nainstalovany shopper pro a jina havet

Zpráva

ymo · #1 Příspěvek od **ymo** » 01 říj 2014 21:23

Ahoj, snazil jsem se vsechno odinstalovat, vcetne zakazu pluginu, ale pro jistotu prikladam log pro kontrolu, diky moc:

Logfile of random's system information tool 1.10 (written by random/random)
Run by naši at 2014-10-01 22:16:17
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 190 GB (80%) free of 238 GB
Total RAM: 4094 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:20, on 1.10.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Users\naši\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
C:\Program Files\trend micro\naši.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: d0ac00b04d3e0131269239ed9417a9330048559 - {11111111-1111-1111-1111-110411851159} - C:\Program Files (x86)\Apps Hat\Apps Hat-bho.dll (file missing)
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: YTAHelperBHO - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7474 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\IePluginServices\PluginService.exe -service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1856
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:1816
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --ran-launcher /crash-reporter-parent-id=3464
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=gpu-process --channel="3464.0.969013644\1129042304" --crash-reporter-pid=3356 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17 --gpu-vendor-id=0x1002 --gpu-device-id=0x9442 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.1100 --crash-reporter-pid=3356 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.4.192807329\1367797085" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.5.1377823006\9346098" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.14.1151204481\1547823284" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.15.1011182084\731436586" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=plugin --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --disable-direct-npapi-requests --lang=cs --channel="3464.16.659244092\1356394583" --crash-reporter-pid=3356 /prefetch:-390060480
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.17.152075727\1965750818" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.18.565504178\1122318254" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.20.1735778499\1162660694" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.21.1623778774\1045510778" /prefetch:673131151

"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.22.250260514\310277218" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.23.1643393943\1510114338" /prefetch:673131151
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-781b60ee-ed6c-44ae-b6dd-8a6f3f1b6fb4 -SystemEventPortName:HostProcess-db7276b4-46dd-47f3-ba13-779695818a91 -IoCancelEventPortName:HostProcess-a4594277-f593-4d70-a1d2-8ad29362f4f6 -NonStateChangingEventPortName:HostProcess-bdea8ea8-53de-4950-af40-e64fd5b8e8b2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:87e86204-a6af-452e-99e4-f56730d8c5dd -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\naši\Downloads\HijackThis.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\naši\Downloads\hijackthis.log
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.25.199819135\294053515" /prefetch:673131151
"C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=3356 --device-scale-factor=1 --enable-threaded-compositing --enable-delegated-renderer --channel="3464.26.1259814472\992360294" /prefetch:673131151
"C:\Users\naši\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-1.job - C:\Program Files (x86)\Apps Hat\Apps Hat-codedownloader.exe /rawdata=KfmK0yoeXsD1mzF4+RxuVgKScxomlCFjb1o90mYOW2lQX3lXLzwg3gicZIBheCAVLLdqVALAaG4q66SP5mBXKvX4vQaG4fN9L8NGRrRMVC3MqaIcGlpkdBKDM/axrgoY6j5ttlr2XsgncWiydLyvw3erzedesjg337rCZl/Rt1O5THPP/yoCXL4qRvbJFwv2zQz/jVc94efPkxIifpNkdXyvNTle4tUTLbE4TFaGDMOyeqE6hpAfVnoW9yjOIwOa6Xb7YwG2mDeyeLEcVi3zKB+4pPU6aA77vSsR2Q/z13lb7OywIl2Gwuce11kfPhw7TEOYQh/yY6CqIizOEx4eHRtktZQAI8DXQBBjsKapwZ+ab1q5DnEwSbALF5TTH0Rl5sBq/L/bMdmsJX71EeDHSCt76/1YDm3wwWQKE+fFZoBRXlWYrytnyiNFBql+5/QuMF4XoYhqJmthmGSuY0AtEfpwrFtCSFpbroqEuyG1I5H2XFBD2LfrujoUjkmGOxxLgjiv5aI8zLiaXqwLIxlURo0ysAC7Ad5jOgxdTxZ9pi/MUHjGufjZ5/aIWlj77lB9kAxduJT/1fFNPrbo5hpBwo66n7hzMToXNf+/Yn2MYr6Z6cd9I/w7k1Wbw37rK3iEynIPh67C4nzvrPJuIAldErcXw6qXfxmf5PX7H3D8pbOn3bTydhwEW1VCegqpFXplnNcxEUZKlnCjoxhpXjSJlY1SzvBTM8ZJwYFrXDTX+K6GLE9c+Ux+HMAIpjVZ1jHvreBDLWsFjalS4x1ZWuSDuELbU7sKom892v5wGHA2ttn/T0XtYVUGwkp9Uv7J7yzMvuWcIRV5xQ/Nh+x4rubAFRCZVk+gPEUixFAW5gtEuYsyZ7VmO3Pi2y2IyeIJszWQtRjVQ4PeuC7V6mniBswPznT2l2dtJ8yj1P4aODUCMWmrdQA8dOYRqSLozhyHVcUnEc2JNjj/j/VLlGy+ssJ7PrRzRdY6yIGtOgW44UH++qEEtVqC5osHpIEzNZcQjJU8GPhYzcHoe341gf8CapgBcjTVAvQM2nSrFoghuC9qCdjgNtCyMj0/VdhlngCswyEgqxsGkGoSarCA11iAEqO+Qt1OS/z9WYR0uzz4gSDXNZRFADSr7d51KVn35VUh2U5XbBxqxiS5KJEqGlKRFbE4F6scWzwEy+wHU4tnoelfk1Q142KUhgBWSNy3pFQxBm0jSktvkTas9Wrsl8/HVOnCkE/E5ruxd9B+xXAIJ17dly7iIXZIOIm81eA4ozgi3+M5qokIgvcbSPAEizdjGh9oMAgiGY5sdxjcCn+X/SepUaJFvC2On6TaxCcBr0us/d0uYokzwOh69a+DSpP9ZpQkS1C1Wdq0qc5crY+ZS7ynsKnJArpblqqYUI53Z0RWUzYkjpNOtMlqysK7z0p/EUukVK97rFMwCAsc2L8v8TAYMMwElbqetba4ogFPcB7SJdRV8K04IMClu3ytQ32Nci4V+QX/Ns4OFW1neXSupzrptb+0GiaGbsktZQUIvXWOyy7Y
C:\Windows\tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-2.job - C:\Program Files (x86)\Apps Hat\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-2.exe /rawdata=R4zV3jAYVl0nsm/Dwmdk33nqOuuKKSAsVQFe2718iK1dqY5NbxXjQExYgQ+pqcQe/j1yiQ5WlABRRyxTOAWqyNk5zFB1zIcCOKuJ3YB2bW6exBGPTLQelYMzP0b8DAph0SaNAxGjg2RaNXw6CMi5TBxpC57VZQrCKpJykuHyliKQ5W08160SptRx/TihwP6YPriWvpFSwEbX2S99mKIZwg5lnHqtCKJZOyHbIlCZRw+cDih44R8dUHB7Gb0mHJthTH0i34kSfYEzTsKTb3Glsj0yzmyYwzsBYxCQucLOFAdnVUNzDjf/7TIwXXFCWR6LhzDkyYiH3ENG4WH7Z+YlMV7o4MLMfmbvy3piCP/eawThT09sFk+CN70py0R4hNmzKjCQq9wPEFSP+n7g52mxcC79Rc5zxTQKQ5hhMS8ORuvWLtRIHrBe6hm07vXX1NWFdjUAVkzcTDGis/yftx1bZWjD5I2PQlg5m+/cjXkUcD3lw8nfrkHOmAbH5e6p+AJVv1QgTQav14rH/OTvwdYcHcZl/wScBG49UkMJ6my0p7RyoKkZK7sUn7JNl2HfPqISAJQXQuA45MLcspCsKWVBLx18ZP9/TEOigWHrdtCR7iamIX0Ko7MiSFBLRXCOI3X0cuTG93fETxss93Q65hiNvuqHKUQLe6+8Ygmcuqj5jXeqn7SPN5BmbbZdNT8hoXPZ5dCavliRzezHSBYK33fOueYpsGiPyDcA4eI5C8DPwDCeOGAvLf/lrLSQjm9yuytHz14qBVdb7TS5JkgihYVGysCc785eSlB5x5eweBHU7T1u5uTYnmQRycn4DrRjTkJySdUNyC0CXfmOYqHa1XWfPg==
C:\Windows\tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-4.job - C:\Program Files (x86)\Apps Hat\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-4.exe /rawdata=F7UeaJ0Pqbd0mY3J0mIa7XBRySd+qDi7Uor4ER9YlPahUeBPCYg6NB0/hQ/HwgmBbKAmldqORoI8Zm7zxAVX34hykZKHASxRH8fqNzDJWVHp7lD7DNLOY3yLaIzZ0loJX6qMXB5E1GVflvDWHeEsrtLYW2eXIz4Bqw2ra1bvDj2Td87s/8scieC49ra+aoD6jObg+Xv0X+RdyqHeB5xocyuHtILlClu0YjcH4N6vOzrs6qR2sksqbIvfnV6/RljDK1NiSoISWBcIHWOiTvBTwOdYFeA46zm654ZCloMV4kmOMDZ0b+IIomGqCk0Rq7e+v1J2tl7Huy87838TTvkF5ZuNWc1PXplrCF8nmhvwDooBXSzJu4RbF5zA3APm+2bFAkHRi1TNikKJ1b/ZpMCQAUeIFBTFV3bRlCom2QW9tsRwzFddamqNbCut9WBmSWUh4yXKnS+4Po8nQJfwAGW1PG4MAR/krd8924rfV+rso80eO8zJivdabdiZip9VKtY5gbKdFVBZ4negrLzEGmExrQl6amF/iYb7GH9K8AOz9UtP1kAhBL3+FvHe32Z03Z8NA+aMVyLaig2ldicIEteZnbonabN2hQAAFUqkPBJzV1cLBZ0gr5gxklPjcrR5HEXBsue1GftKXxn6NAiR0UXF6b5A4ZBGZjuCf3Zf52z5wLpsbGmbcDNy1Kh/etwzxuNc3yqSH95VsyDyquYiSO2CmL8MzkIv3xJGjpH1FFRnwNyuVN3DtRQ2YQ4hysei0JxnqaBCFzMb/vU4K0HWBcp2LREN9U2S7on74Wi2F/ziipX5Ymu5ilHeF+jfuuoCk9xUAkU0Lyxifet0dniDK5JruCJURatsot2N91hBmSr+TGJcSGKaWgkFh9BqbdrXDssEpG/1nUYwZKnEDk6r9PG1D4/4yCzNaFxcV4DVXfD6qFcnjWMogL7X8bbfwyCbJpevd77XVaUgofuJyTdT0pLR/iSYzeMhpW7TiYcDtXdflV1Jgjj5HaWvUs0EzF/ngV/phHPeleiBrYAploV2yLNkJIIRwvjsCG0Bwnfu97qM0uad8iyMiHKG7kndCnL4mFJovSOWqQT1YFzqWySkoq6rG7LLe+0wkfkNlXnwbRgFGFVGRKpEA0b16kiFfkEBykBQ7QmJfnn0+8hybx8rUZT0bZNnhIAqRCS31m9kxCZr0DUqKCuqBIQuYZEl/YLZPtKzQ8YKmwQRHshdqc3AlcFc31CjSXaNMq2L7dLOjn/oM3D6fiTMQuwmAQjR5oiaRs9osV25Bm87My5XWhOWmB2gUpj4NrvHuGt7/h+Dy/F4mNEo/ihwb20RGxlmaxvTjaevsS8wYP+5AJZ5TRk2iiGfOQmJoXAJmtUmRxgWVnyHcyI5Vv2NUD8k4C7cgG3jAczyvrDgAnpYAnIHJRL5x0eCrLIDuRDXKTp1Q+EC6SX46Oz6Wtr2YV8k8ARmfP5bLPgc09UWQ5P4Ln28jD8lNaGFDxW9LOt+LzGXqtS+A/iU3sQM/GgLC30e9F6KNhT8lWhCDTiCmUFbI23ng+IzzTGxBcZLoGKHB/AuNPijmIybIDJBNIuybeOB+Mmm/0+SP42B6QgpwIXovYyJ7ljy856trSGmpodjOoptdmWDP07kvaII9o+WyeuvnslD49E1shZGal0U8HzRqaBoQuKR2nIUCeSE7HemviULeyZ/be7ga1OZo/sc9zAtdCBIbQupGZjdUN43yCjoQFQaA86L7FyEIP+XrDtN3n3TrtRHWeAWOABIDz8lFDDmAELFSiDGGMywpxx6i/yMAGXOA77RUjDHPFDuLqtt0Z1scoKeJ2vuAainYPx/98JfoNBiIMCnkVm8QIBalKKDxeCwQ+F4YjxI3I88qfMXJ7WpgzE6DehJYbg8N8edZjggnXM2BdWlaNoV+PfWI8iWTAFUEeUeJ6/o/cGWHDziLX7Z8IM/8PrSTXx8+o7xBE3LTNqqk25GcFirUA2Zga2n2GTI/BSH6FXMAmv+PcRf46zLo2gAv3w0npDLrKp1U5Nb3+Sl9c4uTRwdXi8AmZFSpUWzDIDvzFJD0FWWBoNqLyhuW/qpW/y8pJnE19c3yfJGb/2z84nqLwc+SjtAe/cTG9EAo2YoVFprkX1wR60lZPWsW26qdINOBMl8ODqBWn7eKOk1ZxLkiiSGHYat9fOIBAOkWHvKhLX28POu+3wd4UNndKb8AQndy+u5DK6AO57Fs1USik8HKUXmHBvLstVXlLpkvYEDMkznO0XgMH1kVJoxASbXc20vU/yfYSqyZLvbvQDwW5zL1a+wQd9Yb6FiCUmfInLjVZuEbRDpxypP73R+kTiIWpGOLKbvMvlgIg688+nm0/vjytI6+MJXqOXBbB5JP+6Ck79hoA==
C:\Windows\tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5.job - C:\Program Files (x86)\Apps Hat\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5.exe /rawdata=ci5FZ7cuFbJHivcNjFF2IQMZ8Y6LHRazGkXkzsS5w2fVwDUIkGFie6bduZTE+A2OeibvuKkRUitJg/feklgxcC9+vDKrnrSsds4l4KiQ5WVxqZppoqBXLjrW+x9JrJhPWd6didnghJ0ar5ySo9n4kDaXYae3eTQBbusBAq2zBJtiu0gF34+4E9wZpJzHvUfIfiQ1LxOzHUHzl1vXZHD+8lNNZtB1CGttRVudOEcwJJ6ksyjpgFGB8Xj0BPOAlEtLoOwzKUHC+rp6kB0qZpxSpsakwiaJLReYa/f8UYLLh7qyyTEuCNeoQmEVmUnY4RnKo4hrS7/36MRpfOkKYQjPw4SU3YIhuySIje86wYkYsrbE3Z6xdaAdmte3FEWR8q/sFj2Itxv785TSOwZJCLFZcTup/wg3PK43FUfsfV0zfvPt36IsXIVKtgUH8LYRtWGZIU69NlywCmhKkv9E8Bas1GhH4Sl5lm/JMlYrYPBJbou+u1uV+PGHgIHwR1WI0Xb9epQSOF2Ei3E83ZrqCVcLX0h/pUQbpK13+C5Q4Wl18eItGqRnYh7ookDxKhxoljmWf7i2Ue/pBMrzbv7IkFXks3vQPwdzI3z+katICNP1Kw1ZQz4d7ma5as9Cqh5FUjzklFdVJw4ABfMMTXISKFIhCuAglqjrkxWLwvOKf8SHOPcs7q164gFPlGEq5t86YZeFovgO0z9ZtLsIWAUIXZEVFmin97iyI1hXnXFIGWejk6vGhZZz9/Fqoh1sp4uJ1l/mFp9XSYKNBApwzYq61QQMypRkxLqnEUbFJKh12kxRV2jeI5+8Kh2vcOhJaFDdvdcSt9E0Xyas9kM+mAJrPgxoDZIz62o5DmM6jaCSDNyDAoaLWfdxPSqC9V0IFXypVO3FWfe1EI+BHN3dwtfw/Ky4NTju7gcca30Q/hoxojZr9svVCVqvilpRBN61YGxfGwzMti4kZ6i2LeDmWDXdUWcoMjNmGeLB8n2cK3dWCi+26wmiMckd5sdOdpo1lLjWEvJI
C:\Windows\tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5_user.job - C:\Program Files (x86)\Apps Hat\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5.exe /rawdata=ci5FZ7cuFbJHivcNjFF2IQMZ8Y6LHRazGkXkzsS5w2fVwDUIkGFie6bduZTE+A2OeibvuKkRUitJg/feklgxcC9+vDKrnrSsds4l4KiQ5WVxqZppoqBXLjrW+x9JrJhPWd6didnghJ0ar5ySo9n4kDaXYae3eTQBbusBAq2zBJtiu0gF34+4E9wZpJzHvUfIfiQ1LxOzHUHzl1vXZHD+8lNNZtB1CGttRVudOEcwJJ6ksyjpgFGB8Xj0BPOAlEtLoOwzKUHC+rp6kB0qZpxSpsakwiaJLReYa/f8UYLLh7qyyTEuCNeoQmEVmUnY4RnKo4hrS7/36MRpfOkKYQjPw4SU3YIhuySIje86wYkYsrbE3Z6xdaAdmte3FEWR8q/sFj2Itxv785TSOwZJCLFZcTup/wg3PK43FUfsfV0zfvPt36IsXIVKtgUH8LYRtWGZIU69NlywCmhKkv9E8Bas1GhH4Sl5lm/JMlYrYPBJbou+u1uV+PGHgIHwR1WI0Xb9epQSOF2Ei3E83ZrqCVcLX0h/pUQbpK13+C5Q4Wl18eItGqRnYh7ookDxKhxoljmWf7i2Ue/pBMrzbv7IkFXks3vQPwdzI3z+katICNP1Kw1ZQz4d7ma5as9Cqh5FUjzklFdVJw4ABfMMTXISKFIhCuAglqjrkxWLwvOKf8SHOPcs7q164gFPlGEq5t86YZeFovgO0z9ZtLsIWAUIXZEVFmin97iyI1hXnXFIGWejk6vGhZZz9/Fqoh1sp4uJ1l/mFp9XSYKNBApwzYq61QQMypRkxLqnEUbFJKh12kxRV2jeI5+8Kh2vcOhJaFDdvdcSt9E0Xyas9kM+mAJrPgxoDYarwpGACy+zY093Wh3zNrP/i24+zEhf84yulDx1caFuJt06SlfR5Jov0ae3RNwZsr349Y75OIbFAAn2g5vHhK9mnSD5FKASwtpnPjSW4QAmr2HRRY4Yot8zr7FV2EpFWofpcaGpJQHm5XtbkhYIOnkWMPAy2FYVN/p4TgiqOmdt
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job - C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe -install
C:\Windows\tasks\d3e5ca24-558f-4581-a8e2-2e9c5b3052aa-11.job - C:\Program Files (x86)\iWebar\d3e5ca24-558f-4581-a8e2-2e9c5b3052aa-11.exe /rawdata=n5etkSywE+5e7DUULQZ5FompTTc9+sWVCEM0Y/XYXSoGcWOOOK5ozK/t3nyTNzFV4DwLoc3zJioHc/Y43hJF88ZWCNU6KMPOqHqdZjlb3+u4ThsPkKoeo7hGX++B8D0T6r7czePeHUwscCSZxwhBUah6k0urnECBqKmdcA4BwKW3vM8K+BgGsT3da3xZiucaWZKhlgJLDIax+IC+smqAvbZKaJLk7hevja+wiyLL5fmSfYZCecGDtG0Wzjfiaq+oRT0N0xUbh4OqRLxdxZo5zHSYa/m4EYMjfe7Ejtm+IYGfoZOjrtbKrYqLPK/HWfjvFgMc6iYTd/y54JniD4Z53o3UGU3fkebDXNw//Frzro07I0/6kmQpaG+AjR+p0aY5nF8wAL8FBf3tAA+eZJP8qnV1kGqve1TppeaGVfYsRHMzu2Q12zY2DgFx9foZpFJLSNZK8tCs0uGb4TIK1mWt6zUpS+fFgJYV0ZDY9zbUxrEPSakNBDeUS/bREseWZylmxl2o557FiKTOA9kVQ7LTjG1N0y+ab6SGwY6m/WHqtSFLrEBDUGZ+p8RyDtQcfzCwzxjJYqMfQrfhNN8a7A+Qfug13Bx5IFHBz52xlUv5ozNMQ5FaTm80H0Dmjcv+24q96t8lUWd0Bi0vw5Fy3g9FugDtwbSvHDj6056IvxM4P9OxSVwJnFXs2apdzeL6SIum4EtjketUiWkGZfqPKF53F8/s+0p+ykluNE0zv5ZGyGEAJEXMGtWdDe99RJuFklpmhIt3lKJu2EUx/wl/XKxFhsYdcWQ7rgo4HwabEx6mIkWeUETrRidl9Wz7CkBdiBcSSwipmol5XK3d5sWvc5IUTGFx7sUkUzCuwjVsdMDlcTEsCHHZS2ctEk9RjAuvhv0O4dFFoL4kc/XHbVdRFgFzm+ZOp6FXKMocA/s+OzKSynjYqcVXdG9DHgKhP2EQdaBH7wXrplD7HSp01eOJzOkTv5paymuaYQ0uFNVdkJR/zu0aR2Skl/9ltcSuzhcF8LF4mtc/X5Vx7sjWIVRH4/3RGGx1euGSdWJ7+yH2UBSam4azVUkVQpoQ3tCsdGd5eQrvO+kKLJpFUck5VP+HgGCu2Fa1Wd8tIhddMhu7Tn06aoD8QyuUUx0iVrSkLiZHJtXf9eDdGbKGvCoZPSjQxo1aBf4F6BhfjT3jOoiWscGkY2APOqaUYCq5EuMvwPi6TB9yRfqC89HwbasnTVsQGgRXA5710Spm4nJ0MeP26QUmIlGRsonNqqxv7mpTR7TKXdQYfZ5pSLJmWxAnJFRxN/yJriZy/SqfZgTpC7bFg+91A61Sd0saLw/Ou/1B49kly36XhOadMNWlVOs8ldTZyUd0O1k7pM2yOKLsdRYAwzhB2LAWWFyIT91eao4KZ2h2IElkE+O1/P9ENIYRRHv/2oeHKQrDmdf7rJPNJ5ioHiZebhWqCmb9Pi2cZ6cd3CgGIxHGGQzstdACmLM6f2fhh84FQMcb3EtWN810r0q54suV0JqNsI49VwPgq+IZKZjSFymwDMQ4h9nAI+Hfy2Y/qGLxSm1hASw/uCezv8Pt85kl6Dqkv8z61dlpAeYwRiXvRs3TYSiX/INWUqKseTwhWGJjiwHl3oUGoq55OcgzYtM2qXaZtioFfcdAU8ULsr8k6MmWpK4gfs/2SVH7FLNMD9QJClPJxsv+AmyaELetcNIDS5eiTPAb0JGVzMz8KRvuf8g7Y9rEjjr9JbwTk3O4rjV5/4Pnwnsj5Tm+TheI8/usYh/OYnd2wSHHtO8VzjohS67wY4+GkXZZoKy51WyJ7f2liN6M7ZwMq5CDm6+cJzRScJmeXzIp7lZZJNHPSruaYyb0OQkR48lQytKYIvk1cP8Ina1P0gP1VD9zPslM1S3Jf12NLPzjMB7ayCo5wzOlnvPmBoRJdTs0dSt+KzMpHePUE7oUdzbDfyq6MVyLtK+uWxK/1DxRVS0wmM2yZlZ8KrSCVIWC2S46Q44uuL4/rKeua2F7AAElLDqcA1bMY7W+doCt9gZjqXk7lvvnXiheVDiIG4lzV4M5TMOYB/q17VOGyXcE5vq5t+8yFLcFU/6plqx6p0kKg9OpsCnbzfBxV2c4HrWgECBU6uKgCDT609f5lbEQnxYlHDKkLOm90dhGL5aNo4ZGD53GHDNvUJd2bkbZGRiHOnse/XUzlRNpDeuLaXCsX+HMTnlUs3NJieYmoN8nydzk686LcT2vVAg8FAF/DFZnHBSt50pO53v+Akgz/+1TC9d8Rex5w3Y70nQzsEVevIK//+BKFJ03gFK4Dfp8NUcmoziyxBVJIerow4dpAIAsd7op06g4qjYDfCNZLqBp/ASAyrHTsGHkZ2J45y0gbw7gPgHsEc0NZeZWG3iZZ28gV55B5qofB8NMrOIBzraAm0ZUP4QoKszYHrHZQHjb6w80bGtGHGTtN0f3lrtEBaeTOi0uKCNRtFcKPTpsqM5qcHzhzuS+9/tvmMjCe0k5agbgsNDumhhahS18Ibg75RRYuUdBFK4r0GUwrlv3TQGA8NfXUf72OAx7qP+6KqNf
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\MFZWJ.job - C:\Users\na�i\AppData\Roaming\MFZWJ.exe /infocmdline=SXx4TGPymErWQBubtYA3iJBLaCY6pirT7KRBQ0QdwQg3yqvWWfelTUs7l1ip9ffaR2Qm1rJE8rcuacu2KueFBm2hjl1yeSTMlHj4GLYc3rCgUvGvr4xs6CeM72oVQSPv8v+xWrFZugWz1EcE+zlCQsSI9Y2og54HFxeMVn+znQFORNZaR/yNWtP57zx9m/zMFYYC2M39nKbEIckt2qt44ytNmt0WwdXiHdG1ZbEMrg3jsUf3nU+4ObWTwOQCxGG5sPW5PQ8iHQXe7kJSrCA0+tFODoC0v1tCm6jVZok8FRMPD8b/5ch+0pyFEmsV4J2Du5APXswjkdHP9E3vzRvpgSUgx9pTrmUt+9U2W0hMJWl0369niOgyOo7eaKNRUM6GgN1zOdz2uwUiFhMGzXUu6ctJryUtIDAu5kIT8vwUTQVkYo98LgYBmsAv6nkYLhKYVwFrQ/XQ1qT7ZDi+1Pm4RVMwT62ijaENMcwqyGpvfijV64cTq2hseeuBNvTrnb+M
C:\Windows\tasks\THAGUQRU.job - C:\Users\na�i\AppData\Roaming\THAGUQRU.exe /infocmdline=Qfw3Yosw65XpD88kKlWtn6dxVD86E3HF45ebJS/5Xa3n+bCT2NuMGqi5kc4IH9qDsUzZUUcrdLAeSz2coJkvJmOiyVbg00nln8mk3q508h8ICgmEtncXtxdbeGygffR18J1ush5KrFQ3ME/RHr8uVilwgMxIa+QyM2MsCF873kAvjx/zHZqwnCq0ZwoahYZ+J+c+4HXHcyw0NwITqb1Rx5NMFT44d03m7wYXCkH6aA73XeH+ppuFT1/8pRN0bAfrbFA+fcPH3v0Fjonq4rE6q1oHiY0IioC1jk2/P/gho3z/NU2I4eYID8ejgEK5P4CR5Z0OUG2Swwk/+bGTFJ7AFyL7lkAbFyHGy+bgIMGwDrzc7cSKQAjFjwa+ot2y3P0ibckKKtYB7FQc6Sgkv4mbV581HnzN2vIulYuuORfGC/mOMlv+8Hcwg9itNI0zSR8jEG/5NvSHuuhP2qkph644zCm8FbTvM6UBNTZranlQY9EhyZ2bQeJ1sKZzKHKI9WM+sZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}]
Apps Hat - C:\Program Files (x86)\Apps Hat\Apps Hat-bho64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}]
Apps Hat - C:\Program Files (x86)\Apps Hat\Apps Hat-bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-04-24 12480616]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-10-01 22:16:17 ----D---- C:\rsit
2014-10-01 22:16:17 ----D---- C:\Program Files\trend micro
2014-10-01 21:53:16 ----D---- C:\Program Files (x86)\globalUpdate
2014-10-01 21:53:03 ----D---- C:\Program Files (x86)\iWebar
2014-10-01 21:20:11 ----AD---- C:\ProgramData\TEMP
2014-10-01 21:17:43 ----D---- C:\ProgramData\IePluginServices
2014-10-01 21:17:38 ----D---- C:\ProgramData\WindowsMangerProtect
2014-10-01 20:56:11 ----D---- C:\Users\naši\AppData\Roaming\Ubisoft
2014-10-01 20:48:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-10-01 20:06:37 ----D---- C:\Users\naši\AppData\Roaming\GHISLER
2014-10-01 20:06:37 ----D---- C:\totalcmd
2014-10-01 20:01:42 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2014-10-01 20:01:42 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2014-10-01 20:01:42 ----A---- C:\Windows\system32\d3dx10_40.dll
2014-10-01 20:01:42 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2014-10-01 20:01:41 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2014-10-01 20:01:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2014-10-01 19:48:15 ----D---- C:\posta
2014-10-01 19:38:13 ----D---- C:\Users\naši\AppData\Roaming\Windows Live Writer
2014-10-01 19:36:31 ----D---- C:\Users\naši\AppData\Roaming\TuneUp Software
2014-10-01 19:33:31 ----D---- C:\Windows\cs
2014-10-01 19:33:01 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-01 19:32:21 ----D---- C:\Program Files\Windows Live
2014-10-01 19:32:17 ----D---- C:\Windows\PCHEALTH
2014-10-01 19:31:58 ----D---- C:\Program Files (x86)\Windows Live
2014-10-01 19:28:17 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-10-01 19:25:00 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-10-01 19:15:43 ----D---- C:\Users\naši\AppData\Roaming\Macromedia
2014-10-01 19:11:09 ----D---- C:\Users\naši\AppData\Roaming\Opera Software
2014-10-01 19:10:20 ----D---- C:\Users\naši\AppData\Roaming\Adobe
2014-10-01 19:10:11 ----D---- C:\Users\naši\AppData\Roaming\Identities
2014-10-01 19:10:06 ----SD---- C:\Users\naši\AppData\Roaming\Microsoft
2014-10-01 19:10:06 ----D---- C:\Users\naši\AppData\Roaming\Media Center Programs
2014-09-30 15:13:29 ----D---- C:\Program Files (x86)\Microsoft Security Client
2014-09-30 15:13:27 ----D---- C:\Program Files\Microsoft Security Client
2014-09-30 13:48:30 ----D---- C:\Games
2014-09-23 13:41:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-09-23 13:41:39 ----A---- C:\Windows\system32\ieui.dll
2014-09-23 13:41:38 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-09-23 13:41:38 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-09-23 13:41:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-09-23 13:41:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\jscript9diag.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\ieUnatt.exe
2014-09-23 13:41:37 ----A---- C:\Windows\system32\iernonce.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\dxtrans.dll
2014-09-23 13:41:37 ----A---- C:\Windows\system32\dxtmsft.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-09-23 13:41:36 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-09-23 13:41:36 ----A---- C:\Windows\system32\vbscript.dll
2014-09-23 13:41:36 ----A---- C:\Windows\system32\msrating.dll
2014-09-23 13:41:36 ----A---- C:\Windows\system32\mshtmled.dll
2014-09-23 13:41:36 ----A---- C:\Windows\system32\msfeeds.dll
2014-09-23 13:41:36 ----A---- C:\Windows\system32\jsproxy.dll
2014-09-23 13:41:35 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-09-23 13:41:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-09-23 13:41:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-09-23 13:41:35 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-09-23 13:41:35 ----A---- C:\Windows\system32\iesetup.dll
2014-09-23 13:41:35 ----A---- C:\Windows\system32\iedkcs32.dll
2014-09-23 13:41:35 ----A---- C:\Windows\system32\ie4uinit.exe
2014-09-23 13:41:34 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-09-23 13:41:34 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-09-23 13:41:34 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-09-23 13:41:34 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-09-23 13:41:34 ----A---- C:\Windows\system32\mshtml.dll
2014-09-23 13:41:34 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-09-23 13:41:34 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-09-23 13:41:34 ----A---- C:\Windows\system32\ieapfltr.dll
2014-09-23 13:41:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-23 13:41:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-09-23 13:41:32 ----A---- C:\Windows\system32\wininet.dll
2014-09-23 13:41:32 ----A---- C:\Windows\system32\iertutil.dll
2014-09-23 13:41:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-09-23 13:41:31 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-09-23 13:41:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-09-23 13:41:31 ----A---- C:\Windows\system32\urlmon.dll
2014-09-23 13:41:31 ----A---- C:\Windows\system32\jscript9.dll
2014-09-23 13:41:30 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-09-23 13:41:29 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-09-23 13:41:29 ----A---- C:\Windows\system32\ieframe.dll
2014-09-23 12:50:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-09-23 12:50:53 ----A---- C:\Windows\system32\lsasrv.dll
2014-09-23 12:50:53 ----A---- C:\Windows\system32\kerberos.dll
2014-09-23 12:50:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-09-23 12:50:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-09-02 19:49:55 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-09-02 19:49:55 ----A---- C:\Windows\system32\win32k.sys
2014-09-02 19:49:55 ----A---- C:\Windows\system32\gdi32.dll
2014-09-02 19:44:02 ----A---- C:\Windows\system32\wups2.dll
2014-09-02 19:44:02 ----A---- C:\Windows\system32\wucltux.dll
2014-09-02 19:44:02 ----A---- C:\Windows\system32\wuaueng.dll
2014-09-02 19:44:02 ----A---- C:\Windows\system32\wuauclt.exe
2014-09-02 19:43:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-09-02 19:43:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-09-02 19:43:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-09-02 19:43:54 ----A---- C:\Windows\system32\wups.dll
2014-09-02 19:43:54 ----A---- C:\Windows\system32\wudriver.dll
2014-09-02 19:43:54 ----A---- C:\Windows\system32\wuapi.dll
2014-09-02 19:43:48 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-09-02 19:43:48 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-09-02 19:43:48 ----A---- C:\Windows\system32\wuwebv.dll
2014-09-02 19:43:48 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2014-10-01 22:16:17 ----RD---- C:\Program Files
2014-10-01 22:15:42 ----D---- C:\Windows\Temp
2014-10-01 22:09:12 ----D---- C:\Windows\System32
2014-10-01 22:09:12 ----D---- C:\Windows\inf
2014-10-01 22:09:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-01 21:56:36 ----D---- C:\Windows\system32\config
2014-10-01 21:53:40 ----SHD---- C:\Windows\Installer
2014-10-01 21:53:39 ----RD---- C:\Program Files (x86)
2014-10-01 21:53:17 ----D---- C:\Windows\Tasks
2014-10-01 21:53:17 ----D---- C:\Windows\system32\Tasks
2014-10-01 21:41:51 ----D---- C:\Windows\SysWOW64
2014-10-01 21:40:45 ----HD---- C:\ProgramData
2014-10-01 21:37:14 ----HD---- C:\Windows\system32\GroupPolicy
2014-10-01 21:37:14 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-10-01 21:37:13 ----D---- C:\Program Files\Common Files
2014-10-01 20:55:00 ----D---- C:\Windows\Microsoft.NET
2014-10-01 20:54:12 ----RSD---- C:\Windows\assembly
2014-10-01 20:52:09 ----SHD---- C:\System Volume Information
2014-10-01 20:02:02 ----D---- C:\Windows\winsxs
2014-10-01 19:33:31 ----D---- C:\Windows
2014-10-01 19:32:23 ----SD---- C:\ProgramData\Microsoft
2014-10-01 19:32:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-10-01 19:28:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-10-01 19:28:50 ----D---- C:\Windows\system32\cs-CZ
2014-10-01 19:25:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-01 19:25:02 ----D---- C:\Windows\system32\en-US
2014-10-01 19:21:03 ----D---- C:\Windows\Prefetch
2014-10-01 19:10:09 ----SHD---- C:\$Recycle.Bin
2014-10-01 19:10:06 ----RD---- C:\Users
2014-09-30 18:44:59 ----D---- C:\Windows\system32\catroot
2014-09-30 18:07:44 ----D---- C:\Windows\rescache
2014-09-30 15:13:31 ----D---- C:\Windows\system32\drivers
2014-09-30 13:48:50 ----D---- C:\Program Files (x86)\Opera
2014-09-23 13:55:27 ----D---- C:\Program Files\Internet Explorer
2014-09-23 13:55:26 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-23 13:43:19 ----D---- C:\Windows\SYSWOW64\directx
2014-09-23 13:42:05 ----D---- C:\Windows\system32\catroot2
2014-09-23 13:10:59 ----D---- C:\Windows\system32\MRT
2014-09-23 13:10:57 ----A---- C:\Windows\system32\MRT.exe
2014-09-23 12:57:00 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-22 08:42:39 ----N---- C:\Windows\system32\MpSigStub.exe
2014-09-02 20:00:40 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-09-19 123704]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 MxEFUF;Matrox Extio Upper Function Filter; C:\Windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-29 359936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-04-08 94720]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-04-24 4028520]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2014-04-09 2472136]
R3 pimou;Pluralinput Mouse 0.8.6; C:\Windows\system32\DRIVERS\pimou.sys [2014-01-13 23608]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-04-14 931544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
R3 ZCLDRV;ZCL Service; C:\Windows\system32\DRIVERS\ZclDrv64.sys [2013-06-27 71680]
S0 amdkmafd;AMD Audio Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmafd.sys [2013-03-14 21600]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-29 238080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-09-24 705416]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2014-10-01 528896]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-01 68608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-01 68608]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-19 111616]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-18 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 01 říj 2014 21:38

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

ymo · #3 Příspěvek od **ymo** » 02 říj 2014 10:01

Dekuji za odpoved

Zde jsou dalsi logy:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.5 (10.01.2014:2)
OS: Windows 7 Professional x64
Ran by naçi on źt 02.10.2014 at 10:50:14,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411851159}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422852259}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455855559}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466856659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444854459}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411851159}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422852259}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455855559}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466856659}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444854459}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455855559}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466856659}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444854459}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411851159}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411851159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455855559}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466856659}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444854459}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 02.10.2014 at 10:51:55,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.311 - Report created 02/10/2014 at 10:56:36
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : naši - TOM-PC
# Running from : C:\Users\naši\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices
Service Deleted : WindowsMangerProtect

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\iWebar
Folder Deleted : C:\Users\naši\AppData\Local\globalUpdate
Folder Deleted : C:\Users\NAI~1\AppData\Local\Temp\PodoWeb
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Public\Documents\YTAHelper

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-1
Task Deleted : a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-2
Task Deleted : a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-4
Task Deleted : a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5
Task Deleted : d3e5ca24-558f-4581-a8e2-2e9c5b3052aa-11

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [9484 octets] - [02/10/2014 10:55:34]
AdwCleaner[S0].txt - [8696 octets] - [02/10/2014 10:56:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8756 octets] ##########

ymo · #4 Příspěvek od **ymo** » 02 říj 2014 10:04

Ješteě jedna věc v IE stále vidím doplněk Apps Hat jako povolený, ale nejde zakázat (zakázal jsem ho úspěšně včera), v Opeře už nevidím nic. Díky.

Tak zakázat se mi ho už podařilo, jen nevím jestli je dobře, že v seznamu dopňků stále figuruje?

#5 Příspěvek od **vyosek** » 02 říj 2014 10:32

Jeste taky nekoncime

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

ymo · #6 Příspěvek od **ymo** » 02 říj 2014 10:49

Dobře

Log ze Zoek:

Zoek.exe v5.0.0.0 Updated 30-09-2014
Tool run by naçi on źt 02.10.2014 at 11:37:13,21.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NAI~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2.10.2014 11:38:45 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted
C:\Users\NAI~1\AppData\Local\Installer deleted
C:\Users\NAI~1\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat deleted
C:\Windows\Tasks\a4aaf92a-33e2-41f5-82e9-aab6fb67c8a5-5_user.job deleted

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{88DED3AA-AF33-41F8-8C5C-08E9046CDE0E}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{88DED3AA-AF33-41F8-8C5C-08E9046CDE0E} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\NAI~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NAI~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tom\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=8 2274060 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tom\AppData\Local\Temp emptied successfully
C:\Users\NAI~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\NAI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\NAI~1\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted

==== EOF on źt 02.10.2014 at 11:47:04,40 ======================

#7 Příspěvek od **vyosek** » 02 říj 2014 13:13

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

ymo · #8 Příspěvek od **ymo** » 02 říj 2014 13:59

FRST nize, je treba dodat i ten additon log?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01
Ran by naši (administrator) on TOM-PC on 02-10-2014 14:55:19
Running from C:\Users\naši\Desktop
Loaded Profile: naši (Available profiles: tom & naši)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(forum.viry.cz) C:\Users\naši\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKU\S-1-5-21-2938021315-1129681201-3942426646-1003\...\MountPoints2: {ef03ef88-4985-11e4-ac8d-806e6f6e6963} - E:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {88DED3AA-AF33-41F8-8C5C-08E9046CDE0E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {88DED3AA-AF33-41F8-8C5C-08E9046CDE0E} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [23608 2014-01-13] (Christian Gulden)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
R3 ZCLDRV; C:\Windows\System32\DRIVERS\ZclDrv64.sys [71680 2013-06-27] (TechnoScope Co., Ltd.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 14:52 - 2014-10-02 14:55 - 00007226 _____ () C:\Users\naši\Desktop\FRST.txt
2014-10-02 14:52 - 2014-10-02 14:55 - 00000000 ____D () C:\FRST
2014-10-02 14:50 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Desktop\FRSTLauncher.exe
2014-10-02 14:49 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Downloads\FRSTLauncher.exe
2014-10-02 14:49 - 2014-10-02 14:48 - 02108928 _____ (Farbar) C:\Users\naši\Desktop\FRST64.exe
2014-10-02 14:48 - 2014-10-02 14:48 - 02108928 _____ (Farbar) C:\Users\naši\Downloads\FRST64.exe
2014-10-02 13:55 - 2014-10-02 13:55 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Wargaming.net
2014-10-02 12:02 - 2014-10-02 12:04 - 00002480 _____ () C:\Windows\logboot_02.10.2014.tureg.log
2014-10-02 11:46 - 2014-10-02 14:43 - 00000280 _____ () C:\Windows\setupact.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00001056 _____ () C:\Windows\PFRO.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 11:45 - 2014-10-02 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-02 11:38 - 2014-10-02 11:47 - 00006273 _____ () C:\zoek-results.log
2014-10-02 11:37 - 2014-10-02 11:44 - 00000000 ____D () C:\zoek_backup
2014-10-02 11:36 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Desktop\zoek.exe
2014-10-02 11:35 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Downloads\zoek.exe
2014-10-02 11:34 - 2014-10-02 11:34 - 00000000 ____D () C:\Users\naši\AppData\Roaming\LibreOffice
2014-10-02 11:31 - 2014-10-02 11:31 - 00000646 _____ () C:\Users\Public\Desktop\Total Commander 64 bit.lnk
2014-10-02 11:31 - 2014-10-02 11:31 - 00000000 ____D () C:\totalcmd
2014-10-02 11:31 - 2014-10-02 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-10-02 11:26 - 2014-10-02 11:28 - 12803407 _____ () C:\Users\naši\Downloads\tcm-setup.exe
2014-10-02 11:21 - 2014-10-02 11:21 - 00000928 _____ () C:\Users\naši\Desktop\PDF-Viewer.lnk
2014-10-02 11:21 - 2014-10-02 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-10-02 11:21 - 2014-10-02 11:21 - 00000000 ____D () C:\Program Files\Tracker Software
2014-10-02 11:18 - 2014-10-02 11:18 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-10-02 11:18 - 2014-10-02 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-10-02 11:17 - 2014-10-02 11:18 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-10-02 11:16 - 2014-10-02 11:16 - 00010568 _____ () C:\Users\naši\Documents\cc_20141002_111619.reg
2014-10-02 11:13 - 2014-10-02 11:13 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-02 11:13 - 2014-10-02 11:13 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-02 11:13 - 2014-10-02 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-02 11:13 - 2014-10-02 11:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-02 11:11 - 2014-10-02 11:12 - 04964488 _____ (Piriform Ltd) C:\Users\naši\Downloads\ccsetup418.exe
2014-10-02 10:55 - 2014-10-02 10:56 - 00000000 ____D () C:\AdwCleaner
2014-10-02 10:50 - 2014-10-02 10:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-02 10:49 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Desktop\adwcleaner_3.311.exe
2014-10-02 10:49 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Desktop\JRT.exe
2014-10-02 10:47 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Downloads\adwcleaner_3.311.exe
2014-10-02 10:46 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Downloads\JRT.exe
2014-10-01 22:16 - 2014-10-01 22:24 - 00000000 ____D () C:\Program Files\trend micro
2014-10-01 22:16 - 2014-10-01 22:16 - 00000000 ____D () C:\rsit
2014-10-01 22:15 - 2014-10-01 22:15 - 01222144 _____ () C:\Users\naši\Downloads\RSITx64.exe
2014-10-01 22:05 - 2014-10-01 22:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\naši\Downloads\HijackThis.exe
2014-10-01 21:25 - 2014-10-01 21:25 - 00003210 _____ () C:\Windows\System32\Tasks\{3DE06A8E-15FB-4D3F-BCEC-20BFF356AD09}
2014-10-01 21:22 - 2014-10-01 21:22 - 00003138 _____ () C:\Windows\System32\Tasks\{55AAAAC4-EB69-4B5F-B356-C584A316B808}
2014-10-01 21:22 - 2014-10-01 21:22 - 00002083 _____ () C:\Users\tom\Desktop\AppsHat.lnk
2014-10-01 21:20 - 2014-10-01 21:41 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-01 21:01 - 2014-10-01 20:54 - 00000216 _____ () C:\Users\naši\Desktop\Anno 1404 - Benátky.lnk
2014-10-01 21:00 - 2014-10-01 21:00 - 00000000 ____D () C:\Users\naši\Documents\ANNO 1404 Benátky
2014-10-01 21:00 - 2014-10-01 21:00 - 00000000 ____D () C:\Users\naši\Documents\Anno 1404
2014-10-01 20:57 - 2014-10-01 20:57 - 00000196 _____ () C:\Users\naši\Desktop\Anno 1404.lnk
2014-10-01 20:56 - 2014-10-01 21:01 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Ubisoft
2014-10-01 20:48 - 2014-10-01 20:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-01 20:08 - 2014-10-01 20:08 - 00000000 ____D () C:\Users\naši\AppData\Local\GHISLER
2014-10-01 20:06 - 2014-10-02 11:31 - 00000000 ____D () C:\Users\naši\AppData\Roaming\GHISLER
2014-10-01 20:01 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-10-01 20:01 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-10-01 20:01 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-10-01 20:01 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-10-01 20:01 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-10-01 20:01 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-10-01 19:51 - 2014-10-01 19:51 - 00000000 __SHD () C:\Users\naši\AppData\Local\EmieUserList
2014-10-01 19:51 - 2014-10-01 19:51 - 00000000 __SHD () C:\Users\naši\AppData\Local\EmieSiteList
2014-10-01 19:48 - 2014-10-02 13:27 - 00000000 ____D () C:\posta
2014-10-01 19:38 - 2014-10-01 19:52 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Windows Live Writer
2014-10-01 19:38 - 2014-10-01 19:38 - 00000000 ____D () C:\Users\naši\AppData\Local\Windows Live Writer
2014-10-01 19:36 - 2014-10-01 19:36 - 00000000 ____D () C:\Users\naši\AppData\Roaming\TuneUp Software
2014-10-01 19:33 - 2014-10-01 19:33 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-10-01 19:33 - 2014-10-01 19:33 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-10-01 19:33 - 2014-10-01 19:33 - 00000020 _____ () C:\Windows\ĚúĄ
2014-10-01 19:33 - 2014-10-01 19:33 - 00000000 ____D () C:\Windows\cs
2014-10-01 19:33 - 2014-10-01 19:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-10-01 19:32 - 2014-10-01 19:32 - 00001458 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-10-01 19:32 - 2014-10-01 19:32 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-01 19:32 - 2014-10-01 19:32 - 00000000 ____D () C:\Program Files\Windows Live
2014-10-01 19:31 - 2014-10-01 19:32 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-10-01 19:28 - 2014-10-02 14:28 - 01555016 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-01 19:15 - 2014-10-01 19:15 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Macromedia
2014-10-01 19:14 - 2014-10-01 19:37 - 00000000 ____D () C:\Users\naši\AppData\Local\Windows Live
2014-10-01 19:11 - 2014-10-01 19:11 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Opera Software
2014-10-01 19:11 - 2014-10-01 19:11 - 00000000 ____D () C:\Users\naši\AppData\Local\Opera Software
2014-10-01 19:10 - 2014-10-02 12:22 - 00000000 ____D () C:\Users\naši
2014-10-01 19:10 - 2014-10-02 11:32 - 00073640 _____ () C:\Users\naši\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 19:10 - 2014-10-01 22:25 - 00000000 ____D () C:\Users\naši\AppData\Local\VirtualStore
2014-10-01 19:10 - 2014-10-01 21:39 - 00001397 _____ () C:\Users\naši\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-01 19:10 - 2014-10-01 19:10 - 00000020 ___SH () C:\Users\naši\ntuser.ini
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Šablony
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Soubory cookie
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Poslední
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Okolní tiskárny
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Okolní síť
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Nabídka Start
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Dokumenty
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Documents\Obrázky
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Documents\Hudba
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Documents\Filmy
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\Data aplikací
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 _SHDL () C:\Users\naši\AppData\Local\Data aplikací
2014-10-01 19:10 - 2014-10-01 19:10 - 00000000 ____D () C:\Users\naši\AppData\Roaming\Adobe
2014-10-01 19:10 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\naši\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-01 19:10 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\naši\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-01 16:27 - 2014-10-01 16:30 - 46609821 _____ () C:\Users\tom\Downloads\Aspire_kompilace-v1.4_pro0.9.3.rar
2014-09-30 15:13 - 2014-09-30 15:13 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-30 15:13 - 2014-09-30 15:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-30 15:13 - 2014-09-30 15:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-30 15:12 - 2014-09-30 15:13 - 14108320 _____ (Microsoft Corporation) C:\Users\tom\Downloads\mseinstall (1).exe
2014-09-30 14:41 - 2014-09-30 14:45 - 50814526 _____ () C:\Users\tom\Downloads\Aspire_kompilace-v1.3_pro0.9.3.rar
2014-09-30 13:48 - 2014-09-30 13:48 - 00000000 ____D () C:\Games
2014-09-23 13:43 - 2014-09-23 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-09-23 13:41 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-23 13:41 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-23 13:41 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-23 13:41 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-23 13:41 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-23 13:41 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-23 13:41 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-23 13:41 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-23 13:41 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-23 13:41 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-23 13:41 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-23 13:41 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-23 13:41 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-23 13:41 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-23 13:41 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-23 13:41 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-23 13:41 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-23 13:41 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-23 13:41 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-23 13:41 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-23 13:41 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-23 13:41 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-23 13:41 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-23 13:41 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-23 13:41 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-23 13:41 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-23 13:41 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-23 13:41 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-23 13:41 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-23 13:41 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-23 13:41 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-23 13:41 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-23 13:41 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-23 13:41 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-23 13:41 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-23 13:41 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-23 13:41 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-23 13:41 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-23 13:41 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-23 13:41 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-23 13:41 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-23 13:41 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-23 13:41 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-23 13:41 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-23 13:41 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-23 13:41 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-23 13:41 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-23 13:41 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-23 13:41 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-23 13:41 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-23 13:41 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-23 13:41 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-23 13:41 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-23 13:41 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-23 13:41 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-23 13:41 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-23 12:50 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-23 12:50 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-23 12:50 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-23 12:50 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-23 12:50 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-23 12:44 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\tom\Downloads\produkey
2014-09-23 12:44 - 2014-09-23 12:44 - 00056934 _____ () C:\Users\tom\Downloads\produkey.zip
2014-09-23 12:41 - 2014-09-23 12:41 - 00452694 _____ (Seriennummern.org ) C:\Users\tom\Downloads\ProductKeyReader.exe
2014-09-23 12:39 - 2014-09-23 12:39 - 02639056 _____ (Nsasoft, LLC. ) C:\Users\tom\Downloads\productkeyexplorer_setup.exe
2014-09-02 19:55 - 2014-09-23 13:31 - 00000300 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2014-09-02 19:55 - 2014-09-23 13:24 - 00002572 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2014-09-02 19:52 - 2014-09-02 19:52 - 05798888 _____ (Innovative Solutions ) C:\Users\tom\Downloads\drivermax_7_38_cnet.exe
2014-09-02 19:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 19:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 19:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-02 19:44 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-02 19:44 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-02 19:44 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-02 19:44 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-02 19:43 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-02 19:43 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-02 19:43 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-02 19:43 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-02 19:43 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-02 19:43 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-02 19:43 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-02 19:43 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-02 19:43 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-02 19:43 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-02 14:51 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 14:51 - 2009-07-14 06:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 14:49 - 2009-07-14 17:18 - 00666406 _____ () C:\Windows\system32\perfh005.dat
2014-10-02 14:49 - 2009-07-14 17:18 - 00140102 _____ () C:\Windows\system32\perfc005.dat
2014-10-02 14:49 - 2009-07-14 07:13 - 01577410 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 14:46 - 2014-04-17 23:03 - 01821968 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 14:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 13:56 - 2014-04-29 13:04 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-02 12:04 - 2009-07-14 04:34 - 54263808 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-10-02 12:04 - 2009-07-14 04:34 - 18612224 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-10-02 12:04 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-10-02 12:02 - 2009-07-14 04:34 - 45088768 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2014-10-02 12:02 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-10-02 12:02 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-10-02 11:46 - 2009-07-14 06:45 - 00327944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-02 11:15 - 2014-04-18 00:00 - 00000000 ____D () C:\Windows\Panther
2014-10-01 21:37 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-01 21:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-01 20:54 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-01 19:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-30 18:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-30 15:14 - 2014-04-18 08:48 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-30 13:48 - 2014-06-16 16:59 - 00003826 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1397803375
2014-09-30 13:48 - 2014-04-18 08:42 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-23 13:43 - 2014-04-22 12:14 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-23 13:10 - 2014-04-17 23:34 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-23 13:10 - 2014-04-17 23:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-23 12:57 - 2014-04-29 13:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 12:57 - 2014-04-29 13:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 12:57 - 2014-04-29 13:04 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 08:42 - 2014-04-17 23:35 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 19:55 - 2014-04-17 23:17 - 00001238 _____ () C:\Users\tom\Desktop\DriverMax.lnk
2014-09-02 19:55 - 2014-04-17 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-30 17:27

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.73 GB) (Free:183.29 GB) NTFS
Drive d: (Police) (Fixed) (Total:232.93 GB) (Free:225.99 GB) NTFS
Drive f: () (Removable) (Total:3.83 GB) (Free:0.53 GB) FAT32

Available physical RAM: 2528.13 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A9A1302)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.9 GB) - (Type=05)
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: 00069127)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\na�i\Desktop" je 6 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#9 Příspěvek od **vyosek** » 03 říj 2014 16:42

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:

HKU\S-1-5-21-2938021315-1129681201-3942426646-1003\...\MountPoints2: {ef03ef88-4985-11e4-ac8d-806e6f6e6963} - E:\Autorun.exe

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

2014-10-02 14:50 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Desktop\FRSTLauncher.exe
2014-10-02 14:49 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Downloads\FRSTLauncher.exe
2014-10-02 14:48 - 2014-10-02 14:48 - 02108928 _____ (Farbar) C:\Users\naši\Downloads\FRST64.exe
2014-10-02 12:02 - 2014-10-02 12:04 - 00002480 _____ () C:\Windows\logboot_02.10.2014.tureg.log
2014-10-02 11:46 - 2014-10-02 14:43 - 00000280 _____ () C:\Windows\setupact.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00001056 _____ () C:\Windows\PFRO.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 11:45 - 2014-10-02 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-02 11:38 - 2014-10-02 11:47 - 00006273 _____ () C:\zoek-results.log
2014-10-02 11:37 - 2014-10-02 11:44 - 00000000 ____D () C:\zoek_backup
2014-10-02 11:36 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Desktop\zoek.exe
2014-10-02 11:35 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Downloads\zoek.exe
2014-10-02 11:11 - 2014-10-02 11:12 - 04964488 _____ (Piriform Ltd) C:\Users\naši\Downloads\ccsetup418.exe
2014-10-02 10:55 - 2014-10-02 10:56 - 00000000 ____D () C:\AdwCleaner
2014-10-02 10:50 - 2014-10-02 10:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-02 10:49 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Desktop\adwcleaner_3.311.exe
2014-10-02 10:49 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Desktop\JRT.exe
2014-10-02 10:47 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Downloads\adwcleaner_3.311.exe
2014-10-02 10:46 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Downloads\JRT.exe
2014-10-01 22:16 - 2014-10-01 22:24 - 00000000 ____D () C:\Program Files\trend micro
2014-10-01 22:16 - 2014-10-01 22:16 - 00000000 ____D () C:\rsit
2014-10-01 22:15 - 2014-10-01 22:15 - 01222144 _____ () C:\Users\naši\Downloads\RSITx64.exe
2014-10-01 22:05 - 2014-10-01 22:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\naši\Downloads\HijackThis.exe
2014-10-01 21:25 - 2014-10-01 21:25 - 00003210 _____ () C:\Windows\System32\Tasks\{3DE06A8E-15FB-4D3F-BCEC-20BFF356AD09}
2014-10-01 21:22 - 2014-10-01 21:22 - 00003138 _____ () C:\Windows\System32\Tasks\{55AAAAC4-EB69-4B5F-B356-C584A316B808}
2014-10-01 21:22 - 2014-10-01 21:22 - 00002083 _____ () C:\Users\tom\Desktop\AppsHat.lnk

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

ymo · #10 Příspěvek od **ymo** » 04 říj 2014 10:57

Fixlog zde:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
Ran by naši at 2014-10-04 11:53:28 Run:1
Running from C:\Users\naši\Desktop
Loaded Profile: naši (Available profiles: tom & naši)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKU\S-1-5-21-2938021315-1129681201-3942426646-1003\...\MountPoints2: {ef03ef88-4985-11e4-ac8d-806e6f6e6963} - E:\Autorun.exe

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

2014-10-02 14:50 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Desktop\FRSTLauncher.exe
2014-10-02 14:49 - 2014-10-02 14:49 - 00112640 _____ (forum.viry.cz) C:\Users\naši\Downloads\FRSTLauncher.exe
2014-10-02 14:48 - 2014-10-02 14:48 - 02108928 _____ (Farbar) C:\Users\naši\Downloads\FRST64.exe
2014-10-02 12:02 - 2014-10-02 12:04 - 00002480 _____ () C:\Windows\logboot_02.10.2014.tureg.log
2014-10-02 11:46 - 2014-10-02 14:43 - 00000280 _____ () C:\Windows\setupact.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00001056 _____ () C:\Windows\PFRO.log
2014-10-02 11:46 - 2014-10-02 11:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-02 11:45 - 2014-10-02 11:37 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-02 11:38 - 2014-10-02 11:47 - 00006273 _____ () C:\zoek-results.log
2014-10-02 11:37 - 2014-10-02 11:44 - 00000000 ____D () C:\zoek_backup
2014-10-02 11:36 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Desktop\zoek.exe
2014-10-02 11:35 - 2014-10-02 11:36 - 01290752 _____ () C:\Users\naši\Downloads\zoek.exe
2014-10-02 11:11 - 2014-10-02 11:12 - 04964488 _____ (Piriform Ltd) C:\Users\naši\Downloads\ccsetup418.exe
2014-10-02 10:55 - 2014-10-02 10:56 - 00000000 ____D () C:\AdwCleaner
2014-10-02 10:50 - 2014-10-02 10:50 - 00000000 ____D () C:\Windows\ERUNT
2014-10-02 10:49 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Desktop\adwcleaner_3.311.exe
2014-10-02 10:49 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Desktop\JRT.exe
2014-10-02 10:47 - 2014-10-02 10:48 - 01375089 _____ () C:\Users\naši\Downloads\adwcleaner_3.311.exe
2014-10-02 10:46 - 2014-10-02 10:47 - 01701878 _____ (Thisisu) C:\Users\naši\Downloads\JRT.exe
2014-10-01 22:16 - 2014-10-01 22:24 - 00000000 ____D () C:\Program Files\trend micro
2014-10-01 22:16 - 2014-10-01 22:16 - 00000000 ____D () C:\rsit
2014-10-01 22:15 - 2014-10-01 22:15 - 01222144 _____ () C:\Users\naši\Downloads\RSITx64.exe
2014-10-01 22:05 - 2014-10-01 22:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\naši\Downloads\HijackThis.exe
2014-10-01 21:25 - 2014-10-01 21:25 - 00003210 _____ () C:\Windows\System32\Tasks\{3DE06A8E-15FB-4D3F-BCEC-20BFF356AD09}
2014-10-01 21:22 - 2014-10-01 21:22 - 00003138 _____ () C:\Windows\System32\Tasks\{55AAAAC4-EB69-4B5F-B356-C584A316B808}
2014-10-01 21:22 - 2014-10-01 21:22 - 00002083 _____ () C:\Users\tom\Desktop\AppsHat.lnk

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2938021315-1129681201-3942426646-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef03ef88-4985-11e4-ac8d-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{ef03ef88-4985-11e4-ac8d-806e6f6e6963}" => Key not found.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
"C:\Users\naši\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\naši\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Users\naši\Downloads\FRST64.exe => Moved successfully.
C:\Windows\logboot_02.10.2014.tureg.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\naši\Desktop\zoek.exe => Moved successfully.
C:\Users\naši\Downloads\zoek.exe => Moved successfully.
"C:\Users\naši\Downloads\ccsetup418.exe" => File/Directory not found.
C:\AdwCleaner => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\naši\Desktop\adwcleaner_3.311.exe => Moved successfully.
C:\Users\naši\Desktop\JRT.exe => Moved successfully.
C:\Users\naši\Downloads\adwcleaner_3.311.exe => Moved successfully.
C:\Users\naši\Downloads\JRT.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\naši\Downloads\RSITx64.exe => Moved successfully.
C:\Users\naši\Downloads\HijackThis.exe => Moved successfully.
C:\Windows\System32\Tasks\{3DE06A8E-15FB-4D3F-BCEC-20BFF356AD09} => Moved successfully.
C:\Windows\System32\Tasks\{55AAAAC4-EB69-4B5F-B356-C584A316B808} => Moved successfully.
C:\Users\tom\Desktop\AppsHat.lnk => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => Moved successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 355.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#11 Příspěvek od **vyosek** » 04 říj 2014 21:28

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

ymo · #12 Příspěvek od **ymo** » 05 říj 2014 10:42

Systém, zdá se, funguje bez problému, díky moc, zašlu podporu

#13 Příspěvek od **vyosek** » 05 říj 2014 14:12

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

Za podporu fora jmenem celeho tymu dekuji

A na zaklade Pravidla o zamykani temat

VIRY.CZ

nainstalovany shopper pro a jina havet

nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet

Re: nainstalovany shopper pro a jina havet