Preventivka, NTB se choval nestandartne

[olhor]

Prosim o kontrolu logu, ntb se pri prohlizeni internetu choval nestandartne(presmerovaval homepage, oteviral ruzna okna, atd.), navic nebyl a zatim jeste neni pod antivirkem. Odinstalil jsem co se dalo, zastavil sluzby i spousteni prg po spusteni a ted bych potreboval zkontrolovat jestli jsem neco neprehledl, dekuji. Pokud by se dal ntb i zrychlit, dekuji za jakoukoliv radu.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Alena (administrator) on ALENA-PC on 22-09-2014 01:05:05
Running from C:\Users\Alena\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.185.739.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {306d66a0-0722-11e1-9983-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae4fa-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae500-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae509-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {5aa6af6e-5c91-11e1-90ba-001e101f7f74} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {64fdec40-d4f7-11e3-b33b-705ab63aebec} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {67e6e755-872b-11e3-a8c2-f07bcb12034a} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9e4-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9f6-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {b59071ab-6114-11e1-a249-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {c3f36799-4022-11e1-975c-001e101f79c9} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {de7707df-139f-11e1-8cb0-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wisesearch.info/?l=1&q ... I&unqvl=39
SearchScopes: HKCU - DefaultScope {129ed7ad-4c6e-44e2-a734-5da0179a0373} URL = http://search.seznam.cz/?q={searchTerms ... kSearch_12
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {129ed7ad-4c6e-44e2-a734-5da0179a0373} URL = http://search.seznam.cz/?q={searchTerms ... kSearch_12
SearchScopes: HKCU - {1D984F98-EA69-4ED6-A398-0A112F55EA56} URL = http://search.us.com/serp?guid={962EE4C ... earchTerms}
SearchScopes: HKCU - {4628DB20-E3FB-416C-8F36-6DC5E9150023} URL = http://websearch.ask.com/redirect?clien ... E8423ED78F
SearchScopes: HKCU - {66b0d9c4-8adc-4aa3-819a-3e213057c7dd} URL = http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12
SearchScopes: HKCU - {726C50FD-8C64-476F-B3FE-688306FB2B1C} URL = http://search.yahoo.com/search?p={searc ... type=10523
SearchScopes: HKCU - {9cf45de0-f8f4-41ee-aa40-b096c60fc322} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... kSearch_12
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wisesearch.info/?l=1&q ... I&unqvl=39
SearchScopes: HKCU - {dbec0b2b-87f0-489e-b06f-a75441af5e79} URL = http://www.mapy.cz/?query={searchTerms} ... kSearch_12
SearchScopes: HKCU - {E6B71119-F860-4DA0-B560-683165591790} URL = http://rts.dsrlte.com/?q={searchTerms}&r=0
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: TAkeTheCoupoan -> {8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad} -> C:\ProgramData\TAkeTheCoupoan\RoyPcRnHHDccck.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TAkeTheCoupoan -> {8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad} -> C:\ProgramData\TAkeTheCoupoan\RoyPcRnHHDccck.dll ()
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Alena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\searchplugins\dsrlte.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-21]
FF Extension: Adblock Plus - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx []
CHR HKLM-x32\...\Chrome\Extension: [hfimjncgpflkpkhbnnblhblobjjjhjhd] - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S4 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R1 {50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64; C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64.sys [61112 2014-04-24] (StdLib)
R1 {50c078f1-4117-4aad-852a-0b3bbfb46b18}w64; C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys [61112 2014-06-17] (StdLib)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 01:05 - 2014-09-22 01:06 - 00018014 _____ () C:\Users\Alena\Desktop\FRST.txt
2014-09-22 01:04 - 2014-09-22 01:05 - 00000000 ____D () C:\FRST
2014-09-22 01:02 - 2014-09-22 01:02 - 02105856 _____ (Farbar) C:\Users\Alena\Desktop\FRST64.exe
2014-09-22 01:01 - 2014-09-22 01:02 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
2014-09-21 23:02 - 2014-09-21 23:11 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
2014-09-18 21:15 - 2014-09-18 21:15 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Outlook
2014-09-18 20:33 - 2014-09-22 00:49 - 00000000 ____D () C:\Users\Alena\Documents\fotokniha
2014-09-18 10:56 - 2014-09-18 10:56 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\BRT
2014-09-18 10:55 - 2014-09-17 16:26 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-09-14 14:17 - 2014-09-18 19:22 - 00000000 ____D () C:\Users\Alena\Desktop\Oslava 60
2014-09-14 10:30 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
2014-09-13 20:45 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
2014-09-13 12:25 - 2014-09-13 12:25 - 00000000 ____D () C:\ProgramData\TAkeTheCoupoan
2014-09-13 12:24 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 12:24 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 16:58 - 2014-09-02 16:58 - 00000000 ____D () C:\Users\Alena\restore
2014-09-01 20:26 - 2014-09-13 14:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 20:05 - 2014-09-10 19:20 - 00000000 ____D () C:\ProgramData\tmp
2014-09-01 20:05 - 2014-09-02 16:40 - 00000000 ____D () C:\ProgramData\hps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 01:06 - 2014-09-22 01:05 - 00018014 _____ () C:\Users\Alena\Desktop\FRST.txt
2014-09-22 01:06 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 01:06 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 01:05 - 2014-09-22 01:04 - 00000000 ____D () C:\FRST
2014-09-22 01:04 - 2011-10-28 02:22 - 01433082 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 01:02 - 2014-09-22 01:02 - 02105856 _____ (Farbar) C:\Users\Alena\Desktop\FRST64.exe
2014-09-22 01:02 - 2014-09-22 01:01 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
2014-09-22 00:49 - 2014-09-18 20:33 - 00000000 ____D () C:\Users\Alena\Documents\fotokniha
2014-09-22 00:41 - 2013-05-08 19:13 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 00:40 - 2012-07-19 16:41 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 00:37 - 2013-05-08 19:12 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 00:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 00:36 - 2009-07-14 06:51 - 00169774 _____ () C:\Windows\setupact.log
2014-09-22 00:08 - 2012-11-04 11:01 - 00000000 ____D () C:\Users\Alena\AppData\Local\HTC MediaHub
2014-09-21 23:58 - 2011-11-26 20:19 - 00000982 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000UA.job
2014-09-21 23:46 - 2011-11-01 17:12 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Skype
2014-09-21 23:41 - 2011-11-01 16:40 - 00115816 _____ () C:\Users\Alena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 23:41 - 2011-10-28 02:11 - 00610636 _____ () C:\Windows\system32\perfh005.dat
2014-09-21 23:41 - 2011-10-28 02:11 - 00113958 _____ () C:\Windows\system32\perfc005.dat
2014-09-21 23:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 23:40 - 2014-09-14 10:30 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
2014-09-21 23:40 - 2014-09-13 20:45 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
2014-09-21 23:40 - 2014-06-24 10:17 - 00000000 ____D () C:\ProgramData\NettoCoupoN
2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\FunDeals
2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\DIscounTExtEnsia
2014-09-21 23:40 - 2014-03-20 08:17 - 00000000 ____D () C:\ProgramData\Fuun2SSauve
2014-09-21 23:40 - 2014-02-28 11:52 - 00000000 ____D () C:\ProgramData\DeaalExpress
2014-09-21 23:40 - 2013-11-19 10:32 - 00000000 ____D () C:\Windows\Jaksta
2014-09-21 23:40 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\SearchNewTab
2014-09-21 23:40 - 2013-10-22 20:53 - 00000000 ____D () C:\ProgramData\DoWanload Keeper
2014-09-21 23:40 - 2011-10-28 02:19 - 00025044 _____ () C:\Windows\PFRO.log
2014-09-21 23:40 - 2009-07-14 06:45 - 00447336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 23:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-21 23:24 - 2014-01-27 10:24 - 00000000 ____D () C:\ProgramData\DNA
2014-09-21 23:14 - 2014-02-11 17:52 - 00000000 ____D () C:\ProgramData\3f191a7483f39c56
2014-09-21 23:12 - 2013-05-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-21 23:12 - 2011-11-01 17:19 - 00000000 ____D () C:\Users\Alena\AppData\Local\Google
2014-09-21 23:11 - 2014-09-21 23:02 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
2014-09-21 23:09 - 2011-02-18 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-09-21 23:09 - 2011-02-18 18:35 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-09-21 23:05 - 2013-11-19 10:38 - 00000000 ____D () C:\Users\Alena\AppData\Local\Jaksta_Technologies_Pty_L
2014-09-21 23:05 - 2012-03-05 14:56 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-09-21 22:47 - 2014-02-11 17:52 - 00000000 ____D () C:\ProgramData\AlelTTubENoiAds
2014-09-21 19:26 - 2012-03-05 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2014-09-21 19:24 - 2011-02-18 18:43 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-09-21 19:23 - 2011-02-18 18:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-21 19:22 - 2011-02-18 18:48 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2014-09-21 19:22 - 2011-02-18 18:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-21 19:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-21 19:03 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-21 18:48 - 2011-11-04 22:29 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-21 17:25 - 2014-02-03 13:16 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\vlc
2014-09-19 14:58 - 2011-11-26 20:19 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000Core.job
2014-09-18 23:03 - 2011-11-01 18:20 - 00000000 ____D () C:\Users\Alena\Documents\škola
2014-09-18 22:54 - 2012-04-05 10:58 - 00000000 ____D () C:\Users\Alena\Documents\cvičení
2014-09-18 22:40 - 2012-03-30 23:21 - 00000000 ____D () C:\Users\Alena\AppData\Local\Seznam.cz
2014-09-18 22:35 - 2012-12-27 01:11 - 00002925 _____ () C:\Windows\wininit.ini
2014-09-18 22:35 - 2012-09-19 18:39 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Dropbox
2014-09-18 22:33 - 2014-01-27 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotum
2014-09-18 22:31 - 2013-10-21 16:07 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\BitTorrent
2014-09-18 21:37 - 2009-07-14 07:13 - 01470298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 21:15 - 2014-09-18 21:15 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Outlook
2014-09-18 20:36 - 2011-11-01 16:40 - 00000000 ____D () C:\Users\Alena
2014-09-18 19:29 - 2011-12-01 14:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 19:26 - 2012-09-19 18:42 - 00000000 ___RD () C:\Users\Alena\Dropbox
2014-09-18 19:22 - 2014-09-14 14:17 - 00000000 ____D () C:\Users\Alena\Desktop\Oslava 60
2014-09-18 10:56 - 2014-09-18 10:56 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\BRT
2014-09-18 10:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-17 16:26 - 2014-09-18 10:55 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-09-15 14:43 - 2012-07-19 16:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 14:43 - 2012-07-19 16:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 14:43 - 2012-07-19 16:41 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-13 14:40 - 2013-06-09 22:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-13 14:33 - 2011-11-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 14:32 - 2014-09-01 20:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 14:32 - 2012-04-30 13:12 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-13 14:32 - 2011-12-18 18:46 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-13 14:31 - 2013-07-18 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 14:31 - 2011-12-18 18:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 14:31 - 2011-12-18 18:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 12:43 - 2011-11-03 22:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 12:25 - 2014-09-13 12:25 - 00000000 ____D () C:\ProgramData\TAkeTheCoupoan
2014-09-10 19:20 - 2014-09-01 20:05 - 00000000 ____D () C:\ProgramData\tmp
2014-09-05 04:01 - 2014-09-13 12:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:55 - 2014-09-13 12:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 16:58 - 2014-09-02 16:58 - 00000000 ____D () C:\Users\Alena\restore
2014-09-02 16:40 - 2014-09-01 20:05 - 00000000 ____D () C:\ProgramData\hps
2014-09-02 06:49 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-02 06:49 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 20:25 - 2012-05-15 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 19:53 - 2011-11-01 17:08 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Alena\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Alena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1b1nk4.dll
C:\Users\Alena\AppData\Local\Temp\dsrlte.exe
C:\Users\Alena\AppData\Local\Temp\dsrsetup.exe
C:\Users\Alena\AppData\Local\Temp\ochelper.exe
C:\Users\Alena\AppData\Local\Temp\res.dll
C:\Users\Alena\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000Core.job => C:\Users\Alena\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000UA.job => C:\Users\Alena\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Alena\Desktop" je 1414 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Alena\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid
"C:\Users\Alena\AppData\Local\iLivid\iLivid.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak
"C:\Program Files (x86)\Seznam.cz\bin\postak.exe" -s [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer
C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Zdravim

Antivir tam vidim Microsoft Security Client

Taky tam vidim ale jeste spousty bordelu

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[olhor]

JJ microsoft je ale essential Navic byl neaktualizovany. Ja mam na vsech svych PC leta ESS a od te doby, nic jineho uz neuznavam.

tady je log z AdwCleaneru:
# AdwCleaner v3.310 - Report created 22/09/2014 at 12:02:03
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Alena - ALENA-PC
# Running from : C:\Users\Alena\Downloads\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64
Service Deleted : {50c078f1-4117-4aad-852a-0b3bbfb46b18}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Performancer
Folder Deleted : C:\ProgramData\WebTect
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\Browser AdBlocker
Folder Deleted : C:\ProgramData\DeaalExpress
Folder Deleted : C:\ProgramData\DIscounTExtEnsia
Folder Deleted : C:\ProgramData\DoWanload Keeper
Folder Deleted : C:\ProgramData\FunDeals
Folder Deleted : C:\ProgramData\Fuun2SSauve
Folder Deleted : C:\ProgramData\NettoCoupoN
Folder Deleted : C:\ProgramData\ReguulaorrDeaiLs
Folder Deleted : C:\ProgramData\TAkeTheCoupoan
Folder Deleted : C:\ProgramData\TakEuThECouPoon
Folder Deleted : C:\Users\Alena\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Alena\AppData\Roaming\SkypEmoticons
File Deleted : C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\DealExPress.DealExPress
Key Deleted : HKLM\SOFTWARE\Classes\DealExPress.DealExPress.2.1
Key Deleted : HKLM\SOFTWARE\Classes\NeetoCoupon.NeetoCoupon
Key Deleted : HKLM\SOFTWARE\Classes\NeetoCoupon.NeetoCoupon.6.1
Key Deleted : HKLM\SOFTWARE\Classes\Fun2Save.Fun2Save
Key Deleted : HKLM\SOFTWARE\Classes\Fun2Save.Fun2Save.4.5
Key Deleted : HKLM\SOFTWARE\Classes\DiiscountExtensi.DiiscountExtensi
Key Deleted : HKLM\SOFTWARE\Classes\DiiscountExtensi.DiiscountExtensi.7.2
Key Deleted : HKLM\SOFTWARE\Classes\FunDeAils.FunDeAils
Key Deleted : HKLM\SOFTWARE\Classes\FunDeAils.FunDeAils.2.2
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-5920013820
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1915a69c-d80d-4ebf-855a-a261cfff8c5d}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29AB74E6-1C79-43EA-B728-ED679EE09829}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72c0c780-47e3-4d82-9dba-f0951f6efa4f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93036290-C67C-AD18-3127-CAE91C8C2B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC292D4A-6224-104B-742E-4498BE9CDAB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1915a69c-d80d-4ebf-855a-a261cfff8c5d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29AB74E6-1C79-43EA-B728-ED679EE09829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72c0c780-47e3-4d82-9dba-f0951f6efa4f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93036290-C67C-AD18-3127-CAE91C8C2B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AC292D4A-6224-104B-742E-4498BE9CDAB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1915a69c-d80d-4ebf-855a-a261cfff8c5d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29AB74E6-1C79-43EA-B728-ED679EE09829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72c0c780-47e3-4d82-9dba-f0951f6efa4f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93036290-C67C-AD18-3127-CAE91C8C2B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AC292D4A-6224-104B-742E-4498BE9CDAB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1915a69c-d80d-4ebf-855a-a261cfff8c5d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29AB74E6-1C79-43EA-B728-ED679EE09829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72c0c780-47e3-4d82-9dba-f0951f6efa4f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{93036290-C67C-AD18-3127-CAE91C8C2B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC292D4A-6224-104B-742E-4498BE9CDAB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1915a69c-d80d-4ebf-855a-a261cfff8c5d}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{29AB74E6-1C79-43EA-B728-ED679EE09829}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{72c0c780-47e3-4d82-9dba-f0951f6efa4f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{93036290-C67C-AD18-3127-CAE91C8C2B2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AC292D4A-6224-104B-742E-4498BE9CDAB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cd8d8e0-04ca-4a33-ac80-c8e0ff84a5ad}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\prefs.js ]

Line Deleted : user_pref("extensions.2ljsNyk9nBvm2GQy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("extensions.onzOecOMtNcYAqcb.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
Line Deleted : user_pref("extensions.sSKPMh7e2qYEo6HX.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]

*************************

AdwCleaner[R0].txt - [10454 octets] - [22/09/2014 11:58:03]
AdwCleaner[S0].txt - [10251 octets] - [22/09/2014 12:02:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10312 octets] ##########


tady je log z JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alena on po 22.09.2014 at 11:28:59.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\speedupmycomputer
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\registryhelper.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitinkUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitinkUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\qualitink_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatequalitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilqualitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilqualitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r362-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r362-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitinkUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitinkUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\qualitink_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatequalitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatequalitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilqualitink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilqualitink_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{129ed7ad-4c6e-44e2-a734-5da0179a0373}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1D984F98-EA69-4ED6-A398-0A112F55EA56}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4628DB20-E3FB-416C-8F36-6DC5E9150023}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browser enhancer"



~~~ FireFox

Successfully deleted the following from C:\Users\Alena\AppData\Roaming\mozilla\firefox\profiles\ak6slt1v.default-1409596209088\prefs.js

user_pref("extensions.2ljsNyk9nBvm2GQy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.onzOecOMtNcYAqcb.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.sSKPMh7e2qYEo6HX.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
Emptied folder: C:\Users\Alena\AppData\Roaming\mozilla\firefox\profiles\ak6slt1v.default-1409596209088\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 22.09.2014 at 11:50:05.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[vyosek]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[olhor]

Zde vkladam pozadovany log:


Zoek.exe v5.0.0.0 Updated 21-09-2014
Tool run by Alena on po 22.09.2014 at 23:36:09.81.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alena\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22.9.2014 23:38:39 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-830790603-1472093841-2811899278-1000\Software\Microsoft\Internet Explorer\SearchScopes\{726C50FD-8C64-476F-B3FE-688306FB2B1C} deleted successfully
HKEY_USERS\S-1-5-21-830790603-1472093841-2811899278-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9cf45de0-f8f4-41ee-aa40-b096c60fc322} deleted successfully
HKEY_USERS\S-1-5-21-830790603-1472093841-2811899278-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_USERS\S-1-5-21-830790603-1472093841-2811899278-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-830790603-1472093841-2811899278-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ff-bmboc@bytemobile.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.newtab.url", "");
user_pref("keyword.URL", "");

Added to C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088

user.js not found
---- Lines extensions.2ljsNyk9nBvm2GQy removed from prefs.js ----
user_pref("extensions.2ljsNyk9nBvm2GQy.epoch", "1411401045");
user_pref("extensions.2ljsNyk9nBvm2GQy.url", "http://veterant.info/sync2/?q=hfZ9oeJQA ... qda4rTwFqj
---- Lines extensions.onzOecOMtNcYAqcb removed from prefs.js ----
user_pref("extensions.onzOecOMtNcYAqcb.epoch", "1411401044");
user_pref("extensions.onzOecOMtNcYAqcb.url", "http://fasten-tech.com/sync2/?q=hfZ9oeh ... qUojw9rdUG
---- Lines extensions.sSKPMh7e2qYEo6HX removed from prefs.js ----
user_pref("extensions.sSKPMh7e2qYEo6HX.epoch", "1411401045");
user_pref("extensions.sSKPMh7e2qYEo6HX.url", "http://veteranted.com/sync2/?q=hfZ9oeJQ ... Fqda4rTwFq
---- FireFox user.js and prefs.js backups ----

prefs_22.09.2014_2355_.backup

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\Users\Alena\AppData\LocalLow\{06E2F9C2-5936-E521-578F-EE16850FFCD8} deleted
C:\Users\Alena\AppData\LocalLow\{29AB74E6-1C79-43EA-B728-ED679EE09829} deleted
C:\Users\Alena\AppData\LocalLow\{93036290-C67C-AD18-3127-CAE91C8C2B2C} deleted
C:\Users\Alena\AppData\LocalLow\{AC292D4A-6224-104B-742E-4498BE9CDAB6} deleted
C:\Users\Alena\AppData\LocalLow\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8} deleted
C:\Users\Alena\AppData\LocalLow\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{06E2F9C2-5936-E521-578F-EE16850FFCD8} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{29AB74E6-1C79-43EA-B728-ED679EE09829} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{93036290-C67C-AD18-3127-CAE91C8C2B2C} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{AC292D4A-6224-104B-742E-4498BE9CDAB6} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{D5BB44C7-D0ED-49D5-0D24-8E507C4A1AA8} deleted
C:\Users\Alena\AppData\Local\Packages\windows_ie_ac_001\AC\{F8CD4DC9-8B17-2D7D-EA74-4EA3BAC4CE37} deleted
C:\PROGRA~3\3f191a7483f39c56 deleted
C:\Users\Alena\.android deleted
C:\PROGRA~3\AlelTTubENoiAds deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\SearchNewTab deleted
C:\PROGRA~3\InstallMate deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\fknfhleepeajgmoojjbhgkkdkhefejmb\update.xml" deleted
"C:\PROGRA~3\fknfhleepeajgmoojjbhgkkdkhefejmb" deleted
"C:\Users\Alena\AppData\Roaming\BRT" deleted
"C:\Users\Alena\AppData\Roaming\Outlook" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Alena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gpicboiclhmnllnjdcfcffifpoaebgkm - C:\Program Files (x86)\Freecorder extension\Freecorder.crx[]
hfimjncgpflkpkhbnnblhblobjjjhjhd - C:\Program Files (x86)\qualitink\hfimjncgpflkpkhbnnblhblobjjjhjhd.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://rts.dsrlte.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://rts.dsrlte.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{66b0d9c4-8adc-4aa3-819a-3e213057c7dd} Firmy.cz Url="http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12"
{dbec0b2b-87f0-489e-b06f-a75441af5e79} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... kSearch_12"
{E6B71119-F860-4DA0-B560-683165591790} Yahoo! Search Url="http://rts.dsrlte.com/?q={searchTerms}&r=0"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{026438E5-7169-21A8-464D-5AED070E6C1E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hfimjncgpflkpkhbnnblhblobjjjhjhd deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Alena\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alena\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Alena\AppData\Local\Mozilla\Firefox\Profiles\h09ucyu2.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1024 folders=119 32910340 bytes)

==== Empty Temp Folders ======================

C:\Users\Alena\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Alena\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Alena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Łt 23.09.2014 at 0:02:24.70 ======================


Behem prubehu cisteni jsem spustil i antivir a v karantene jsem nasel adware, ktery tento antivir jiz delsi dobu neuspesne odstranuje.

karantena.jpg (108.26 KiB) Zobrazeno 828 x

[vyosek]

behem leceni je blbost spoustet antivir, jelikoz dojde maximalne k tomu, ze se antivri a utilita odstranujici pripadnou nakazu budou o havet "prat" a bud dojde k zaseku nebo se bordel neodstrani

Poprosim o novy log z FRST

[olhor]

ok dobre vedet, zde je log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Alena (administrator) on ALENA-PC on 23-09-2014 01:36:45
Running from C:\Users\Alena\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {306d66a0-0722-11e1-9983-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae4fa-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae500-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae509-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {5aa6af6e-5c91-11e1-90ba-001e101f7f74} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {64fdec40-d4f7-11e3-b33b-705ab63aebec} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {67e6e755-872b-11e3-a8c2-f07bcb12034a} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9e4-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9f6-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {b59071ab-6114-11e1-a249-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {c3f36799-4022-11e1-975c-001e101f79c9} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {de7707df-139f-11e1-8cb0-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {66b0d9c4-8adc-4aa3-819a-3e213057c7dd} URL = http://www.firmy.cz/phr/{searchTerms}?s ... kSearch_12
SearchScopes: HKCU - {dbec0b2b-87f0-489e-b06f-a75441af5e79} URL = http://www.mapy.cz/?query={searchTerms} ... kSearch_12
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Alena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\searchplugins\dsrlte.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-21]
FF Extension: Adblock Plus - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\ak6slt1v.default-1409596209088\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-22]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S4 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 01:36 - 2014-09-23 01:36 - 00029696 _____ () C:\Users\Alena\AppData\Local\MSGBOX.EXE
2014-09-23 01:36 - 2014-09-23 01:36 - 00015327 _____ () C:\Users\Alena\Desktop\LM.bat
2014-09-23 01:36 - 2014-09-23 01:36 - 00015059 _____ () C:\Users\Alena\Desktop\FRST.txt
2014-09-23 01:03 - 2014-09-23 01:03 - 00001427 _____ () C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-23 01:03 - 2014-09-23 01:03 - 00001393 _____ () C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-23 00:50 - 2014-09-23 00:50 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-23 00:50 - 2014-09-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 00:00 - 2014-09-22 23:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-22 23:38 - 2014-09-23 00:02 - 00014179 _____ () C:\zoek-results.log
2014-09-22 23:35 - 2014-09-23 00:01 - 00000000 ____D () C:\zoek_backup
2014-09-22 23:35 - 2014-09-22 23:35 - 01290752 _____ () C:\Users\Alena\Desktop\zoek.exe
2014-09-22 17:15 - 2014-09-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 11:57 - 2014-09-23 01:02 - 00000000 ____D () C:\AdwCleaner
2014-09-22 11:57 - 2014-09-22 11:57 - 01373475 _____ () C:\Users\Alena\Desktop\adwcleaner_3.310.exe
2014-09-22 11:50 - 2014-09-22 11:50 - 00011340 _____ () C:\Users\Alena\Desktop\JRT.txt
2014-09-22 11:28 - 2014-09-22 11:28 - 01027006 _____ (Thisisu) C:\Users\Alena\Desktop\JRT.exe
2014-09-22 11:28 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 01:23 - 2014-09-22 01:23 - 00035092 _____ () C:\Users\Alena\Desktop\FRST3.txt
2014-09-22 01:17 - 2014-09-22 01:17 - 00006579 _____ () C:\Users\Alena\Desktop\Addition.rar
2014-09-22 01:09 - 2014-09-22 01:09 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-09-22 01:04 - 2014-09-23 01:36 - 00000000 ____D () C:\FRST
2014-09-22 01:02 - 2014-09-22 01:02 - 02105856 _____ (Farbar) C:\Users\Alena\Desktop\FRST64.exe
2014-09-22 01:01 - 2014-09-22 01:02 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
2014-09-21 23:02 - 2014-09-21 23:11 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
2014-09-18 20:33 - 2014-09-22 00:49 - 00000000 ____D () C:\Users\Alena\Documents\fotokniha
2014-09-18 10:55 - 2014-09-17 16:26 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-09-14 14:17 - 2014-09-18 19:22 - 00000000 ____D () C:\Users\Alena\Desktop\Oslava 60
2014-09-13 12:24 - 2014-09-05 04:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-13 12:24 - 2014-09-05 03:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 16:58 - 2014-09-02 16:58 - 00000000 ____D () C:\Users\Alena\restore
2014-09-01 20:26 - 2014-09-13 14:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 20:05 - 2014-09-10 19:20 - 00000000 ____D () C:\ProgramData\tmp
2014-09-01 20:05 - 2014-09-02 16:40 - 00000000 ____D () C:\ProgramData\hps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 01:37 - 2014-09-23 01:36 - 00015059 _____ () C:\Users\Alena\Desktop\FRST.txt
2014-09-23 01:36 - 2014-09-23 01:36 - 00029696 _____ () C:\Users\Alena\AppData\Local\MSGBOX.EXE
2014-09-23 01:36 - 2014-09-23 01:36 - 00015327 _____ () C:\Users\Alena\Desktop\LM.bat
2014-09-23 01:36 - 2014-09-22 01:04 - 00000000 ____D () C:\FRST
2014-09-23 01:14 - 2011-10-28 02:22 - 01520447 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 01:10 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 01:10 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 01:03 - 2014-09-23 01:03 - 00001427 _____ () C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-23 01:03 - 2014-09-23 01:03 - 00001393 _____ () C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-23 01:03 - 2013-05-08 19:12 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 01:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 01:02 - 2014-09-22 11:57 - 00000000 ____D () C:\AdwCleaner
2014-09-23 01:02 - 2011-10-28 02:19 - 00061906 _____ () C:\Windows\PFRO.log
2014-09-23 01:02 - 2009-07-14 06:51 - 00171102 _____ () C:\Windows\setupact.log
2014-09-23 00:50 - 2014-09-23 00:50 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-23 00:50 - 2014-09-23 00:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 00:50 - 2014-09-22 17:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 00:41 - 2013-05-08 19:13 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 00:40 - 2012-07-19 16:41 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 00:02 - 2014-09-22 23:38 - 00014179 _____ () C:\zoek-results.log
2014-09-23 00:01 - 2014-09-22 23:35 - 00000000 ____D () C:\zoek_backup
2014-09-22 23:58 - 2011-11-26 20:19 - 00000982 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000UA.job
2014-09-22 23:56 - 2011-11-01 16:40 - 00000000 ____D () C:\Users\Alena
2014-09-22 23:35 - 2014-09-23 00:00 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-22 23:35 - 2014-09-22 23:35 - 01290752 _____ () C:\Users\Alena\Desktop\zoek.exe
2014-09-22 20:49 - 2014-02-03 13:16 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\vlc
2014-09-22 19:53 - 2011-10-28 02:11 - 00610636 _____ () C:\Windows\system32\perfh005.dat
2014-09-22 19:53 - 2011-10-28 02:11 - 00113958 _____ () C:\Windows\system32\perfc005.dat
2014-09-22 19:53 - 2009-07-14 07:13 - 01411428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 17:40 - 2012-07-19 16:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 17:40 - 2012-07-19 16:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 17:40 - 2012-07-19 16:41 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 14:58 - 2011-11-26 20:19 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-830790603-1472093841-2811899278-1000Core.job
2014-09-22 12:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-22 11:57 - 2014-09-22 11:57 - 01373475 _____ () C:\Users\Alena\Desktop\adwcleaner_3.310.exe
2014-09-22 11:50 - 2014-09-22 11:50 - 00011340 _____ () C:\Users\Alena\Desktop\JRT.txt
2014-09-22 11:28 - 2014-09-22 11:28 - 01027006 _____ (Thisisu) C:\Users\Alena\Desktop\JRT.exe
2014-09-22 11:28 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 08:42 - 2011-12-18 18:54 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 01:23 - 2014-09-22 01:23 - 00035092 _____ () C:\Users\Alena\Desktop\FRST3.txt
2014-09-22 01:17 - 2014-09-22 01:17 - 00006579 _____ () C:\Users\Alena\Desktop\Addition.rar
2014-09-22 01:09 - 2014-09-22 01:09 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-09-22 01:02 - 2014-09-22 01:02 - 02105856 _____ (Farbar) C:\Users\Alena\Desktop\FRST64.exe
2014-09-22 01:02 - 2014-09-22 01:01 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
2014-09-22 00:49 - 2014-09-18 20:33 - 00000000 ____D () C:\Users\Alena\Documents\fotokniha
2014-09-22 00:08 - 2012-11-04 11:01 - 00000000 ____D () C:\Users\Alena\AppData\Local\HTC MediaHub
2014-09-21 23:46 - 2011-11-01 17:12 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Skype
2014-09-21 23:41 - 2011-11-01 16:40 - 00115816 _____ () C:\Users\Alena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 23:41 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 23:40 - 2013-11-19 10:32 - 00000000 ____D () C:\Windows\Jaksta
2014-09-21 23:40 - 2009-07-14 06:45 - 00447336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 23:39 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-21 23:24 - 2014-01-27 10:24 - 00000000 ____D () C:\ProgramData\DNA
2014-09-21 23:12 - 2013-05-08 19:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-21 23:12 - 2011-11-01 17:19 - 00000000 ____D () C:\Users\Alena\AppData\Local\Google
2014-09-21 23:11 - 2014-09-21 23:02 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
2014-09-21 23:09 - 2011-02-18 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-09-21 23:09 - 2011-02-18 18:35 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-09-21 23:05 - 2012-03-05 14:56 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-09-21 19:26 - 2012-03-05 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2014-09-21 19:24 - 2011-02-18 18:43 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-09-21 19:23 - 2011-02-18 18:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-21 19:22 - 2011-02-18 18:48 - 00000000 ____D () C:\Program Files (x86)\NewTech Infosystems
2014-09-21 19:22 - 2011-02-18 18:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-21 19:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-21 19:03 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-18 23:03 - 2011-11-01 18:20 - 00000000 ____D () C:\Users\Alena\Documents\škola
2014-09-18 22:54 - 2012-04-05 10:58 - 00000000 ____D () C:\Users\Alena\Documents\cvičení
2014-09-18 22:35 - 2012-09-19 18:39 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Dropbox
2014-09-18 22:33 - 2014-01-27 10:21 - 00000000 ____D () C:\Program Files (x86)\Emotum
2014-09-18 22:31 - 2013-10-21 16:07 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\BitTorrent
2014-09-18 19:29 - 2011-12-01 14:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 19:26 - 2012-09-19 18:42 - 00000000 ___RD () C:\Users\Alena\Dropbox
2014-09-18 19:22 - 2014-09-14 14:17 - 00000000 ____D () C:\Users\Alena\Desktop\Oslava 60
2014-09-18 10:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-17 16:26 - 2014-09-18 10:55 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2014-09-13 14:40 - 2013-06-09 22:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-13 14:33 - 2011-11-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 14:32 - 2014-09-01 20:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 14:32 - 2012-04-30 13:12 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-13 14:32 - 2011-12-18 18:46 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-13 14:31 - 2013-07-18 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 14:31 - 2011-12-18 18:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 14:31 - 2011-12-18 18:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-13 12:43 - 2011-11-03 22:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 19:20 - 2014-09-01 20:05 - 00000000 ____D () C:\ProgramData\tmp
2014-09-05 04:01 - 2014-09-13 12:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:55 - 2014-09-13 12:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 16:58 - 2014-09-02 16:58 - 00000000 ____D () C:\Users\Alena\restore
2014-09-02 16:40 - 2014-09-01 20:05 - 00000000 ____D () C:\ProgramData\hps
2014-09-02 06:49 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-02 06:49 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 20:25 - 2012-05-15 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 19:53 - 2011-11-01 17:08 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Alena\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-22 12:45

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {306d66a0-0722-11e1-9983-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae4fa-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae500-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae509-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {5aa6af6e-5c91-11e1-90ba-001e101f7f74} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {64fdec40-d4f7-11e3-b33b-705ab63aebec} - F:\HTC_Sync_Manager_PC.exe
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {67e6e755-872b-11e3-a8c2-f07bcb12034a} - E:\Autorun.exe
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9e4-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9f6-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {b59071ab-6114-11e1-a249-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {c3f36799-4022-11e1-975c-001e101f79c9} - E:\setup_vmc_lite.exe /checkApplicationPresence
  HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {de7707df-139f-11e1-8cb0-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  
  BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
  
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
  R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
  C:\Program Files (x86)\Skype\Toolbars
  
  2014-09-23 01:36 - 2014-09-23 01:36 - 00029696 _____ () C:\Users\Alena\AppData\Local\MSGBOX.EXE
  2014-09-23 01:36 - 2014-09-23 01:36 - 00015327 _____ () C:\Users\Alena\Desktop\LM.bat
  2014-09-23 01:36 - 2014-09-23 01:36 - 00015059 _____ () C:\Users\Alena\Desktop\FRST.txt
  2014-09-23 00:00 - 2014-09-22 23:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-09-22 23:38 - 2014-09-23 00:02 - 00014179 _____ () C:\zoek-results.log
  2014-09-22 23:35 - 2014-09-23 00:01 - 00000000 ____D () C:\zoek_backup
  2014-09-22 23:35 - 2014-09-22 23:35 - 01290752 _____ () C:\Users\Alena\Desktop\zoek.exe
  2014-09-22 11:57 - 2014-09-23 01:02 - 00000000 ____D () C:\AdwCleaner
  2014-09-22 11:57 - 2014-09-22 11:57 - 01373475 _____ () C:\Users\Alena\Desktop\adwcleaner_3.310.exe
  2014-09-22 11:50 - 2014-09-22 11:50 - 00011340 _____ () C:\Users\Alena\Desktop\JRT.txt
  2014-09-22 11:28 - 2014-09-22 11:28 - 01027006 _____ (Thisisu) C:\Users\Alena\Desktop\JRT.exe
  2014-09-22 11:28 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows\ERUNT
  2014-09-22 01:23 - 2014-09-22 01:23 - 00035092 _____ () C:\Users\Alena\Desktop\FRST3.txt
  2014-09-22 01:17 - 2014-09-22 01:17 - 00006579 _____ () C:\Users\Alena\Desktop\Addition.rar
  2014-09-22 01:01 - 2014-09-22 01:02 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
  2014-09-21 23:02 - 2014-09-21 23:11 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
  2014-09-14 10:30 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
  2014-09-13 20:45 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
  2014-09-13 12:25 - 2014-09-13 12:25 - 00000000 ____D () C:\ProgramData\TAkeTheCoupoan
  2014-09-21 23:40 - 2014-09-14 10:30 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
  2014-09-21 23:40 - 2014-09-13 20:45 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
  2014-09-21 23:40 - 2014-06-24 10:17 - 00000000 ____D () C:\ProgramData\NettoCoupoN
  2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\FunDeals
  2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\DIscounTExtEnsia
  2014-09-21 23:40 - 2014-03-20 08:17 - 00000000 ____D () C:\ProgramData\Fuun2SSauve
  2014-09-21 23:40 - 2014-02-28 11:52 - 00000000 ____D () C:\ProgramData\DeaalExpress
  2014-09-21 23:40 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\SearchNewTab
  2014-09-21 23:40 - 2013-10-22 20:53 - 00000000 ____D () C:\ProgramData\DoWanload Keeper
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[olhor]

Dobre rano, zde je log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Alena at 2014-09-23 07:54:13 Run:1
Running from C:\Users\Alena\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {306d66a0-0722-11e1-9983-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae4fa-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae500-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {3beae509-0497-11e1-a053-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {5aa6af6e-5c91-11e1-90ba-001e101f7f74} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {64fdec40-d4f7-11e3-b33b-705ab63aebec} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {67e6e755-872b-11e3-a8c2-f07bcb12034a} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9e4-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {853ed9f6-d34a-11e3-b21a-705ab63aebec} - E:\Autorun.exe
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {b59071ab-6114-11e1-a249-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {c3f36799-4022-11e1-975c-001e101f79c9} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-830790603-1472093841-2811899278-1000\...\MountPoints2: {de7707df-139f-11e1-8cb0-f07bcb12034a} - E:\setup_vmc_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars

2014-09-23 01:36 - 2014-09-23 01:36 - 00029696 _____ () C:\Users\Alena\AppData\Local\MSGBOX.EXE
2014-09-23 01:36 - 2014-09-23 01:36 - 00015327 _____ () C:\Users\Alena\Desktop\LM.bat
2014-09-23 01:36 - 2014-09-23 01:36 - 00015059 _____ () C:\Users\Alena\Desktop\FRST.txt
2014-09-23 00:00 - 2014-09-22 23:35 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-09-22 23:38 - 2014-09-23 00:02 - 00014179 _____ () C:\zoek-results.log
2014-09-22 23:35 - 2014-09-23 00:01 - 00000000 ____D () C:\zoek_backup
2014-09-22 23:35 - 2014-09-22 23:35 - 01290752 _____ () C:\Users\Alena\Desktop\zoek.exe
2014-09-22 11:57 - 2014-09-23 01:02 - 00000000 ____D () C:\AdwCleaner
2014-09-22 11:57 - 2014-09-22 11:57 - 01373475 _____ () C:\Users\Alena\Desktop\adwcleaner_3.310.exe
2014-09-22 11:50 - 2014-09-22 11:50 - 00011340 _____ () C:\Users\Alena\Desktop\JRT.txt
2014-09-22 11:28 - 2014-09-22 11:28 - 01027006 _____ (Thisisu) C:\Users\Alena\Desktop\JRT.exe
2014-09-22 11:28 - 2014-09-22 11:28 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 01:23 - 2014-09-22 01:23 - 00035092 _____ () C:\Users\Alena\Desktop\FRST3.txt
2014-09-22 01:17 - 2014-09-22 01:17 - 00006579 _____ () C:\Users\Alena\Desktop\Addition.rar
2014-09-22 01:01 - 2014-09-22 01:02 - 00112640 _____ (forum.viry.cz) C:\Users\Alena\Desktop\FRSTLauncher.exe
2014-09-21 23:02 - 2014-09-21 23:11 - 00000088 _____ () C:\Windows\SysWOW64\17204105464515149615.log
2014-09-14 10:30 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
2014-09-13 20:45 - 2014-09-21 23:40 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
2014-09-13 12:25 - 2014-09-13 12:25 - 00000000 ____D () C:\ProgramData\TAkeTheCoupoan
2014-09-21 23:40 - 2014-09-14 10:30 - 00000000 ____D () C:\ProgramData\TakEuThECouPoon
2014-09-21 23:40 - 2014-09-13 20:45 - 00000000 ____D () C:\ProgramData\ReguulaorrDeaiLs
2014-09-21 23:40 - 2014-06-24 10:17 - 00000000 ____D () C:\ProgramData\NettoCoupoN
2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\FunDeals
2014-09-21 23:40 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\DIscounTExtEnsia
2014-09-21 23:40 - 2014-03-20 08:17 - 00000000 ____D () C:\ProgramData\Fuun2SSauve
2014-09-21 23:40 - 2014-02-28 11:52 - 00000000 ____D () C:\ProgramData\DeaalExpress
2014-09-21 23:40 - 2013-10-22 20:55 - 00000000 ____D () C:\ProgramData\SearchNewTab
2014-09-21 23:40 - 2013-10-22 20:53 - 00000000 ____D () C:\ProgramData\DoWanload Keeper

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{306d66a0-0722-11e1-9983-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{306d66a0-0722-11e1-9983-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3beae4fa-0497-11e1-a053-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{3beae4fa-0497-11e1-a053-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3beae500-0497-11e1-a053-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{3beae500-0497-11e1-a053-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3beae509-0497-11e1-a053-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{3beae509-0497-11e1-a053-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5aa6af6e-5c91-11e1-90ba-001e101f7f74}" => Key deleted successfully.
"HKCR\CLSID\{5aa6af6e-5c91-11e1-90ba-001e101f7f74}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64fdec40-d4f7-11e3-b33b-705ab63aebec}" => Key deleted successfully.
"HKCR\CLSID\{64fdec40-d4f7-11e3-b33b-705ab63aebec}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67e6e755-872b-11e3-a8c2-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{67e6e755-872b-11e3-a8c2-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853ed9e4-d34a-11e3-b21a-705ab63aebec}" => Key deleted successfully.
"HKCR\CLSID\{853ed9e4-d34a-11e3-b21a-705ab63aebec}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{853ed9f6-d34a-11e3-b21a-705ab63aebec}" => Key deleted successfully.
"HKCR\CLSID\{853ed9f6-d34a-11e3-b21a-705ab63aebec}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b59071ab-6114-11e1-a249-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{b59071ab-6114-11e1-a249-f07bcb12034a}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3f36799-4022-11e1-975c-001e101f79c9}" => Key deleted successfully.
"HKCR\CLSID\{c3f36799-4022-11e1-975c-001e101f79c9}" => Key not found.
"HKU\S-1-5-21-830790603-1472093841-2811899278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de7707df-139f-11e1-8cb0-f07bcb12034a}" => Key deleted successfully.
"HKCR\CLSID\{de7707df-139f-11e1-8cb0-f07bcb12034a}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\Alena\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Alena\Desktop\LM.bat => Moved successfully.
"C:\Users\Alena\Desktop\FRST.txt" => File/Directory not found.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Alena\Desktop\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Alena\Desktop\adwcleaner_3.310.exe => Moved successfully.
C:\Users\Alena\Desktop\JRT.txt => Moved successfully.
C:\Users\Alena\Desktop\JRT.exe => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Alena\Desktop\FRST3.txt => Moved successfully.
C:\Users\Alena\Desktop\Addition.rar => Moved successfully.
C:\Users\Alena\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\SysWOW64\17204105464515149615.log => Moved successfully.
"C:\ProgramData\TakEuThECouPoon" => File/Directory not found.
"C:\ProgramData\ReguulaorrDeaiLs" => File/Directory not found.
"C:\ProgramData\TAkeTheCoupoan" => File/Directory not found.
"C:\ProgramData\TakEuThECouPoon" => File/Directory not found.
"C:\ProgramData\ReguulaorrDeaiLs" => File/Directory not found.
"C:\ProgramData\NettoCoupoN" => File/Directory not found.
"C:\ProgramData\FunDeals" => File/Directory not found.
"C:\ProgramData\DIscounTExtEnsia" => File/Directory not found.
"C:\ProgramData\Fuun2SSauve" => File/Directory not found.
"C:\ProgramData\DeaalExpress" => File/Directory not found.
"C:\ProgramData\SearchNewTab" => File/Directory not found.
"C:\ProgramData\DoWanload Keeper" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 57 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[vyosek]

Dobre rano

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[olhor]

JJ dekuji mnohokrat. Akorat se mi vypl sam od sebe ntb, doufam ze to s tim nebude mit souvislost.
Jeste jednou dekuji a preji pekny den,
Dan

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat