downloads\STALKER_Call_Of_Pripyat-Razor1911_[www.USABIT.com]
2013-07-03 17:16 - 2013-07-03 17:18 - 14548992 _____ C:\Users\Michal\Downloads\STALKER-Call.Of.Pripyat[pcgame-Multi5].iso
2013-07-03 17:05 - 2013-07-11 17:22 - 00000000 ____D C:\Program Files (x86)\Metro Last Light
2013-07-03 15:50 - 2013-07-03 15:50 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-03 15:32 - 2013-07-03 15:38 - 00000000 ____D C:\Program Files (x86)\Zeno Clash 2
2013-06-30 22:15 - 2013-06-30 22:15 - 00000000 ____D C:\ProgramData\Pendulo Studios
2013-06-30 22:13 - 2013-06-30 22:13 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-30 22:06 - 2013-06-30 22:06 - 00000000 ____D C:\Program Files (x86)\Pendulo Studios
2013-06-30 05:32 - 2013-06-30 05:32 - 00262144 _____ C:\Windows\Minidump\063013-21543-01.dmp
2013-06-28 13:48 - 2013-06-28 13:48 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-28 13:48 - 2013-06-28 13:48 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-28 13:08 - 2013-06-28 13:08 - 00000000 ____D C:\Hry
2013-06-28 10:43 - 2013-06-28 10:43 - 00000000 ____D C:\Users\Michal\AppData\Local\FLT
2013-06-25 01:16 - 2013-06-25 02:18 - 591579742 _____ C:\Users\Michal\Downloads\Salo-aneb-120-dnu-sodomy.CZ.1975.avi

==================== One Month Modified Files and Folders =======

2013-07-25 16:11 - 2013-07-25 16:11 - 01779761 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2013-07-25 16:11 - 2013-07-25 16:11 - 00000000 ____D C:\FRST
2013-07-25 16:09 - 2013-07-25 16:09 - 00666633 _____ C:\Users\Michal\Downloads\adwcleaner.exe
2013-07-25 16:09 - 2013-07-25 16:09 - 00003826 _____ C:\AdwCleaner[R2].txt
2013-07-25 15:49 - 2012-10-24 19:41 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 15:17 - 2012-03-06 23:24 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 15:16 - 2012-12-15 06:41 - 00000000 ____D C:\Users\Michal\AppData\Roaming\.minecraft
2013-07-25 13:44 - 2013-07-25 13:44 - 00000000 ____D C:\rsit
2013-07-25 13:44 - 2013-07-25 13:43 - 00935175 _____ C:\Users\Michal\Downloads\RSITx64.exe
2013-07-25 13:44 - 2013-04-21 12:50 - 00000000 ____D C:\Program Files\trend micro
2013-07-25 13:32 - 2012-03-06 21:33 - 01799187 _____ C:\Windows\WindowsUpdate.log
2013-07-25 12:58 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 12:58 - 2009-07-14 06:45 - 00022032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 12:52 - 2012-10-06 19:29 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-25 12:50 - 2012-03-06 23:24 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 12:50 - 2010-11-21 05:47 - 00052216 _____ C:\Windows\PFRO.log
2013-07-25 12:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 12:50 - 2009-07-14 06:51 - 00134405 _____ C:\Windows\setupact.log
2013-07-25 11:04 - 2011-04-12 10:34 - 00631292 _____ C:\Windows\system32\perfh005.dat
2013-07-25 11:04 - 2011-04-12 10:34 - 00121914 _____ C:\Windows\system32\perfc005.dat
2013-07-25 11:04 - 2009-07-14 07:13 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 11:02 - 2013-07-07 20:45 - 00000000 ____D C:\Users\Michal\Downloads\STKCOP1602+14
2013-07-25 02:22 - 2013-07-25 02:22 - 00007601 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2013-07-25 02:20 - 2013-07-25 02:20 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Curiolab
2013-07-25 02:18 - 2013-07-25 02:14 - 173846560 _____ (CURIOLAB S.M.B.A.) C:\Users\Michal\Downloads\ExterminateItSetup.exe
2013-07-25 01:47 - 2012-11-28 23:29 - 00002058 _____ C:\Users\Michal\Desktop\seznamFilmů.txt
2013-07-25 01:44 - 2012-03-12 03:41 - 00000000 ____D C:\Users\Michal\AppData\Roaming\vlc
2013-07-24 22:57 - 2013-07-23 23:02 - 00000000 ____D C:\Users\Michal\Downloads\TRON Legacy (2010) DVDRip XviD-MAXSPEED
2013-07-24 22:40 - 2013-05-01 16:59 - 00000000 ____D C:\Users\Michal\AppData\Roaming\BabSolution
2013-07-24 21:50 - 2013-07-24 21:50 - 00000931 _____ C:\Users\Michal\Desktop\MineCraft.lnk
2013-07-24 21:50 - 2012-03-06 21:38 - 00000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-24 21:17 - 2013-07-24 21:17 - 00000000 ____D C:\Users\Michal\Downloads\1.5.1
2013-07-24 20:13 - 2013-07-24 20:12 - 53292803 _____ C:\Users\Michal\Downloads\1.5.1.zip
2013-07-24 20:11 - 2013-07-24 20:11 - 00675988 _____ C:\Users\Michal\Downloads\Minecraft (1).exe
2013-07-24 20:02 - 2013-07-24 20:02 - 00675988 _____ C:\Users\Michal\Downloads\Minecraft.exe
2013-07-23 23:32 - 2012-03-06 22:49 - 00000000 ____D C:\Users\Michal\AppData\Roaming\BitTorrent
2013-07-23 23:01 - 2013-07-23 23:01 - 00016754 _____ C:\Users\Michal\Downloads\[isoHunt] TRON_Legacy_(2010)_DVDRip_XviD-MAX.6212554.TPB.torrent
2013-07-23 22:42 - 2013-07-23 22:42 - 00754504 _____ C:\Windows\Minidump\072313-22011-01.dmp
2013-07-23 22:42 - 2012-09-15 13:58 - 489504490 _____ C:\Windows\MEMORY.DMP
2013-07-23 22:42 - 2012-09-15 13:58 - 00000000 ____D C:\Windows\Minidump
2013-07-22 22:45 - 2013-07-22 22:45 - 00001851 _____ C:\Users\Michal\Desktop\SWTFU2.lnk
2013-07-22 22:45 - 2013-07-22 22:45 - 00000000 ____D C:\Users\Michal\Documents\LucasArts
2013-07-22 22:45 - 2013-07-22 22:45 - 00000000 ____D C:\Users\Michal\AppData\Local\LucasArts
2013-07-22 22:44 - 2012-03-06 23:46 - 00238564 _____ C:\Windows\DirectX.log
2013-07-22 22:14 - 2013-07-22 22:14 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-07-20 14:32 - 2013-04-18 19:00 - 00000000 ____D C:\Users\Michal\Desktop\Sestavy na parties
2013-07-18 04:14 - 2013-07-18 04:14 - 00729680 _____ C:\Windows\Minidump\071813-23696-01.dmp
2013-07-17 00:15 - 2013-07-16 22:45 - 1470144322 _____ C:\Users\Michal\Downloads\I.Love.You.Phillip.Morris.2010.R5-vlož.titulky-CZ-ikisan.avi
2013-07-16 12:57 - 2013-06-24 15:10 - 00013592 _____ C:\Windows\DPINST.LOG
2013-07-15 17:44 - 2013-07-15 17:43 - 01000396 _____ C:\Users\Michal\Downloads\htmlpurifier-4.5.0.zip
2013-07-15 17:44 - 2013-05-10 02:34 - 00000000 ____D C:\Users\Michal\Documents\ClickClack
2013-07-15 15:07 - 2013-07-15 15:07 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-07-15 15:07 - 2013-06-24 15:09 - 00001103 _____ C:\Users\Default\Desktop\T-Mobile Internet Manager.lnk
2013-07-15 15:07 - 2013-06-24 15:09 - 00001103 _____ C:\Users\Default User\Desktop\T-Mobile Internet Manager.lnk
2013-07-15 15:07 - 2013-05-27 19:49 - 00000000 ____D C:\Program Files (x86)\T-Mobile
2013-07-14 22:25 - 2013-07-14 22:25 - 00000000 ____D C:\Users\Michal\Downloads\OP2013
2013-07-14 22:21 - 2013-07-14 22:12 - 149265915 _____ C:\Users\Michal\Downloads\OP2013.zip
2013-07-13 17:52 - 2013-01-06 00:00 - 00000000 ____D C:\Users\Michal\Desktop\0
2013-07-13 17:34 - 2009-07-14 04:34 - 00000430 _____ C:\Windows\win.ini
2013-07-13 17:34 - 2009-07-14 04:34 - 00000241 _____ C:\Windows\system.ini
2013-07-13 09:12 - 2012-03-06 23:24 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 09:12 - 2012-03-06 23:24 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 17:10 - 2013-07-12 17:10 - 00000000 ____D C:\Users\Michal\Documents\Assassin's Creed III
2013-07-12 17:10 - 2013-07-12 17:10 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Theta
2013-07-12 17:02 - 2013-07-11 23:21 - 00000000 ____D C:\Users\Michal\Downloads\Star.Wars.The.Force.Unleashed.2-RELOADED
2013-07-12 16:36 - 2013-07-12 16:36 - 00001785 _____ C:\Users\Michal\Desktop\AssassinsCreed3.lnk
2013-07-12 14:16 - 2012-03-06 23:39 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-12 14:16 - 2012-03-06 21:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-11 23:22 - 2013-07-11 23:22 - 00001730 _____ C:\Users\Michal\Desktop\ZC2.lnk
2013-07-11 23:19 - 2013-07-11 23:19 - 00488716 _____ C:\Users\Michal\Downloads\[isoHunt] Star.Wars.The.Force.Unleashed.2-RELOADED-[tracker.BTARENA.org].5913374.TPB.torrent
2013-07-11 19:42 - 2013-07-11 15:48 - 00000000 ____D C:\Users\Michal\Downloads\Assassins.Creed.III-SKIDROW
2013-07-11 17:22 - 2013-07-03 17:05 - 00000000 ____D C:\Program Files (x86)\Metro Last Light
2013-07-11 17:17 - 2012-03-06 23:51 - 00000000 ____D C:\ProgramData\Ubisoft
2013-07-11 15:48 - 2013-07-11 15:48 - 00000000 ____D C:\Users\Michal\Downloads\Assassin's Creed 3 Assassins Creed III - CRACK WITHOUT UPLAY - Works With All Versions - PHTX
2013-07-11 15:47 - 2013-07-11 15:47 - 00001052 _____ C:\Users\Michal\Downloads\[isoHunt] 3898745.torrent
2013-07-11 15:45 - 2013-07-11 15:45 - 00079475 _____ C:\Users\Michal\Downloads\[isoHunt] Assassins.Creed.III-SKIDROW.torrent
2013-07-11 14:08 - 2009-07-14 07:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-09 22:09 - 2013-07-09 22:09 - 01220608 _____ (3DMGAME) C:\Users\Michal\Downloads\Metro_Last Light v1.0 Plus 10 Trainer.exe
2013-07-09 22:09 - 2013-07-09 22:09 - 00000000 ____D C:\Users\Michal\Documents\FLiNGTrainer
2013-07-08 16:18 - 2013-07-08 16:18 - 00000000 ____D C:\Users\Michal\Documents\4A Games
2013-07-07 16:56 - 2012-03-06 23:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-06 22:24 - 2013-07-06 22:24 - 00262144 _____ C:\Windows\Minidump\070613-30295-01.dmp
2013-07-05 23:24 - 2013-07-04 02:06 - 00006617 _____ C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx
2013-07-04 01:31 - 2013-07-03 17:18 - 00000000 ____D C:\Users\Michal\Downloads\STALKER_Call_Of_Pripyat-Razor1911_[www.USABIT.com]
2013-07-03 17:48 - 2013-07-03 17:48 - 00001126 _____ C:\Users\Public\Desktop\Metro 2033.lnk
2013-07-03 17:40 - 2013-07-03 17:40 - 00000000 ____D C:\Program Files (x86)\THQ
2013-07-03 17:37 - 2013-07-03 17:37 - 00000000 ____D C:\Users\Michal\AppData\Local\4A Games
2013-07-03 17:18 - 2013-07-03 17:16 - 14548992 _____ C:\Users\Michal\Downloads\STALKER-Call.Of.Pripyat[pcgame-Multi5].iso
2013-07-03 15:50 - 2013-07-03 15:50 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-03 15:50 - 2012-10-13 18:11 - 00000000 ____D C:\Users\Michal\Documents\My Games
2013-07-03 15:38 - 2013-07-03 15:32 - 00000000 ____D C:\Program Files (x86)\Zeno Clash 2
2013-06-30 22:15 - 2013-06-30 22:15 - 00000000 ____D C:\ProgramData\Pendulo Studios
2013-06-30 22:13 - 2013-06-30 22:13 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-06-30 22:13 - 2013-06-30 22:13 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-06-30 22:06 - 2013-06-30 22:06 - 00000000 ____D C:\Program Files (x86)\Pendulo Studios
2013-06-30 05:32 - 2013-06-30 05:32 - 00262144 _____ C:\Windows\Minidump\063013-21543-01.dmp
2013-06-28 13:49 - 2012-10-13 18:11 - 00000000 ____D C:\Users\Michal\AppData\Local\SKIDROW
2013-06-28 13:48 - 2013-06-28 13:48 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-28 13:48 - 2013-06-28 13:48 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-28 13:08 - 2013-06-28 13:08 - 00000000 ____D C:\Hry
2013-06-28 10:43 - 2013-06-28 10:43 - 00000000 ____D C:\Users\Michal\AppData\Local\FLT
2013-06-27 23:26 - 2012-03-06 23:22 - 00000000 ____D C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite
2013-06-25 02:18 - 2013-06-25 01:16 - 591579742 _____ C:\Users\Michal\Downloads\Salo-aneb-120-dnu-sodomy.CZ.1975.avi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=C:
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {b737c8f0-67c2-11e1-9520-e444e3db5e1d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {b737c8f2-67c2-11e1-9520-e444e3db5e1d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b737c8f0-67c2-11e1-9520-e444e3db5e1d}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {b737c8f2-67c2-11e1-9520-e444e3db5e1d}
device ramdisk=[C:]\Recovery\b737c8f2-67c2-11e1-9520-e444e3db5e1d\Winre.wim,{b737c8f3-67c2-11e1-9520-e444e3db5e1d}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\b737c8f2-67c2-11e1-9520-e444e3db5e1d\Winre.wim,{b737c8f3-67c2-11e1-9520-e444e3db5e1d}
systemroot \windows
nx OptIn
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {b737c8f0-67c2-11e1-9520-e444e3db5e1d}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=C:
path \boot\memtest.exe
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {b737c8f3-67c2-11e1-9520-e444e3db5e1d}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\b737c8f2-67c2-11e1-9520-e444e3db5e1d\boot.sdi



LastRegBack: 2013-07-23 04:42

==================== End Of Log ============================

[vyosek]

Odinstalujte Ad-Aware Browsing Protection a McAfee Security Scan

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
  HKCU\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1483264 2010-12-21] (Nokia)
  HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP Infium\infium.exe [5896656 2010-09-01] ()
  HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
  HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
  HKCU\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
  HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
  HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542632 2013-01-31] (Lavasoft)
  HKLM-x32\...\Run: [SearchProtection] - C:\ProgramData\Search Protection\_run.bat [x]
  HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
  Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo Messenger!.lnk
  ShortcutTarget: Yahoo Messenger!.lnk -> C:\Program Files (x86)\Yahoo Messenger.exe ()
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119 ... DF9AE70288
  HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119 ... DF9AE70288
  URLSearchHook: (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
  StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  SearchScopes: HKLM - DefaultScope value is missing.
  SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
  SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119520&babsrc=SP_ss&mntrId=1E55F2DF9AE70288
  SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119520&babsrc=SP_ss&mntrId=1E55F2DF9AE70288
  SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
  BHO-x32: QipLI Class - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File
  BHO-x32: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll No File
  FF NewTab: hxxp://www2.delta-search.com/?affID=119 ... DF9AE70288
  FF SelectedSearchEngine: Delta Search
  FF Homepage: hxxp://www2.delta-search.com/?affID=119 ... DF9AE70288
  2013-07-25 02:22 - 2013-07-25 02:22 - 00007601 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
  C:\ProgramData\Search Protection
  C:\ProgramData\Ad-Aware Browsing Protection
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[majkelju]

Ad-aware Browsing Security se mi nepovedlo odinstalovat, protože jsem ho nikde nenašel...ani windows o něm nevěděl, ani v program files jsem ho nenašel ručně...Asi nějaká data, co se neodstranila při odinstalaci...?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2013
Ran by Michal at 2013-07-26 15:47:50 Run:1
Running from C:\Users\Michal\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UpdatePRCShortCut => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Infium => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sony PC Companion => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo Messenger!.lnk => Moved successfully.
C:\Program Files (x86)\Yahoo Messenger.exe => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{95289393-33EA-4F8D-B952-483415B9C955} => Value deleted successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Michal\AppData\Local\Resmon.ResmonCfg => Moved successfully.
"C:\ProgramData\Search Protection" => File/Directory not found.
C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.

==== End of Fixlog ====

[majkelju]

# AdwCleaner v2.306 - Log vytvooen 26/07/2013 v 15:52:37
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# U·ivatel : Michal - MICHAL-PC
# Spu±tin systém : Normální
# Spu±tino z : C:\Users\Michal\Downloads\adwcleaner.exe
# Volba [Vymazat]


***** [Slu·by] *****

Zastaveno & vymazáno : BrowserProtect

***** [Soubory / Slo·ky] *****

Slo·ka Vymazáno : C:\Program Files (x86)\iMesh Applications
Slo·ka Vymazáno : C:\ProgramData\Ask
Slo·ka Vymazáno : C:\ProgramData\Babylon
Slo·ka Vymazáno : C:\ProgramData\BrowserProtect
Slo·ka Vymazáno : C:\Users\Michal\AppData\Roaming\BabSolution
Slo·ka Vymazáno : C:\Users\Michal\AppData\Roaming\Babylon
Slo·ka Vymazáno : C:\Users\Michal\AppData\Roaming\file scout
Soubor Vymazáno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Soubor Vymazáno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Soubor Vymazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\qnh58vg8.default\bprotector_prefs.js

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\BabSolution
Klíe Vymazáno : HKCU\Software\BabylonToolbar
Klíe Vymazáno : HKCU\Software\DataMngr
Klíe Vymazáno : HKCU\Software\DataMngr_Toolbar
Klíe Vymazáno : HKCU\Software\Imesh
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klíe Vymazáno : HKCU\Software\5a53dbdce66ee546
Klíe Vymazáno : HKLM\Software\adawaretb
Klíe Vymazáno : HKLM\Software\Babylon
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\Software\iMeshSRTB
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\5a53dbdce66ee546
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [Internetové prohlí·eee] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\qnh58vg8.default\prefs.js

Vymazáno : user_pref("browser.search.order.1", "Delta Search");

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.2741] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119520&babsrc=HP_ss&mntrI[...]

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Michal\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R2].txt - [3826 octets] - [25/07/2013 16:09:44]
AdwCleaner[S2].txt - [2712 octets] - [26/07/2013 15:52:37]

########## EOF - C:\AdwCleaner[S2].txt - [2772 octets] ##########

[vyosek]

Jak se chova PC

[majkelju]

Schválně jsem počkal, než sem napíšu výsledek, ale vypadá to, že už je PC čisté Včera za celý večer žádná reklama Děkuji!

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse